Аdmin Panel

Authorization in the Admin Panel

Who Has Access to the Admin Panel?

How to Get Access?

What Is the Address of My Web Console?

Cannot Log In Due to Exceeding the Number of Login Attempts. What to Do?

Admin Panel Interface Language

Is the Language Set Automatically?

How to Change the Language of the Admin Panel?

• Set the desired language as primary in your browser settings.
• Or manually change the _admin_locale parameter in Cookies via the developer console:
  1. Open the admin panel.
  2. Press F12 (or Fn + F12).
  3. Go to Application > Cookies > select the server address.
  4. Find _admin_locale and change the value to ru (Russian) or en (English).
  5. Refresh the page.

Miscellaneous Questions

Is It Possible to Set a Time Zone for the Time in the Admin Panel?

When Opening an Exported CSV File in Excel, “Garbled Characters” Are Displayed. Is This a Bug?

This section contains a list of users and bots on the corporate server.

Searching for Users

In the search field on CTS and ECTS, you can search for users by HUID, name, email, domain, and position as specified in their corporate account. On RTS and ETS, you can search for users by name, phone number, as provided by the user during initial registration or later in profile settings in eXpress.

Creating Users

You can manually create a new user on the corporate server by clicking the corresponding button or set up the automatic synchronization.

How to Bulk Create Users Manually?

Contact eXpress support team for instructions.

Migrating From Manual to Synced Accounts?

If you recently configured synchronization, delete old manual accounts with duplicate emails to avoid conflicts with new synced accounts.

What Authentication Methods Are Available for Manually Created Users?

Such a user will only be able to log in via email. To use other methods when synchronizing with a corporate directory (e.g., Active Directory), create users in the directory, not manually on the corporate server!

Can User Synchronization and Manual Creation Be Used Simultaneously?

Yes. This allows you to, for example, sync organization employees from a directory while manually adding external contractors. This only works with Email authentication — both manually created and synced users will log in using email codes.

How to Connect Users Not Listed in the Corporate Directory?

To connect external users (partners, contractors) who are not in the organization's directory to the corporate server:

1. Create profiles for external users in the Users section manually.
2. In the “Registration Settings” section, switch the authentication method to Email.

This way, both external users and those synchronized from the directory will log into their corporate account via an email code.

How to Properly Transfer User Credentials?

When providing corporate data, always inform users:

• To log into the app with their phone number if they have previously used it.
• A phone number can be added later, but only if there is no account already linked to it.

This preserves their chat history if they previously used a phone number, as well as when changing logins or switching to another server.

Editing, Blocking and Deleting Users

Which Users Can Be Edited or Deleted in the Admin Panel?

You can only modify or delete users who were created manually or via self-registration with an email mask (logout is also required before deletion).

Why Can't Email Be Edited?

The email field is non-editable, as it serves as the login.

How to Change User Login Properly?

Refer to this guide.

I Blocked a User in the Directory, but They Did Not Leave the Server. Why?

In addition to blocking in the corporate directory, you also need to confirm the logout request for the user so they are no longer bound to the corporate server, or configure automatic logout.

Exporting the User List

The Download as .CSV button downloads the user list in CSV format. This list can later be imported into a group chat or channel for bulk user additions. To filter the exported list, use the search function. When clicking the button, you will be prompted to select user types for export:

User Profile

Clicking on a user opens their profile information:

Profile Buttons

What Happens When Users Get New Keys?

New keys (cts/rts for corporate users or rts for public users) are generated when:

• Resetting the personal encryption password.
• After account deletion and re-registration.

The ed25519 session signing keys are generated when users start a new device session.

After logout, key synchronization between servers is forced upon re-login.

This section provides a complete list of all chats and channels of users on the current server.

Searching for Chats

In the search field, you can find chats by:

• Chat ID
• Chat name
