Help center support eXpress
We have collected answers to all the most popular questions to make it easy and convenient for you to use eXpress. If you do not find the answer to your question, please contact our support team.
- Welcome to eXpress
- Introducing eXpress & Glossary
- Installation & Updates
- Registering & Logging In
- User Profile
- Chats, Channels & Threads
- Contacts
- Tags & Tabs
- Files
- Calls & Conferences
- Push Notifications & Counters
- Fixing the Background Work on Android
- Bots & Smart Apps
- Diagnostic Information & Logs
- Clearing App Cache
- Аdmin Panel
- Technical Support for Admins
- Database Modifications Policy
- eXpress Documentation
- Privacy Policy
- Licensing conditions
Аdmin Panel
- Admin Panel: General Information
- Users
- Chats (RTS, CTS, ECTS)
- Open Chats (CTS, ECTS)
- Calls (RTS, CTS, ECTS)
- Conferences (RTS, CTS, ECTS)
- Profile Change Request List (CTS, ECTS)
- Logout List (CTS, ECTS)
- Administrators
- Servers
- Bots (CTS, ECTS)
- Internal Bots
- External Clients Users (CTS, ECTS)
- UI Alerts (RTS, ETS)
- Containers
- Audit
- Stickers
- Call Backgrounds (CTS, ECTS)
- Catalog (CTS, ECTS)
- Statistics
- Role Model (CTS, ECTS)
- Role Model Rules (CTS, ECTS)
- User Groups (CTS, ECTS)
- Call Reports
- Call Recordings (CTS, ECTS)
- SMS Statuses (RTS, ETS)
- Administrators Authentication
- Audit Settings
- Global Chat
- Global Bots
- Links to Chats/Calls (CTS, ECTS)
- Push Service (RTS, ETS)
- File Service
- User Session (CTS, ECTS)
- Registration Settings (CTS, ECTS)
- Active Directory (Method) (CTS, ECTS)
- E-mail (Method) (CTS, ECTS)
- OpenID (Method) (CTS, ECTS)
- Profile Fields Visibility (CTS, ECTS)
- E-mail (CTS, ECTS)
- Getting Started Instruction (CTS, ECTS)
- Blocked Users (CTS, ECTS)
- VoEx (RTS, CTS, ECTS)
- Server
- Support Info
- Registration Instruction (ETS)
- SmartApps (CTS, ECTS)
- Mobile / Web and Desktop Menu Configuration (CTS, ECTS)
- Activations
- SMS (RTS, ETS)
- Adapters (RTS, ETS)
- Masks (RTS, ETS)
- Security (RTS, ETS)
- CAPTCHA (RTS, ETS)
- Suggests (RTS, ETS)
Admin Panel: General Information
Below is a brief overview of the admin panel sections. RTS/ETS and CTS/ECTS settings vary depending on the server's purpose. The full list of features is described in the admin guides.
Authorization in the Admin Panel 
Who Has Access to the Admin Panel?
Access to the corporate server admin panel (CTS, ETS, ECTS) is granted to system administrators and support staff of the organization or the vendor. Access to the regional server admin panel (RTS) is restricted — for RTS-related requests, contact eXpress support.How to Get Access?
VPN may be required for access. Credentials and access levels should be confirmed with responsible personnel in your organization.What Is the Address of My Web Console?
Admin panel URL:https://server_FQDN/admin/session
. The link may include an additional secret phrase.
Cannot Log In Due to Exceeding the Number of Login Attempts. What to Do?
If you encounter the error Login blocked (Exceeded max unlock attempts), contact another administrator to unlock it in the Administrators section > select the account > Unblock.Admin Panel Interface Language 
Is the Language Set Automatically?
The admin panel language depends on browser settings. Available languages: Russian, English (default).How to Change the Language of the Admin Panel?
- Set the desired language as primary in your browser settings.
- Or manually change the
_admin_locale
parameter in Cookies via the developer console:- Open the admin panel.
- Press F12 (or Fn + F12).
- Go to Application > Cookies > select the server address.
- Find
_admin_locale
and change the value toru
(Russian) oren
(English). - Refresh the page.
Miscellaneous Questions
Is It Possible to Set a Time Zone for the Time in the Admin Panel?
No. In the admin panel, time is displayed in UTC format.When Opening an Exported CSV File in Excel, “Garbled Characters” Are Displayed. Is This a Bug?
CSV files are exported in UTF-8 encoding. Since Microsoft Excel defaults to windows-1251, for proper data display, import the CSV via the Data > From Text/CSV menu instead of opening the file directly.Users
This section contains a list of users and bots on the corporate server.
Searching for Users
In the search field on CTS and ECTS, you can search for users by HUID, name, email, domain, and position as specified in their corporate account. On RTS and ETS, you can search for users by name, phone number, as provided by the user during initial registration or later in profile settings in eXpress.
Creating Users
You can manually create a new user on the corporate server by clicking the corresponding button or set up the automatic synchronization.
How to Bulk Create Users Manually?
Contact eXpress support team for instructions.
Migrating From Manual to Synced Accounts?
If you recently configured synchronization, delete old manual accounts with duplicate emails to avoid conflicts with new synced accounts.
What Authentication Methods Are Available for Manually Created Users?
Such a user will only be able to log in via email. To use other methods when synchronizing with a corporate directory (e.g., Active Directory), create users in the directory, not manually on the corporate server!
Can User Synchronization and Manual Creation Be Used Simultaneously?
Yes. This allows you to, for example, sync organization employees from a directory while manually adding external contractors. This only works with Email authentication — both manually created and synced users will log in using email codes.
How to Connect Users Not Listed in the Corporate Directory?
To connect external users (partners, contractors) who are not in the organization's directory to the corporate server:
- Create profiles for external users in the Users section manually.
- In the “Registration Settings” section, switch the authentication method to Email.
This way, both external users and those synchronized from the directory will log into their corporate account via an email code.
How to Properly Transfer User Credentials?
When providing corporate data, always inform users:
- To log into the app with their phone number if they have previously used it.
- A phone number can be added later, but only if there is no account already linked to it.
This preserves their chat history if they previously used a phone number, as well as when changing logins or switching to another server.
Editing, Blocking and Deleting Users
Action | Manually created User | Synchronized User |
---|---|---|
Editing | Click the pencil button on a user in the list to edit their data. | To modify a synced user's data, edit them in the directory and perform synchronization. |
Blocking | You cannot block a user through the admin panel. | Blocking via AD/OpenID is supported. |
Deleting | To delete a user:
|
To delete a synced user: log them out, remove their sync group in AD or role in OpenID, then synchronize — the profile will disappear from the list. |
Which Users Can Be Edited or Deleted in the Admin Panel?
You can only modify or delete users who were created manually or via self-registration with an email mask (logout is also required before deletion).
Why Can't Email Be Edited?
The email field is non-editable, as it serves as the login.
How to Change User Login Properly?
Refer to this guide.
I Blocked a User in the Directory, but They Did Not Leave the Server. Why?
In addition to blocking in the corporate directory, you also need to confirm the logout request for the user so they are no longer bound to the corporate server, or configure automatic logout.
Exporting the User List
The Download as .CSV button downloads the user list in CSV format. This list can later be imported into a group chat or channel for bulk user additions. To filter the exported list, use the search function. When clicking the button, you will be prompted to select user types for export:
User type | Description |
---|---|
cts_user |
Registered active corporate users. |
unregistered |
Unregistered inactive users. |
botx |
Bots and Smart Apps. |
User Profile 
Clicking on a user opens their profile information:
Field | Description |
---|---|
HUID | The user’s unique identifier. |
Company details, position, etc. | Filled manually by the administrator or synchronized automatically. |
RTS ID/ETS ID/CTS ID | the registration server ID. To determine the specific server address, find this ID in the “Servers” section. |
Type of the profile |
|
Registration type |
|
AD groups | Displayed for users synchronized from Active Directory. |
Dates of account creation, update, or deletion | Updated upon server login or synchronization |
Profile Buttons
At the top, there are buttons to manage the user or view additional information.Button | Description |
---|---|
Activations | Active and completed sessions:
Available actions for activations:
|
Blocks | List of account blocks in Active Directory and their reasons. |
Keys | User's public encryption keys:
There may be multiple keys, distinguished by version and date/time. |
Chats | List of all user chats. |
Recovering keys in chats | Fixes encryption key issues in chats (details). |
Clean cache | Clears local chat/contact cache on all user devices. |
Clean all | Deletes cache and forces a return to the login screen on all user devices. |
Logout | Sends a request for logout from the corporate server (requires administrator confirmation in the “Logout Requests” section). |
What Happens When Users Get New Keys?
New keys (cts/rts for corporate users or rts for public users) are generated when:
- Resetting the personal encryption password.
- After account deletion and re-registration.
The ed25519 session signing keys are generated when users start a new device session.
After logout, key synchronization between servers is forced upon re-login.
Chats (RTS, CTS, ECTS)
This section provides a complete list of all chats and channels of users on the current server.
Searching for Chats
In the search field, you can find chats by:
- Chat ID
- Chat name
- HUID of a user (to find their “Saved Messages” chat)
Chat Properties 
When clicking on a chat, the following information is displayed:
Field | Description |
---|---|
ID | The unique chat identifier. |
Description | Filled in by the chat creator or administrator. |
Active | The chat activity status:
|
Type | Chat type:
|
Members | Chat participants (the full list is available via the Members button at the top of the interface). |
Created at | The timestamp the chat was created. |
Chat Buttons
The following buttons are available in the interface:
Button | Description |
---|---|
Members | Managing chat participants:
|
Events JSON/Events table | The chat event log in JSON format or in table view.
When a message is deleted "for everyone" on the server, it is not completely removed—the content is erased, but the fact that the message existed remains. This is useful for diagnostics and internal investigations.
|
Chat JSON | Chat summary in JSON format. |
Make the chat open/private | Makes the chat or channel available/unavailable in the corporate catalog. |
Enable/Disable end-to-end (e2ee) encryption | Managing end-to-end encryption of messages in a group chat or channel. |
Additional Questions
How Do I Know if a Chat Has Open History? 
There will be Make chat private button available in the chat's properties. Also, in the Chat JSON section, the sharedHistory:true
indicator can be used to determine if the chat history is open. This indicator appears when end-to-end encryption is disabled in the admin panel (available only for chats).
Where to Find Information About E2EE Deactivation Date/Time? 
There's only an indirect way to determine this. In chat properties, open the Events table section. For messages (events with type message_new
), check the key_id
values in the keys
section:
- If only a shared server key is specified (sometimes several server keys may be present), this means end-to-end encryption was disabled when the message was sent.
- If multiple participants' personal keys exist — encryption was enabled when the message was sent.
Open Chats (CTS, ECTS)
This section displays the full list of open chats and channels on the server available in the corporate chat directory. Users can join them independently via the catalog. The section is only accessible for CTS and ECTS.
Searching for Open Chats
In the search field, you can find open chats by ID or name.
Open Chat Properties
Clicking on a chat will open its detailed information (see above).
Creating Open Chat
The Create button allows you to create a new open chat on the server.
I Created an Open Chat. How to Add Users?
The first participant of an open chat cannot be added via the admin panel. The user must join independently through the chat catalog in the client app. After that, you will be able to add the rest through the admin panel.
Calls (RTS, CTS, ECTS)
In the Calls section, a complete list of all completed and current calls on the server is displayed. Conferences are not shown in this list — they have a separate section with the similar controls.
Searching for Calls
In the search field, you can find calls by:
- date and time
- chat name
- chat ID
- call ID
- HUID, email or name of a participant
Call Logs
The Download logs function is available to download call logs as a ZIP archive.
What Does the "Bad" Label Mean?
If a user left feedback about a past call, the log will have a bad mark. The archive will contain:- logs from the participant who left feedback
- the call_id_issue.json file — the other field contains the user's feedback (if any)
How to Delete All Call Logs?
The Clear logs button deletes all call logs on the server.
Ending a Call
The cross button forcibly ends a call (use for stuck calls).
Information About the Group Chat Where the Call Took Place
Clicking on the chat ID opens information about the chat where the call was held (see above).
Call Properties 
Clicking on the call ID displays the following information:
Entry | Description |
---|---|
Voex call [ID] | The unique call identifier in the page header. |
room_id | The call chat (room) identifier. |
Call Participants | Detailed information in the table:
|
Conferences (RTS, CTS, ECTS)
This subsection contains tools for working with conferences, similar to call tools.
There Is a Conference Between Participants from This and Another Server. Why Isn't It in the List?
Conferences are displayed in this list only if they were created on the current server.
Profile Change Request List (CTS, ECTS)
This section was introduced in server software version 3.33. Here, the administrator can approve or reject user requests to change profile picture (avatar) if moderation is enabled in the “Server” section.
❓Related Topics:
Logout List (CTS, ECTS)
This section displays a list of users for whom a logout request has been sent:
- by the user;
- via the corporate server administrator;
- due to an event in the corporate directory.
Here, you can view user information, check the logout reason, and Accept or Reject the request. This section is only available for CTS and ECTS.
Why Aren't Logout Control Buttons Working?
Note that if the admin panel is not opened via the server's FQDN address, the Accept or Reject buttons will not work.
Logout Reasons
Reason | Description |
---|---|
user_request |
The logout request was sent by the user. This means the user tapped the Leave the server button in the profile using one of their devices. On other devices, they will continue working as usual. Clarify the reason from the user. If this request is erroneous, the user can log in again with the same credentials — the logout request will disappear automatically (after refreshing the admin page), or can be declined manually. |
PWD_last_set_changed |
Logout due to a password change in AD. The user will be signed out from all their sessions. The “Incorrect Login or Password” error will occur when trying to sign back in using AD credentials. After the user logs in with a new password, the logout request will disappear automatically (after refreshing the admin page). In case of any signing in problems press the Clear cache button in the user's profile in the admin panel. |
account_disabled |
The account was disabled in AD. The user will be signed out from all their sessions. The “Incorrect Login or Password” error will occur when trying to sign back in using AD credentials. After the account gets enabled and user logs in back to the server, the logout request will disappear automatically (after refreshing the admin page). |
account_deleted |
The account was deleted by a user. Account deletion cannot be canceled, even if you withdraw the logout request with this reason. To release the corporate account from being linked to the deleted account, you must either confirm the request or enable auto-confirmation for this type of request (details available from eXpress support). |
lockout |
The user was locked out in AD. The user will be signed out from all their sessions. After the account gets unlocked and the user logs in back to the server, the logout request will disappear automatically (after refreshing the admin page). |
password_expired |
The password expired in AD. The user will be signed out from all their sessions. The “Incorrect Login or Password” error will occur when trying to sign back in using AD credentials. After the user logs in with a new password, the logout request will disappear automatically (after refreshing the admin page). In case of any signing in problems press the Clear cache button in the user's profile in the admin panel. |
account_expired |
The account expired in AD. The user will be signed out from all their sessions. The “Incorrect Login or Password” error will occur when trying to sign back in using AD credentials. After the account gets prolonged or a new one is created and the user logs in back to the server, the logout request will disappear automatically (after refreshing the admin page). |
admin_request |
A logout request from an administrator. When this request is submitted, user sessions will not be ended. |
excluded_from_search_filter |
The Automatic logout when synchronization with AD is excluded from the selection checkbox is enabled in the Active Directory section, and the user was excluded from the selection (e.g., removed from an AD sync group). The user will be signed out from all their sessions. The user can sign back in, but they will be kicked out again during the next synchronization until the group is added. |
Accepting Logout Request
After clicking Accept, the user's corporate account is detached from the personal account and changes to the unregistered
status.
Bulk Selection of Requests
Starting from server software version 3.27, multiple logout requests can be selected using checkboxes. To select all entries (the top checkbox in the first column), first specify the logout reason in the filter. If no filter is applied, bulk selection is unavailable — entries will need to be marked manually.
Deleting an Account After Logout 
After logout, the account remains in the list in the “Users” section. The deletion method depends on the account type:
Account Source | Deletion |
---|---|
Manually created in the admin panel | Deleted via the trash icon in the Users list. |
Synchronized from the AD corporate directory | Disappears after deleting the synchronization group in Active Directory. |
Synchronized from OpenID | Deletion is impossible in server software versions prior to 3.40. In versions 3.40 and later, it's possible when the Delete user profiles when logout is confirmed checkbox is enabled in OpenID synchronization settings. |
Administrators
Configuring user access to the admin panel. You can create and view users and groups.
Creating an Admin Panel User
To create a user for the admin panel, in the Administrators section, click Create. Specify the login, password, group memberships, and the account expiration date (check the Enable block box and enter the date below).
What are the Administrator Password Requirements?
The password must contain:
- A special character:
#!?&@$%^*()
. - A lowercase letter.
- An uppercase letter.
Minimum password length is 8 characters.
Creating a Group
To create a group, in the Administrators section, click List groups > Create. Specify the group name, the corresponding LDAP group, and configure permissions for the admin panel sections: no (no access), read (view only), write (edit).
Servers
This section displays all servers connected to this server: RTS, CTS (ECTS), ETS, Trusts, as well as the routing scheme Graph with all connected servers.
Server Status Indicators
Индикатор | Описание |
---|---|
🟢 | A green indicator next to the server name means the server is available and connected. |
🔴 | A red indicator indicates no connection. |
🟣 | Purple — server is blocked on RTS/ETS by its admin. |
Deleting a Server
The trash bin button deletes a server record (token) or a trust connection.
Why Delete a CTS Record from RTS/ETS?
Deleting an inactive server may be necessary if a user needs to register on a new server, but the old server is physically unavailable, yet its record remains on RTS/ETS. Deleting from RTS can only be done through eXpress support. Deletion is only allowed if the server cannot be restored!
Searching for Servers
In the search field on the corresponding tab, you can find servers by ID, name, or address.
Adding a New Server
Click the Create button to add a new server for connection to the current server. More info in the admin guides.
Trust Connections
The Trusts tab displays trusted connections of this server to other corporate servers.
How to Configure Visibility of Contacts from a Trusted Server?
The Allow trust search option (when editing the trust connection) determines whether users of the trusted server can search for users on the current server.The Trust search setting in the Server > Server Features section manages trust search for all servers with the Allow trust search option enabled.
Server Properties
Clicking on a server opens information about it and its connection. Here, you can manage the connection, edit server properties, or delete it.
Changed the CTS Host. What Needs to Be Done on RTS/ETS?
If a server's host has changed, edit the record and specify the new address. Connected clients will encounter a connection error, and users may need to relogin to the client. The chat history will be preserved.
⚠️ If a suggest for simplified authentication was previously configured on RTS/ETS for the server, it will need to be recreated (simply re-saving is sufficient).
Bots (CTS, ECTS)
This section allows you to configure and connect chat bots and Smart Apps on the corporate server. It is only available for CTS and ECTS.
You can enable or disable already added bots and Smart Apps, modify their properties, avatar, visibility in the chats catalog, access settings including visibility for user groups in the role model (starting from server version 3.21), and other options.
For more information on administering bots and Smart Apps, see the admin guides.
What Are the Requirements for Bot Avatars?
Image dimensions 512 by 512 pixels, PNG/JPG format.
Internal Bots
In this section, you can configure built-in bots and connect them to the global chat:
Внутренний бот | Описание |
---|---|
Conference Notifier bot | Notifies users about upcoming conferences. It also allows you to set up regular reminders for standing conferences. |
Notifications bot | A bot for sending messages to the global chat. |
Recordings bot | A bot for notifications about ready call recordings. |
For more information on administering bots, see the admin guides.
External Clients Users (CTS, ECTS)
This section is designed for configuring integration with external systems (currently in development). Such accounts are created for computers in meeting rooms or in other cases when logging into the application requires using a non-personalized account.
How to Edit an External Client User?
To modify the data of an external client user (for example, their email), locate them on the “Users” page.
Can I Create an Account Here for a Colleague from Another Organization?
⚠️ No! Do not create regular users here who need to log in to your corporate server in the main app. Use the “Users” section.UI Alerts (RTS, ETS)
A UI Alert is a trigger that blocks the use of the client application if its version is lower than the specified one. The list displays created UI Alerts. This section is available only for RTS and ETS.
Creating a New UI Alert
Click the Create button to create a new UI Alert. Field descriptions:
Field | Description |
---|---|
Platform | The client platform for which the trigger is intended. |
Must update to version | The minimum required client version for the selected platform (format x.x.x: major version.minor version.patch). |
Update kind | Actions required from the user:
|
Containers
This section displays a list of all Docker containers on the server. Here you can:
- View the container version
- Check its status
- Review container logs
Viewing Container Logs
To view logs of a container from the corporate server, see the guide.
More info on working with containers in admin guides.
Audit
This secrion displays the actions log of administrators in the Admin panel or users in the app (if their client request reached the server). The following events are displayed in this section:
- User login attempts to the corporate server (e.g.
cts_user_registration_failed
) - Administrator login attempts to the admin panel
- Logout requests (e.g.
user_logout_confirmed
) - User settings changes
- Server settings changes
The displayed event table can be filtered and downloaded as a CSV file.
How to View the Audit Event?
To check details of an event (admin/user name, IP address, error details, etc.), click the event ID in the first column.
More details about the section are in the admin guides.
Stickers
This section displays sticker packs added to the server.
Creating and Editing a Sticker Pack
To create a new sticker pack, click the Create button. To edit a pack, click its ID.
In the sticker editor, you can:
- Add or remove stickers
- Make a sticker pack public
- Select a sticker to preview the pack
What Does “Public” Mean?
A public sticker pack becomes available to all server users—they can find it in the server’s sticker catalog and add it to their collection.
How to Insert an Emoji for a Sticker?
OS | Steps |
---|---|
Windows | Press the keys Win+. or Win+; |
macOS | Press the keys Cmd+Ctrl+Space |
Linux | There is no single standard in Linux, but a method usually exists:
|
What Are the Requirements for Sticker Images?
Requirement | Description |
---|---|
File format | PNG with transparent background |
Maximum file size | 512 KB |
Image dimensions | It must fit within a 512×512-pixel square (one side—512 pixels, the other—512 pixels or less) |
Deleting a Sticker Pack
To delete existing sticker packs, click the trash bin button.
Call Backgrounds (CTS, ECTS)
This section allows you to manage virtual backgrounds for calls and conferences that will be available to all users on this server.
Catalog (CTS, ECTS)
This section allows you to manage the display order of chats, channels, and bots in the corporate catalog. This section is only available for CTS and ECTS.
Statistics
This section displays server statistics for users, chats, messages and group calls.
Where Does the Statistics Data Come From?
It is sourced from the built-in Prometheus monitoring software, where the default retention period is set to 2 weeks.
This Statistics Is Not Enough. Can Other Tools Be Used?
Yes. For longer storage and creating custom dashboards, it is recommended to export data from the built-in Prometheus to another compatible tool. Contact eXpress support for assistance with configuration.
Role Model (CTS, ECTS)
The role model configures security policies for different user groups and the current server.
What Is the Purpose of the Role Model?
The role model allows you to:
- prevent data leaks in advance
- simplify the process of imposing restrictions on employees and partners of the organization
- manage access to app features based on various attributes
Basic Settings
The Role model activated toggle allows you to enable or disable the role model on the server.
Below is a list of categories and rules created under them. For each rule, the following is displayed:
- Rule name
- Description
- Status (here you can activate or pause the rule)
- Rule properties
- edit, duplicate, and delete buttons
Why Didn't the Role Model Restriction Work?
⚠️ Note that for new rules to take effect or to activate/deactivate the role model, users will need to restart the client app or turn off and on the Internet on their devices.
For changes to apply in the Android app, you need to close it and wait about 2 minutes before relaunching it — modern Android operating systems may not terminate the app immediately.
⚠️ Also the role model temporarily not supported in the Aurora app.
Besides Restrictions, What Else Will Stop Working If the Role Model Is Disabled?
When the role model is not active, the availability settings for Smart Apps to user groups also stop working.
Role Model Setup Approach 
To avoid difficulties when setting up the role model from the very beginning, configure it using the following steps:
- Clearly define which specific action and which users need to be restricted using the role model.
- Create, configure, and test a user group. A target user group is required for most role model rules.
- Create and configure a rule suitable for your task.
Role Model and CDTN Contour Settings 
All role model settings (both user groups and rules) involving external/internal contours use the internal contour IP mask value specified in the Contour group under the File Service section.
How Do the Role Model and CDTN Rules Interact?
When configuring the role model for file-related restrictions, keep in mind that they may overlap with rules configured for the Corporate Data Transmission Network (CDTN) contour:
- if a file action is restricted in the role model but not in the CDTN settings — the role model will restrict the action;
- if a file action is restricted in the CDTN settings but not in the role model — the CDTN will restrict the action.
Thus, simultaneously enabled CDTN contour and role model restrictions are cumulative.
Can the Contour Be Used Only in the Role Model?
To use the contour in the role model without CDTN contour restrictions:
- Enable the CDTN contour in the File Service section, set any in all settings fields, and enter the list of IPs/masks for the internal contour. The role model will use the specified internal contour.
- In the role model user group settings, select Internal contour to apply rules to users inside the specified CDTN contour or External contour to apply rules to users outside the CDTN contour.
- Create a role model rule targeting this user group.
In the future, the CDTN contour settings are planned to be fully moved to the role model section.
Role Model Rules (CTS, ECTS)
Is It Possible to Grant Permissions to Users in the Role Model?
No. All role model rules are prohibitive only. The role model configures what is prohibited for a specific user or group of users (unlike the CDTN contour in the File Service section, where what is permitted is configured).How Is the Attachment Type Determined?
When viewing/saving, all attachments in web/desktop and mobile apps are determined by extension — downloaded as photos/videos or as documents. Therefore, the prohibition on downloading/saving documents applies only to document extensions.
Creating a Role Model Rule 
To create a new rule, click Create new rule and configure it.
Rule Configuration Fields
Field | Description |
---|---|
Rule name | At the administrator’s discretion. It is recommended to use a unique name that reflects the essence of the prohibition. |
Rule description | Optional field, but recommended to fill out. |
User groups | Mandatory field. Select a pre-created group (in the “User Groups” section). |
Scope | Where the rule applies:
|
Rule action | Mandatory field. Select the action type:
|
Attachment Type | Mandatory field for file-related rules. Select the attachment type:
Multiple types cannot be selected. Create a separate rule for each type if necessary.
|
After creating the rule, don’t forget to activate it.
Restriction Target, Global and Local Rules for Chats 
The fields chat participant type (Select users whose presense in the chat prohibits the action) and chat type (Select the chat type to be restricted) in the Restriction target group can be left empty — then the rule will apply globally. If at least one of these fields is filled, the rule works locally (becomes narrowly targeted).
The list of fields in the restriction target depends on the selected attachment type and the rule itself.
Global Rule for Chats
Applies to all user chats. The server sends the rule to the client when logging into the app and when reconnecting to the server.
Fields that, when filled, keep the rule global:
- Select users whose attachments are restricted
- Maximum file size (MB)
- Type of restricted extentions (relevant only for documents; images and videos are not checked by extension type)
A global rule can be created without attributes by filling only the fields Rule name, User groups, Rule action, and Attachment Type. This means that attachments from any users, of any size, and with any extension will be prohibited.
- If the extension and size of attachments are not specified, a prohibition is created for the selected attachment type with all its extensions and sizes (e.g., prohibiting sending any documents in a chat)
- If chat type (Select the chat type to be restricted) or chat participant type (Select users whose presense in the chat prohibits the action) is not specified, the prohibition applies to all user chats and channels
- If sender (Select users whose attachments are restricted) is not specified, the prohibition applies to attachments received from any user
By default, if an attribute field is not filled, the attribute has the value “all”.
Local Rule for Chats
Applies to specific user chats based on specified attributes. The server sends the rule to the client when entering a specific chat, channel, or thread.
The rule becomes local when these fields are filled:
- chat participant type (Select users whose presense in the chat prohibits the action)
- chat type (Select the chat type to be restricted)
When filling the chat participant type (Select users whose presense in the chat prohibits the action) or chat type (Select the chat type to be restricted) field, you can specify excluded chats in the Exception chats field. Excluded chats do not apply to global rules.
In addition to chat attributes, local rules can include the fields size (Maximum file size (MB)), extension (Type of restricted extentions), or sender (Select users whose attachments are restricted).
Attribute Combinations
Attachment attributes: sender, size, extension. Chat attributes: chat participant type, chat type.
If chat attributes are not specified, rules for attachment attributes apply globally. If chat attributes are specified, rules apply only in the specified chats.
How multiple attributes are combined:
Server Version | Combination |
---|---|
Pre 3.46 | Attributes do not depend on each other; the logical “OR” rule applies between them. |
3.46 and above | Attributes are combined using “AND”, meaning the restriction will only trigger if all assigned conditions are met simultaneously. ⚠️ After updating to 3.46, migration will occur: old rules with multiple attributes will be split into smaller rules with a single attribute after migration. |
- Prior to version 3.46,
- Starting from version 3.46,
Examples:
- if for the attachment type Documents, you specified size = no more than 30 MB, and in the extension type field — pdf, pptx, a rule with two attributes is created:
- prohibited action with all documents over 30 MB (any extension)
- prohibited action with files of extensions pdf and pptx (any size)
- when both Chat participant type and Chat type are filled, the rule applies:
- Prior to version 3.46:
- in chats that match the value of the Chat participant type field
- in chats that match the value of the Chat type field
- From version 3.46 and above: the rule will apply to a chat that matches the value of both the Chat participant type field AND the Chat type field in the rule
- Prior to version 3.46:
- if for the attachment type Documents, you specified size = no more than 30 MB and selected a chat type, the action will be prohibited for all documents larger than 30 MB with any extension in chats of the selected type
What Happens If Multiple Restrictions Are Configured for a Single User Group?
Since role model rules operate only on a denial basis, when configuring multiple different prohibitions for a user group, they are cumulative and apply simultaneously.
Rules for Smart Apps 
Role model rules can be configured not only for messenger chats but also for Smart Apps.
What Can Be Restricted in Smart Apps?
Prohibitions for Smart Apps apply only to actions with attachments in them. Actions with the content itself (e.g., forwarding an email in the Email Smart App) cannot be controlled via the role model.
For example, when configuring the restriction for sending/forwarding attachments for Smart Apps, the user is prohibited from uploading and sending attachments. However, if the user receives an email with an attachment and tries to forward it, this action will be allowed because the Email Smart App uses existing attachments uploaded by another user when forwarding. With any prohibition in place, the user can forward an email with attachments or reply to it.
Configuring Rules for Attachments in Smart Apps
In a Smart App rule, you can specify:
- application to all Smart Apps (with the option to specify exceptions)
- application to specific Smart Apps
Attachments in Smart Apps can be restricted entirely or by file size/extension. Smart Apps handle attachments differently on platforms:
Client platform | Description |
---|---|
Web/Desktop | In Smart Apps in web/desktop apps, the attachment type cannot be selected when sending — photos and videos are sent only as photos or videos; they cannot be sent as documents. |
Android, iOS | In Smart Apps in mobile apps, the attachment type can be specified when sending. Prohibitions trigger based on the attachment type in the rule and the selected type when sending. For example, if sending all documents is prohibited in the mobile app, photos or videos cannot be sent as documents. |
Rules for Smart Apps Chat Bots
Role model rules for Smart Apps also apply in chats with their bots:
- in a 1-on-1 chat with a Smart App bot, only Smart App rules apply
- in a 1-on-1 chat with a regular bot (not a Smart App), global or local rules for chats apply
- in group chats and channels with any bot, global or local rules for chats apply
Searching and Checking Role Model Rules by User 
To search and check rules, use the search field at the top of the page.
Searching for a rule by the user it applies to is performed only by the user HUID.
Search works by name (entered in the top search field), connection type, platform, and status.
“Sending/forwarding attachments in chats is not allowed” Rule 
This rule can apply to both the messenger and Smart App. See below for descriptions of the rule fields and their actions.
Select users whose presence in the chat prohibits an action
Not applicable to Smart Apps, only applies to the messenger.Type | Results | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||
Documents |
|
Select the chat type to be restricted
Not applicable to Smart Apps, only applies to the messenger.Type | Results | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||
Documents |
|
Enter server IDs to which you want to prohibit sending attachments
Sending attachments to the server IDs specified here will be prohibited. You can specify a CTS ID (regular corporate server), ECTS ID (corporate server under ETS), RTS ID (public server).Apply in all SmartApps/Apply in specific SmartApps
Not applicable to the messenger, only applies to Smart Apps and personal chats with their bots.Тип | Results |
---|---|
Images | In all or specific Smart Apps and in personal chats with their bots, a user in the group will not be able to attach and send an image.
When attempting to send or forward an image, the user in the group will see “This chat has restrictions on sending” in the bot chat or “Sending images is restricted” in the Smart App. |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
In all or specific Smart Apps and in personal chats with their bots, a user in the group will not be able to attach and send a video. When attempting to send or forward a video, the user in the group will see “This chat has restrictions on sending” in the bot chat or “Sending videos is restricted” in the Smart App. |
Documents | In all or specific Smart Apps and in personal chats with their bots, a user in the group will not be able to attach and send a document.
When attempting to send or forward a document, the user in the group will see “This chat has restrictions on sending” in the bot chat or “Sending documents is restricted” in the Smart App. |
Enter the maximum file size
Applies to both the messenger and Smart Apps (including personal chats with Smart App bots).Type | Results |
---|---|
Images | When attempting to send an image larger than the specified size, the send button will be inactive for the user in the group, and “Sending images over N MB is restricted” will appear below the image.
When attempting to send or forward an image larger than the specified size, the user in the group will see “Forwarding images is restricted.” |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
When attempting to send a video larger than the specified size, the send button will be inactive for the user in the group, and “Sending videos over N MB is restricted” will appear below the video (up to 50 MB). When attempting to send or forward a video larger than the specified size, the user in the group will see “Forwarding videos is restricted.” |
Documents | When attempting to send a document larger than the specified size, the send button will be inactive for the user in the group, and “Sending documents over N MB is restricted” will appear below the document.
When attempting to send or forward a document larger than the specified size, the user in the group will see “Forwarding documents is restricted.” |
Enter the type of restricted extentions
Applies to both the messenger and Smart Apps (including personal chats with Smart App bots).Type | Results |
---|---|
Images | Not applicable to images. |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
Not applicable to videos. |
Documents | When attempting to send a document with a prohibited extension, the send button will be inactive for the user in the group, and “Sending N documents is restricted” will appear below the document.
When attempting to send or forward a document with a prohibited extension, the user in the group will see “Forwarding documents is restricted.” |
Exception chats/Exception smartapps
The rule will not apply to the selected chats or Smart Apps. Selecting excluded chats is only available when creating a local rule. Selecting excluded Smart Apps is available when the rule applies to all Smart Apps, not specific ones.“Downloading/viewing attachments is not allowed” Rule 
This rule can apply to both the messenger and Smart Apps. See the descriptions of the rule fields and their actions below.
This rule already automatically includes the “Forwarding/sharing/saving attachments to device memory is not allowed” rule, as it prevents downloading a file from the server.
Select users whose presence in the chat prohibits the action
Not applicable to Smart Apps, only applies to the messenger.Type | Results | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||
Documents |
|
Select the chat type to be restricted
Not applicable to Smart Apps, only applies to the messenger.Type | Results | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||
Documents |
|
Select users whose attachments are restricted
This field works similarly to the Corporate users can read rule in the File Service > Contour section if the selected group is a group of users from the internal Corporate Data Transfer Network (CDTN) contour.Not applicable to Smart Apps, only applies to the messenger.
Type | Results | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||||||
Documents |
|
Apply in all SmartApps/Apply in specific SmartApps
Not applicable to the messenger, only applies to Smart Apps and personal chats with their bots.Type | Results |
---|---|
Images | In all or specific Smart Apps and in personal chats with their bots, the user from the group will not be able to view or download the image.
When attempting to view or download the image, the user from the group will see “This chat has restrictions on viewing” in the chat with the bot or “Viewing images is restricted” in the Smart App. |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
In all or specific Smart Apps and in personal chats with their bots, the user from the group will not be able to view or download the video. When attempting to view or download the video, the user from the group will see “This chat has restrictions on viewing” in the chat with the bot or “Viewing videos is restricted” in the Smart App. |
Documents | In all or specific Smart Apps and in personal chats with their bots, the user from the group will not be able to view or download the document.
When attempting to view or download the document, the user from the group will see “This chat has restrictions on viewing” in the chat with the bot or “Viewing documents is restricted” in the Smart App. |
Enter the maximum file size
Applies to both the messenger and Smart Apps (including personal chats with Smart App bots).Type | Results |
---|---|
Images | Received (even from themselves) images larger than the specified size cannot be viewed or downloaded. The chat will display “This chat has restrictions on viewing attachments.” |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
Received (even from themselves) videos larger than the specified size cannot be viewed or downloaded. The chat will display “This chat has restrictions on viewing attachments.” |
Documents | Received (even from themselves) documents larger than the specified size cannot be viewed or downloaded. The chat will display “This chat has restrictions on viewing attachments.” |
Enter the type of restricted extentions
Applies to both the messenger and Smart Apps (including personal chats with Smart App bots).Type | Results |
---|---|
Images | Not applicable to images. |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
Not applicable to videos. |
Documents | Received (even from themselves) documents with prohibited extensions cannot be viewed. The chat will display “This chat has restrictions on viewing attachments” or “Viewing N documents is restricted.” |
Exception chats/Exception smartapps
The rule will not apply to the selected chats or Smart Apps. Selecting excluded chats is only available when creating a local rule. Selecting excluded Smart Apps is available when the rule applies to all Smart Apps, not specific ones.“Forwarding/sharing/saving attachments to device memory is not allowed” Rule 
This rule can apply to both the messenger and Smart App. See below for descriptions of the rule fields and their actions.
Disable forwarding of messages with attachments in the app — this setting (since version 3.49) additionally prohibits forwarding attachments not only to other applications but also within the app itself.
Select users whose presence in the chat prohibits the action
Not applicable to Smart Apps, only to the messenger.Type | Results | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||
Documents |
|
Select the chat type to be restricted
Not applicable to Smart Apps, only to the messenger.Type | Results | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||
Documents |
|
Select users whose attachments are restricted
This field works similarly to the Corporate users can read rule in the File Service > Contour section.Not applicable to Smart Apps, only to the messenger.
Type | Results | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||||||
Documents |
|
Apply in all SmartApps/Apply in specific SmartApps
Not applicable to the messenger, only to Smart Apps and personal chats with their bots.Type | Results |
---|---|
Images | In all or specific Smart Apps and in personal chats with their bots, the user from the group will not be able to forward, share, or save the image to device memory.
When attempting to forward, share, or save the image to device memory, the user from the group will see “Forwarding images is restricted” in the chat with the bot or “Downloading images is restricted.” |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
In all or specific Smart Apps and in personal chats with their bots, the user from the group will not be able to forward, share, or save the video to device memory. When attempting to forward, share, or save the video to device memory, the user from the group will see “Forwarding videos is restricted” in the chat with the bot or “Downloading videos is restricted.” |
Documents | In all or specific Smart Apps and in personal chats with their bots, the user from the group will not be able to forward, share, or save the document to device memory. Printing the document in the web or desktop app (View > Ctrl(Cmd)+P) outputs empty pages.
When attempting to forward, share, or save the document to device memory, the user from the group will see “Forwarding documents is restricted” in the chat with the bot or “Downloading documents is restricted.” |
Enter the maximum file size
Applicable to both the messenger and Smart Apps (including personal chats with Smart App bots).Type | Results |
---|---|
Images | The user from the group will not be able to forward, share, or save the image larger than the specified size to device memory.
The chat will display “Forwarding images larger than N MB is restricted” when the prohibition is triggered for the user from the group. |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
The user from the group will not be able to forward, share, or save the video larger than the specified size to device memory. The chat will display “Forwarding videos larger than N MB is restricted” when the prohibition is triggered for the user from the group. |
Documents | The user from the group will not be able to forward, share, or save the document larger than the specified size to device memory. Printing the document in the web or desktop app (View > Ctrl(Cmd)+P) outputs empty pages.
The chat will display “Forwarding documents larger than N MB is restricted” when the prohibition is triggered for the user from the group. |
Enter the type of restricted extentions
Applicable to both the messenger and Smart Apps (including personal chats with Smart App bots).Тип | Результат |
---|---|
Images | Not applicable to images. |
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
Not applicable to videos. |
Documents | A received (even from oneself) document with a prohibited extension cannot be forwarded, shared, or saved to device memory. Printing the document in the web or desktop app (View > Ctrl(Cmd)+P) outputs empty pages.
The chat will display “Forwarding N documents is restricted” when the prohibition is triggered for the user from the group. |
Exception chats/Exception smartapps
The rule will not apply to the selected chats or Smart Apps. Selecting excluded chats is only available when creating a local rule. Selecting excluded Smart Apps is available when the rule applies to all Smart Apps, not specific ones.“Recipients are not allowed to download attachments from cts users” 
This rule applies only within the messenger. This prohibition is analogous to the Corporate files can read setting in the File Service > Contour section. The only difference is that this prohibition has an additional division of contour users:
- internal contour — a user in the CDTN contour from the same server;
- trusted contour — a user in the CDTN contour from a trusted server.
Sender and Recipient
In this prohibition:- the sender is a user from the group for which this rule is configured. The prohibition will apply to attachments sent by users of this group.
- the recipient is a user who meets the criteria specified in the rule.
Mandatory Rule Fields
When creating the rule, at least one of the following fields must be filled in:- Select contour
- Select the users for whom the action will be restricted
Instant Action of the Restriction
Once the prohibition is enabled and an attachment is sent, the prohibition immediately applies to the attachment — no client restart or network reconnection is required. After disabling, the prohibition continues to apply only to attachments sent while the prohibition was active — previously sent attachments are not affected.Contour and Role Model Rules Comparison
If the Contour is disabled on the recipient’s server in the File Service section, but the contour IP mask is filled in, and a contour user receives an attachment that can only be viewed within the contour, the prohibition via the contour and the prohibition via the role model will behave differently:- with a prohibition via the CDTN contour using the Corporate files can read field, the attachment will be available to the recipient under these conditions — the contour is disabled, but the IP mask is filled in, and the user is within this network;
- with a prohibition via the role model (with contour restriction), the attachment will be unavailable to the recipient under these conditions.
Select contour
Not applicable to Smart Apps, applies only to the messenger. Requires a configured CDTN contour.Type | Results | ||||||
---|---|---|---|---|---|---|---|
Images |
|
||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||
Documents |
|
Select the users for whom the action will be restricted
Not applicable to Smart Apps, applies only to the messenger.Type | Results | ||||||||
---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||
Documents |
|
Select the chat type to be restricted
Not applicable to Smart Apps, applies only to the messenger. This is an additional parameter that limits the scope of the rule.Type | Results | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Images |
|
||||||||||
Videos |
⚠️ Note that videos are sent as documents if their size exceeds 50 MB!
|
||||||||||
Documents |
|
Exception chats
The rule will not apply to selected chats. Selecting excluded chats is only available when creating a local rule.“Require pin” Rule 
This role model rule adds a mandatory requirement to create a PIN code for the app additional protection. The rule applies only to iOS, Android, and the desktop app.
When Does the Rule Trigger?
- A user logging into the app will see a screen for creating a mandatory PIN code, which cannot be skipped:
Platform Action iOS Immediately after authentication. Android and Desktop Upon the next app launch. - A user already logged into the app will see the mandatory PIN creation screen upon app restart, reconnecting to the network on all platforms, or after a post-check (where rules are re-requested, and the user receives all applicable rules).
How Does the Rule Work in Client Apps?
Platform | Action |
---|---|
iOS and Android | Disable PIN button disappears. |
Desktop | Disable PIN Code button remains, as it is used to change the PIN code, which remains available to the user. After clicking this button in the desktop app, the user is immediately taken to the screen for creating a new mandatory PIN code. |
I Switched the Rule, but Nothing Happened. Why?
Enabling or disabling the “Require pin” rule or the role model itself may not immediately show or hide the PIN creation screen, but only after restarting the app or reconnecting to the network. This behavior is more common on Android and less frequent on iOS — for example, when disabling the rule.
How to Set the Time After Which Auto-Lock by PIN Code Will Be Activated?
In the desktop app, the auto-lock timeout for entering a PIN code cannot be set, so such a setting is currently unavailable in the role model.
In mobile apps, auto-lock occurs by default after 5 minutes, and this time can be changed in the app settings. However, on Android, if the user has already set a different auto-lock time, it will be preserved — the user can change it at any time.
-
❓Related Topics:
- What to Do If You Forgot Your PIN Code
Configuring Smart Apps Visibility in the Smart Apps Catalog 
Currently, this is the only rule that is configured not in the Role Model section but in the bot or Smart App settings under “Bots”.
What Is Required for the Rule to Work?
For the rule to work:
- Activate the role model.
- Use the default standard catalog: in the admin panel, open the SmartApps > Display in main menu > APP_ID > Default catalog section.
How to Restrict Smart App Visibility?
To configure Smart App visibility in the Smart Apps catalog in the app:
- In the admin panel, go to the “Bots” section.
- Click the pencil button next to the desired Smart App.
- Specify the desired Availability: for all users or specific user groups. If specific groups are selected, the Smart App will only appear in the catalog for users from these groups. In the Contacts section, it will remain available to everyone regardless of the settings.
- Save the changes.
Rule Operation Example
The impact of availability settings using the Calendar SmartApp as an example:
Availability Setting | Visibility in Contacts | Visibility in Smart Apps Catalog |
---|---|---|
All | Calendar SmartApp is available in the Contacts section. | A user not in the group sees Calendar SmartApp in the smart apps catalog (the “9 dots” menu). |
Specific Role Model User Group (user is NOT in the group) | Calendar SmartApp is available in the Contacts section. | A user not in the group does not see Calendar SmartApp in the smart apps catalog (the “9 dots” menu). |
Forbid Clipboard Usage in Application 
This rule can apply to both the messenger and Smart App. Available since 3.46 version.
If enabled:
- Disables the use of the device's clipboard while the app is open: forbids copying message text, pasting text, copying text when viewing documents, etc. Copying and pasting within the message field is still available BEFORE the message is sent.
- The Copy/Paste context menu buttons are hidden; pressing the keyboard shortcuts for copy/paste has no effect.
If the Branded Build of the App for ETS Also Has a Clipboard Restriction, How Do They Interact?
Works with the built-in restrictions in the ETS app as follows:- If a restriction is configured in the role model, use it;
- If a restriction is not configured in the role model, the built-in restriction from the ETS app build is used (if available).
Forbid Screenshot Creation 
This rule applies to both messenger and Smart App — cannot apply separated. Available since 3.46 version.
If enabled:
- Disables the ability to take screenshots while the app is active (does not work when the focus is on another window or application).
- The area of the client app that is not in focus turns black.
The Rule Is Enabled. Why Can Screenshots Still Be Taken in the Web App?
⚠️ It is technically impossible to block screenshots in the web app, so this restriction does not work there.
If the Branded Build of the Application for ETS Also Has a Screenshot Restriction, How Do They Interact?
Works with the built-in restrictions in the ETS app as follows:- If a restriction is configured in the role model, use it;
- If a restriction is not configured in the role model, the built-in restriction from the ETS app build is used (if available).
User Groups (CTS, ECTS)
This section of the admin panel is used to create user groups that will be subject to the role model rules.
Creating a User Group 
Field | Description |
---|---|
Group name | It is advisable to specify a unique and descriptive name for the user group. |
Platform | Web, Desktop, iOS, Android. You can select all at once. |
Connection type | Select the Corporate Data Transmission Network (CDTN) contour, which is configured in the File Service section:
To ensure CDTN settings do not interfere with the role model, enable Contour in the File Service section (check the Enabled box), set any in all contour rule settings fields, and specify the IP masks of your corporate network.
|
Corporate device status | Indicates whether the user's device is corporate. For this feature to work, corporate certificates must be pre-generated and configured on client devices, along with additional server-side configuration. For details, please contact eXpress support or refer to the administrator documentation. |
Adding Users to a Group 
Field Descriptions
Field | Description |
---|---|
AD groups (is a member/not a member) |
Search is available only for global Active Directory groups. You can manually enter values for universal groups using Enter. User membership in the group is not yet verified.
User Groups from Active DirectoryWhen creating a user group in Active Directory for a group in the role model, set the Scope parameter to Universal. The Domain Local or Global options are not suitable for use in the role model.
Currently, only universal AD groups are supported. The search field currently only finds global groups, so universal groups must be entered manually and confirmed with Enter.
Currently, you cannot view who is included in the group. There is also no option to select an AD group from a list. This is planned for the future.
Since user membership in an Active Directory group is not currently verified, the easiest way to test a rule is to specify a specific user in the group: search for their login or enter their HUID and press Enter.
|
OpenID roles (is a member/not a member) |
No search available. You can manually enter values using Enter. User membership in the group is not yet verified.
User Roles from OpenID (Keycloak)A user's OpenID role, like an AD group, must be specified in the user profile in the admin panel of CTS. Roles are synchronized from OpenID fields under the Role mapping tab in the Users section of the Keycloak admin console. If a role is missing from the user's profile in the CTS admin panel:
|
Position | No search available. To manually add values, save the group changes. User membership in the group is not yet verified. These field values are entered manually. They can be copied from the user profile. To save changes, click the Save Group button. |
Company | |
Department | |
Domain | |
Specific users | Search by login is available. You can manually enter HUID values using Enter. User membership in the group can be verified by the HUID value.
⚠️ The Specific users field can contain no more than 100 users.
To find specific users or excluded users, start typing the login and select the appropriate option from the dropdown, or enter the user's HUID and press Enter. |
Excluded users |
How to Create a Group with All Users?
For the rule to apply to all server users, do not select anything: neither an AD group, nor an OpenID role, nor a property, nor a specific user.Call Reports
This section collects information about call and conference ratings submitted by users. The list can be filtered using dropdown menus, date pickers, and the search field at the top.
Column | Description |
---|---|
Rating | The call/conference rating assigned by the user. |
Chat/Conference | The chat where the call took place or the conference name. |
janus_url | Janus URL. |
call_id | Call or conference identifier. |
user_huid | HUID of the user who submitted the rating. |
udid | Session identifier of the specific user device from which the rating was submitted. |
Platform | Type of user client platform: Web (includes Desktop), Android, and iOS. |
app_version | Version of the client app from which the rating was submitted. |
inserted_at | Rating date and time. |
Reasons | Reason for a poor rating. Some are set automatically by the system. Possible reasons include:
|
Call logs | Buttons to download call or conference logs. |
-
❓Related Topics:
- User ratings
Call Recordings (CTS, ECTS)
This section is only available on CTS and ECTS.
It allows you to view and manage the call and conference recording processing queue. The queue can be filtered using the status dropdown and the search field at the top.
Column | Description |
---|---|
Recording | Recording identifier. Clicking on it opens the recording page. |
Call ID | Call or conference identifier or call_id. |
Status | Recording state:
|
Conference name | Contains the conference name, or the group chat name where the call took place, or Personal chat if it was a one-on-one call or a group call that started as a one-on-one call. |
Error Reason | Specifies the reason for the transcoding service error. |
inserted_at | Recording start date and time. |
updated_at | Date and time of any recording update (ready or ready with an error). |
Recording Properties
The recording page includes a button to resend the recording for transcoding and information about the recording start, readiness, and participant media streams.
Did the Recording Fail to Arrive or Did Transcoding End with an Error?
Try resubmitting the recording for transcoding. If that doesn't help, contact eXpress support.SMS Statuses (RTS, ETS)
This section is available only for ETS and RTS.
This section contains a list of all SMS messages with confirmation codes requested and received by users. The confirmation codes themselves are not displayed here. For SMS statuses on RTS, check with eXpress support, and for SMS statuses on ETS, check with the connected SMS provider’s support.
SMS Status Codes
Статус | Описание |
---|---|
delivered |
SMS was successfully transmitted from the SMS provider to the user’s mobile operator. If the user cannot log in, possible reasons include an incorrect code, incorrect phone number, or SMS blocking by the mobile operator. In this case, the user should contact their operator. |
one_number_limit_exceeded |
The daily SMS limit has been exceeded. On RTS, the limit is 10 SMS per day. On ETS, the administrator can set a different limit (see the SMS > Security section on ETS). |
number_is_forbidden |
The phone number is blacklisted by the SMS provider. Contact the SMS provider’s support. |
waiting |
If the status waiting is displayed for a long time and then changes to failed, there may be widespread issues. Contact the SMS provider’s support. |
message is denied |
The mobile operator has blocked the SMS. Ask the user if they recently changed their SIM card or mobile operator. In such cases, the provider may block the SIM card for 24–48 hours. The user should try logging in again after 24 hours. |
Administrators Authentication
Configuring Administrator Connections from Active Directory
This section is only available for CTS and ECTS.
AD Synchronization
When creating an AD-synchronized administrator group, in the LDAP Group field, specify not the full path but the value of the cn
attribute from AD.
Audit Settings
In this section, you can enable user connection tracking by selecting the Track users connects/disconnects checkbox and configure sending audit event information to a third-party SIEM system.
Global Chat
Here, the administrator can enable and configure the global chat on the current server. The global chat enabled in the CTS settings will be available only to users of this CTS, while the global chat enabled in the ETS settings will be visible to all users of corporate servers connected to the ETS.
Global Chat Setup
- Enable the server’s global chat by selecting the Enabled checkbox, then specify the name, avatar, and description. If this is an ETS and you need to hide the federated eXpress global chat, clear the RTS global checkbox.
- Click the Save button. The global chat will appear for users of the current corporate server or for users of all corporate servers connected to the ETS.
- In the Internal Bots section, enable the Notifications bot: click the pencil button next to it and select the Enabled checkbox.
- Add the Notifications bot to the list in the Global Bots subsection: select Add Bot to Global Chat and click the plus button next to Notifications bot.
- Add the user who should send messages to the global chat as a bot administrator: in the Internal Bots section, click the gear button next to Notifications bot and select Add bot admins.
Sending a Message to the Global Chat
The user assigned as the bot administrator can find instructions for sending messages to the global chat here.
Multiple Global Chats
Users may see two global chats in their chat list: one from the current CTS and another from the RTS or ETS. The first is configured in the CTS admin panel, while the second is managed in the RTS admin panel (controlled by the eXpress team) or the ETS admin panel.
Global Bots
Links to Chats/Calls (CTS, ECTS)
In this section, you can specify your custom host for chat and call invitation links instead of the default one, as well as configure the minimum access level to the custom host (otherwise the xlnk.ms is used):
Уровень | Описание |
---|---|
public | Any users |
corporate | Any corporate users |
trusts | Users of the current corporate server and trusted servers |
What is the xlnk.ms?
It is the default link host xlnk.ms
owned by eXpress, which is located in a Russian data center.
Guests on the Current Server
Enable the Generate links for guest users to this server option, and guest users who receive new links will connect via this corporate server instead of RTS from now on.
I Switched Guests to My Server. Will Previous Links Be Redirected?
If a guest uses an old link created before enabling this setting, they will connect via RTS.
Push Service (RTS, ETS)
Connecting the push notification mechanism for various platforms: Android, web browsers, Huawei, iOS. This section is only available for ETS and RTS, as these servers are responsible for handling push notifications.
For configuration details, refer to the Administrator Documentation.
File Service
Contour 
This group of settings is available only on CTS or ECTS. Here you can configure which IP addresses are considered part of the internal contour of the corporate data transmission network (CDTN), as well as define file handling permissions for users within the internal contour.
How to Configure Networks Recognized as CDTN Perimeter?
Specify corporate networks/IPs considered as secure corporate network perimeter — corporate data transmission network (CDTN) perimeter (“contour”). Client device requests will be verified against this perimeter when required.
- Add subnet IP addresses with masks using
/
, separating values with commas. Example:192.168.0.0/24, 10.129.0.0/16
. - Optionally set file transfer permissions relative to the perimeter. Note these will combine with existing role model restrictions.
- Check the Enabled box and click Save.
How Is Role Model Related to CDTN Perimeter?
Note how the role model operation depends on the contour settings.
CDTN Perimeter Parameters
Parameter | Description |
---|---|
Corporate users can send | Defines who a CDTN user can send files to:
|
Corporate users can read | Defines who a CDTN user can receive and open files from:
|
Corporate files can read | Defines who can view files sent from the CDTN:
|
CDTN Contour and End-to-End Encryption
When selecting the Trust or Local parameters, users within the CDTN cannot send files to open chats or chats with end-to-end encryption disabled. When selecting Any or Corporate, sending is possible (starting from server software version 2.9).
File Service Retention 
This section allows you to configure automatic deletion of certain file categories from the server after a specified number of days.
Files Sent from Another Server
Note that the File Retention feature activated on the server also applies to files sent by users from other servers. This is because chats and files are uploaded from there to the current server, where automatic deletion will take effect after specific time left.
Proxying 
Proxying settings for static content delivery to public clients: the ability to download a file via File Service instead of a redirect link to S3.
User Session (CTS, ECTS)
Registration Settings (CTS, ECTS)
This section and its subsections are available only for CTS and ECTS. Click Save to apply changes.
CTS-Only Registration 
Parameter | Description |
---|---|
Allow registration without phone number | A global server parameter that determines whether a user can log in without a phone number: via corporate email or corporate server address. |
Display a warning that registration will be forbidden soon | If enabled, client app users will receive a notification that registration using a phone number will soon be mandatory: Add a phone number. The administrator has prohibited login without a telephone number. Add a telephone number to continue using the app.
⚠️ If you, as an administrator, plan to prohibit logging in without a phone number, be sure to enable the warning so users have time to add phone numbers and avoid login errors. Otherwise, uncheck this box.
Additionally, in builds of the branded ETS app, some login method buttons may be disabled. |
Allow skipping two-factor authentication within the contour | If enabled, users with a phone number can skip SMS code verification when connecting from within the Corporate Data Transfer Network (CDTN) contour if they previously logged in without a number but were later detected with one. |
User Contact Management 
Parameter | Description |
---|---|
Allow to add phone number | Server users can link a mobile phone number to their account for authentication and to allow others to find them by number in contacts. |
Allow to edit phone number | Server users can modify their linked phone number. |
Allow to delete phone number | Server users can remove their linked phone number. |
Corporate Data Visibility in Unauthorized Zone 
Parameter | Description |
---|---|
Show the corporate server address on the login screen | Users going through registration will not see the corporate server address and will only see the name specified in the server properties on RTS/ETS. Available from server and client version 3.49. |
Prefill the credentials found by email | Populate the login and domain fields if a match was found via simplified authentication mapping. |
Registration Methods 
Select the registration and authentication method for the corporate server: E-mail, NTLM (Active Directory), or OpenID (KeyCloak). Only one method can be selected.
Method | Description | Availability |
---|---|---|
Authentication is performed using a code sent to the linked email. If not all users have accounts in LDAP, enable E-mail authentication. This allows some corporate accounts to be created on the server via LDAP synchronization, while others are added manually in the admin panel. All users will authenticate using the email code. |
Authentication via email code is available for accounts added from AD as well as those created manually in the admin panel. | |
NTLM | Authentication is performed using AD login and password. User data is synchronized with AD. Synchronization runs on long and short cycles. Full synchronization runs every 3 hours, as well as on the schedule specified in the Full synchronization schedule (cron format) field. During synchronization, new users are added, the address book is updated based on AD changes, and users excluded from the sync filter are disabled. Short synchronization runs every 15 minutes. It checks the status of the AD account (disabled account, lockout, expired password, expired account, password change). If needed, synchronization can be manually triggered using the Sync button. |
Authentication via AD login and password is only available for accounts added from AD if NTLM is selected. |
OpenID | Authentication mechanism using an OpenID account. For example, users without an AD account or corporate email can log in using a special token. | Authentication via OpenID is only available for accounts added from OpenID if OpenID is selected. |
Checking the Current Authentication Method
The current corporate server authentication method can be checked not only in the admin panel but also by entering the following URL in a browser: https://the_server_FQDN/api/v2/ad_integration/register_methods
. The response will indicate: "register_methods":["current_authentication_type"]}
.
Synchronization Settings 
Parameter | Description |
---|---|
Synchronization sources | Select the corporate system from which user accounts are synchronized. |
Full synchronization schedule | Configure the synchronization time in The minimum interval is 1 hour ( 0 * * * * ). This is an additional synchronization schedule, apart from the standard one (every 3 hours). |
Sync | This button forces synchronization of users with the connected corporate system. |
Active Directory (Method) (CTS, ECTS)
This section configures the synchronization of the app with Active Directory.
Connection Parameters
Parameter | Description |
---|---|
FQDN or IP address of the domain controller, the connection port, and the Active Directory domain | More details admin guides.
If the Active Directory forest contains multiple domains, leave the domain field blank. Otherwise, users will need to manually clear this field when logging into the app.
|
Max login attempts Failed login timeout (in seconds) |
Protection against password brute-forcing. It is recommended to set this to 1 attempt less than in AD policies. |
Prefill the domain part of the login on clients | Here you can choose whether to pre-fill the domain on clients or not, so that users with different SamAccountName and UserPrincipalName do not experience login issues. |
Logout Settings
Parameter | Description |
---|---|
Auto-confirm logout requests | When any logout request appears, the system confirms it automatically. This feature was introduced in server software version 3.47.
By default, the checkbox is unchecked, and the system only initiates a logout request — final confirmation in the “Logout Requests” section remains with the administrator. |
Auto-confirm user logout requests | Here you can configure whether requests from users via the profile settings in the app will be automatically confirmed. |
Logoff by disabled | Automatic logout from sessions when an account is disabled in AD and sending a logout request. |
Logoff by lockout | Automatic logout from sessions when an account is locked in AD and sending a logout request. |
Logoff by account expired | Automatic logout from sessions when an account expires in AD and sending a logout request. |
Logoff by password expired | Automatic logout from sessions when a password expires in AD and sending a logout request. |
Automatic logout when synchronization with AD is excluded from the selection | Automatic logout from sessions and sending a logout request when a user is excluded from the AD synchronization filter with the application. |
Logoff by password change | Automatic logout from sessions after a password is changed in AD and sending a logout request. |
User Account Disabled (AD LDS) | Automatic logout from sessions when an account is disabled in AD and sending a logout request. |
Authorization Method
Choose between a simplified (matching by email domain) and a full authentication method.
Attribute Mapping
Define which user attributes from AD will be used in the messenger profiles.
For proper operation, ensure the attribute case matches the LDAP records.
Manage Settings
Button | Action |
---|---|
Default settings | Resets to standard values |
Delete | Disables synchronization (does not affect existing users) |
Save | Applies changes. |
Additional Questions
The Account from AD Did Not Appear in the User List. What to Do?
If an account from AD does not appear in the Users section of the admin panel:
- Wait for synchronization or force it manually.
- Check in AD: account status, password expiration, and other restrictions.
- Perform a test LDAP query (e.g.,
ldapsearch
) to verify the sync filter.
What Are the Requirements for User Avatars in AD?
JPG format, 500×500 pixels, no larger than 100 KB.E-mail (Method) (CTS, ECTS)
E-mail Registration Settings
Parameter | Description |
---|---|
Email Mask | Configure the email address filter for user self-registration. The system uses regular expressions. |
Maximum Number of Login Attempts | Limit the number of one-time code entry attempts. If the number of failed attempts is exceeded, a new code must be requested. |
The Maximum Number of Attempts to Send Code Before Blocking | Limit the number of one-time code requests from an IP address. If the limit is exceeded, further requests will be available after time set below. |
Time Before Unlocking, in Seconds | Setting the time after which the block will be automatically removed. |
Unblock IP | Removing the block on sending mail codes from an IP address. |
White List of IP Addresses | Adding IP addresses to the block exceptions.
⚠️ If many users connect through the same external IP address, it is recommended to add it to the whitelist. |
How to Enable User Self-Registration?
For self-registration to work, you must add an email-to-server match record (suggest):
- Via eXpress support (for eXpress app users)
- Manually by the administrator on ETS (when using a branded ETS app)
- Enter the mask — users now can register automatically if their email corresponds to the mask, even without prior account creation on the server.
How to Specify Multiple Email Domains?
To specify multiple domains, use the mask:^[\w-\.]+@(domain1.com|domain2.com)$
.
How to Disable User Self-Registration?
To disable the feature, delete the mask.What Happens If a User Enters an Email of an Already Existing Account?
⚠️ If a user self-registers with an email address that already has an account in CTS, a duplicate account will be created. Users are created with email in the name, you will need to edit the name afterward manually in the “Users” section.
OpenID (Method) (CTS, ECTS)
This section configures synchronization with OpenID (Keycloak/Blitz).
OpenID Provider
- Keycloak version below 17
- Keycloak version 17 and above
- Blitz.
Connection Parameters
Parameter | Description |
---|---|
Host, port, identifiers, and other OpenID connection parameters | For detailed instructions, refer to the administrator documentation. |
OpenID login prefill | In this field, you can choose whether the login field in Keycloak forms will be automatically filled with the user’s phone number or email. |
Logout Settings
Parameter | Description |
---|---|
Auto-confirm logout requests | When any logout request appears, the system confirms it automatically. This feature was introduced in server software version 3.47.
By default, the checkbox is unchecked, and the system only initiates a logout request — final confirmation in the “Logout Requests” section remains with the administrator. |
Auto-confirm user logout requests | Here you can configure whether requests from users via the profile settings in the app will be automatically confirmed. |
Logout request when user is blocked | Closing sessions and logout request when the account is blocked in OpenID. |
Logout request due to missing OpenID role | Closing sessions and logout request when a role is removed from the account in OpenID. |
Delete user profiles when logout is confirmed | Auto-deleting accounts synced via the OpenID from the corporate server, after a logout request is accepted. |
Device Authorization Method
Selected method for the QR code authentication.
Attribute Mapping
Define which user attributes from OpenID will be used in user profiles.
Profile Fields Visibility (CTS, ECTS)
This section configures who can view corporate user fields. It is only available for CTS and ECTS.
The visibility of corporate profile fields is configured individually for specific user groups:
- nobody;
- all users;
- corporate users only;
- only users of trusted servers;
- only users of your corporate server.
How to hide the “Public Name” Field?
The Public name field cannot be hidden, but in the Active Directory or OpenID section, you can configure which attribute will be loaded into this field.
How to Remove the Internal SIP Number in User Profiles?
In the VoEx section, uncheck the SIP enabled box or select a different number in the Preferred phone type field.E-mail (CTS, ECTS)
This section configures sending greetings to new users and verification code messages via email.
Specify the following details:
- Application name;
- Sender address;
- Authentication details for the outgoing mail server;
- Connection security;
- Send emails with current settings or RTS settings.
Sending Test Email
There is a field nearby to test sending an email message.
Getting Started Instruction (CTS, ECTS)
This section allows you to configure the welcome email with instructions sent to users.
Control | Description |
---|---|
Send to new users | Check this box to automatically send instructions to new yet unregistered users. The email will be sent upon account creation on the server. |
Send to all unregistered users | Click this button to send instructions to unregistered users. The email will be received by everyone with a corporate account on the server who has not yet logged in. |
Sending Test Email
Nearby is a field for test-sending the message.
How to Attach Images?
You can attach images to the email using a dedicated button, not via clipboard.
The Email Has no Images Visible via the Outlook. Why?
Microsoft Outlook disables automatic image loading by default. To load all images, click the “To download pictures, click this link” prompt in the email header.
Blocked Users (CTS, ECTS)
This subsection configures the email sent to users whose corporate account has been blocked in the synced directory.
Sending Test Email
Nearby is a field for test-sending the message.
VoEx (RTS, CTS, ECTS)
This section configures calls, in-app conferences, and integrations with third-party systems: Vinteo, SIP telephony.
Janus Instances & Janus load 
Configures the ability to use multiple Janus servers.
VoEx 
Configures calls and conferences in the app.
Parameter | Description |
---|---|
Enable screen sharing for corporate users outside of contour | Enables participants outside the Corporate Data Transmission Network (CDTN) to view screen sharing. If unchecked, only users within the CDTN can see the screen sharing. User server affiliation is not checked here; only the network contour matters. |
TURN Server, STUN Server | Servers (and connection ports) that facilitate voice traffic routing for client apps behind NAT/PAT. |
VoEx local network | Configures the local network for the VoEx service. |
Force relay ice | The app will use only the TURN server for NAT traversal, even if a direct (p2p) connection is possible. Improves connection reliability. |
Allow TCP ICE | Enables TCP instead of UDP within the ICE protocol. Useful in environments where UDP is blocked. |
Enable ability to record calls | Activates audio and video recording for calls and conferences for users on the server. |
Enable ability to transcribe calls | Activates speech-to-text conversion for calls and conferences for users on the server (not working yet, waiting for client apps to support this). |
Recording mode | Whether recordings will contain only audio, audio with screen sharing, or audio, screen sharing, and video. |
Detailed setup instructions are available in the administrator documentation.
How to Configure the Retention Period for Call and Conference Recordings?
The retention period for processed recordings (in days) is configured in the File Service section. To configure the retention period for unprocessed recordings, use a special flag in the configuration file. For details, contact eXpress support.
Centralized Call Settings Management 
These settings allow you to set predefined quality settings for all server users in calls and conferences. For example, you can forcibly reduce the quality for all users if the organization's network channel has low bandwidth.
Parameter | Description |
---|---|
Apply server restrictions for sound quality, video and screen sharing in calls | Enables quality settings management from the server. |
Allow users to independently manage the quality of the media | Users will be able to override the settings received from the server. |
Incoming/Outgoing video quality | Configures the quality of the input/output video stream from the camera and during screen sharing. |
Audio bitrate | Manages the quality of transmitted audio. |
h264 screen codec to save processor resources enabled | Enables an optimal codec for low-performance computers (screen sharing quality will be lower). |
User Ratings 
Параметр | Описание |
---|---|
Enable logs | Records server logs for all calls and conferences. |
Always ask if call has an error | Automatically requests feedback if a call error occurs. Logs and feedback are sent to the server and available in the server log archive. |
Call's assessment frequency | How often users are automatically prompted for feedback (in number of calls). |
Retention of user logs | The retention period (in months) for logs uploaded from client apps. |
-
❓Related Topics:
- Call Ratings
- Calls
- Conferences
Third-Party Integrations
The Links Settings, Vinteo, and SIP groups configure integrations with third-party calling systems. See the administrator documentation.
Server
Server Settings 
The following settings are available in this group:
Parameter | Description |
---|---|
Server avatar and chat backgrounds | You can upload a server avatar (displayed in the client app under Settings > About) and background images for chats (wallpapers) displayed to server users in light and dark themes. |
Hide server name | If enabled, the server name and address are not displayed to external users. For your own and trusted servers, the server name is always visible. In the user card, external users will see Corporate server instead of the address. |
What Are the Requirements for Wallpaper Images?
Wallpapers must not exceed 50 KB in size, and the image must be square (600?600 pixels).
Server Features 
Configure the features available on the server:
Parameter | Description |
---|---|
Show corporate users catalog | Enables displaying all CTS users in the contacts list.
⚠️ Not recommended for organizations with more than 500 users (risk of performance degradation on mobile devices).
For this setting change to take effect on user devices, you'll also need to toggle Disable corporate phonebook on and off, saving changes in between, and restart client apps. |
Corporate search | Contacts search on the current server, also including additional user fields (role, department, etc.). |
Trust search | Contacts search on the trusted servers (the trust search should be allowed on a trust server). |
Enable e2e encryption by default in group chats | Determines whether end-to-end encryption is activated by default when creating a group chat. |
Enable e2e encryption by default in channels | Determines whether end-to-end encryption is activated by default when creating a channel. |
Disable corporate phonebook | Disables the corporate contacts service (phonebook) and any kind of searching for contacts completely. It blocks loading and searching for contacts when enabled, regardless other settings. |
Allow the user to control their avatar | Users can upload new avatars when editing their corporate profile. Requires server software and client version 3.33 or higher. If disabled, user avatars will be replaced with those manually set by the administrator or synced from the corporate directory. |
Moderate user's requests for profile changes | Avatar change requests will require administrator approval in the “Profile Change Request List” section. Requires server software and client version 3.33 or higher. |
How to Configure Contacts and Search Settings?
Show directory |
Corporate search |
Trust search |
Disable phonebook |
Result |
---|---|---|---|---|
On | Off | Off | Off | Corporate contacts directory is loaded. Local search only by full name in device contacts. |
On | On | Off | Off | Corporate contacts directory is loaded. Full corporate search via CTS, including additional fields. |
On | On | On | Off | Corporate contacts directory is loaded. Search works on CTS + trust servers. |
Off | On | Off | Off | Corporate contacts directory is not loaded, shows contacts from synced phonebook. CTS search works. |
Off | Off | On | Off | Corporate contacts directory is not loaded, shows contacts from synced phonebook. Only trust search works. |
Off | On | On | Off | Corporate contacts directory is not loaded, shows contacts from synced phonebook. Search works on CTS + trust servers. |
Off | Off | Off | Off | Corporate contacts directory is not loaded, shows contacts from synced phonebook. CTS + trust servers search doesn't work. |
Any | Any | Any | On | Any contacts disabled. Search disabled |
-
?Related Topics:
- Display All Corporate Contacts in the List
- Avatar, Name, and Other Profile Data
- Profile Change Request List
Notification During Logging In 
Configure the custom agreement text displayed before logging into the server.
What Are the Requirements for HTML?
The file format is HTML (UTF-8 encoding, size up to 1.5 MB; scripts are not supported; styles and classes are not yet supported).
Notification of Technical Works 
If enabled or upon a 502 error in the response to the settings
request from the client side, users will see the message “Maintenance is underway, there may be interruptions in the work of the application.
Update Notification 
If the client app version lags behind the server software by the specified number of minor versions (x.X.x), the user will receive a notification prompting them to update.
Can This Feature Be Used to Manage Client App Updates?
This is just an additional informing, it does not affect automatic updates via app stores or update checks in the web/desktop app.
How to Enable Informing about Updates?
- Check the Notify about an existing update box and specify the allowable lag of client app versions behind the server software.
- To enforce updates, enable Block application interface until update is started (available with server software version 3.32).
- Select the client platforms where the feature will work.
The ETS App Has Not Been Released Yet, but Users Are Prompted to Update. Why?
⚠️ If new server software is installed but clients are not yet released in stores, users will receive a notification about a non-existent client update, since the feature compares the server version with the client version. We recommend setting the lag to at least 3.
Why Didn't the Desktop App Receive a Notification That It's Time to Update?
The feature works for desktop apps only with automatic update functionality support.
RTS ID, ETS ID, CTS ID 
Displays the RTS (ETS) ID associated with the server, as well as the server’s own ID.
Certificates 
Upload certificates to the server. Details are available in the administrator documentation.
Admin Info 
Specify the administrator’s contact details — they will be displayed to the user when contacting support or encountering an error.
Show warning when link clicked 
Here you can configure the display of a warning when following links. The feature is available from version 3.42.
Message Forwarding in Confidential Mode 
Introduced in the version 3.44. When Allow users to configure message forwarding in confidential mode is enabled, users will see a new setting in their confidential mode options that permits forwarding messages from chats with the confidential mode active to other chats.
Service Versions 
Displays the versions of the corporate server service containers.
You can also check the version via the link: https://the_server_FQDN/system/XX/version
, where XX
is the service name (trusts, messaging, voex, etc.).
Support Info
Support Contact Information
Here you can configure the display of contact details for users to reach support via phone, email, Telegram chat, or WhatsApp chat.
Here you can upload a FAQ file with tips for users or answers to frequently asked questions (in Russian and English).
What Are the Requirements for HTML for FAQ?
The file format is HTML (UTF-8 encoding, size up to 1.5 MB; scripts are not supported; styles and classes are not yet supported).
Is It Possible to Upload a Custom FAQ but Keep the eXpress Support Contacts?
No. If the Show eXpress Support Contacts checkbox is enabled, users will see the support details provided by eXpress, and uploading a custom FAQ file will not be possible.
Where Will Users See the Support Contacts and FAQ?
Users can view support contacts and FAQ:
- During app login — a blue button with a question mark in the bottom-right corner.
- After logging in, in the Settings section > Contact support.
When clicking the button, the user will see the FAQ, followed by a button displaying the support contacts.
From Where Are the Support Contacts and FAQ Downloaded to the App?
On the SMS code entry page, the user will see the FAQ uploaded to RTS or ETS. At the next stage, after entering the SMS code, the user will see the FAQ added to CTS or ECTS.
Registration Instruction (ETS)
What Are the Requirements for HTML?
The file format is HTML (UTF-8 encoding, size up to 1.5 MB; scripts are not supported; styles and classes are not yet supported).
SmartApps (CTS, ECTS)
In this section, you can:
- select which Smart App will be the home page and appear when the client app launches;
- enable the catalog and choose the Smart App used as the catalog, as well as the default mail client Smart App;
- configure proxy hosts for Smart Apps if a file located within the corporate data transfer network (CDTN) will be used in Smart Apps.
A detailed description of the settings is available in the administrator documentation.
Activations
Parameter | Description |
---|---|
Maximum Activations Lifetime | This setting allows you to automatically terminate sessions of inactive users across different clients. Values are in seconds, with a minimum value of 900 seconds. The default value for the web app is one week. To remove restrictions, clear the field. |
Activation Report | On the CTS, there is a Download activations as .CSV button that provides information about user activations. |
Prohibited Platforms | Select client platforms where the app should not work. This feature was introduced in version 3.42. |
SMS (RTS, ETS)
In this section:
- select the provider for sending SMS with verification codes;
- modify the accompanying text for the verification code.
Adapters (RTS, ETS)
This subsection specifies the integration data for SMS providers.
For detailed configuration instructions, refer to the administrator documentation.
Masks (RTS, ETS)
Security (RTS, ETS)
This subsection configures SMS spam protection.
Parameter | Description |
---|---|
Request Rate Limiter by IP Address | Sets the maximum number of SMS requests allowed from a specific IP address within a specified time period in seconds. |
Filter by User-Agent | Blocks SMS requests from browsers with specified User Agents using regular expressions. |
Filter by DEF-code | Blocks SMS requests for phone numbers from specific countries and with specific DEF codes. |
Filter by phone | Blocks SMS requests for phone numbers matching specified regular expressions. |
Max. requests limit per phone number | If a number owner exceeds the specified number of SMS requests, this capability will be blocked for them for 24 hours. |
Unblock user | Enter a mobile phone number (without the plus sign, with strict country code format, no spaces or hyphens) or user IP address in this field and click Unblock to remove active SMS request restrictions. |
CAPTCHA (RTS, ETS)
This subsection enables additional SMS spam protection using CAPTCHA.
Parameter | Description |
---|---|
Enable | Turns CAPTCHA checking on. |
Provider | Select an external provider for the CAPTCHA feature.
|
Invisible Captcha | If cheched, verification will only be requested when suspicious activity is detected. |
Client/Server key | Enter API tokens from the provider. |
Trusted nets | Enter IP addresses for which the check will be disabled. You can use mask via / . Example: 192.168.0.123, 10.129.0.0/16 . |
Configuration details are available in the administrator documentation.
Suggests (RTS, ETS)
This section configures simplified email authentication (suggests). This feature allows mapping email domains to server URLs (hosts) to simplify user login — users will not need to manually enter server addresses. Here you can view and edit existing mappings.
The Screen After Entering the Email Displays the Server Name. How to Change It?
To change a mapped server's display name, go to the Servers section > on the CTS tab click the pencil icon next to the desired server > enter the name in the Name field.
Using eXpress. Where to Configure Suggests?
If you have CTS and want to configure simplified authentication (so users do not need to enter server addresses), contact eXpress support — they will configure suggests on RTS.
How to Create a Simplified Authentication Suggest? 
Click the Create button. Specify as template:
- Domain (without @ symbol) — all users with this domain will be offered the server
- Full email address — only the user with this exact email address will be offered the server
Then select the server that should be suggested in the template.
Is It Possible to Create Different Suggests for One Server?
You can create multiple templates pointing to the same CTS. Multiple domains cannot be specified in a single template.
The message has been sent successfully.

Personal and group chats
- Sending contacts, geolocations, voicemails, and files (images, videos, documents)
- Threads
- Chat grouping with the use of tags
enterprise version
- Editing images before sending (add text, handwritten lines, resize and rotate images)
- Sending emoji, stickers, upload your own sticker pack
- Reactions
- Mobile-only access to a chat can be activated
enterprise version
- A chat can be started in privacy mode (prohibit copying, screenshotting on mobile devices and forwarding)
enterprise version
- Mention of a chat participant as well as any user with “@” (the mention feature)
- Mention of multiple users with “#”
desktop version
- Mention of all users in a chat with “@all”
Channels
- Setting the channel confidentiality level (open/close)
- Pinning channels at the top of the list
- A user can go to a corporate/hybrid open channel via a mention (##)
Interaction with messages
- Message typing indicator
- Text formatting — bold, italics, paragraphing, etc.
implemented via Markdown
- Viewing message status (delivered, read, edited, deleted)
- Editing/deleting a sent message and displaying the edition/deletion status on the recipient’s side
- Saving messages, creating reminders of messages, pinning messages at the top of the chat
enterprise version
- Mobile-only access to a chat can be activatedenterprise version
Contacts
- User data available for viewing: first name, last name, enterprise information (phone, email, company, job title, unit, supervisor), list of shared chats, enterprise server, link to user (routing), indication (online, time, when was last online)
enterprise version
- Contact search by job title, company, domain, name or assigned tag
Audio-, videoconferences. Available only for enterprise users
- Direct calls (Peer-to-Peer (P2P))
- Audio and video calls for 120+ participants
- Calls/videoconferencing between enterprise and external participants
- Ability to open a call in another window / on top of the main window
- Screen sharing
- Call recording
Q4FY23
- Hand up
Q4FY23
- Schedule conferences using a calendar
- Automatically send a link to the videoconferencing with adding a reminder to the calendar of participants
- Assigning a password to access the conference
- Sending invitation by email
mobile version
Integrations
- with SIP telephony
- with "heavy" VCS systems: Vinteo, Communigate, IVA, MIND
Message not sent.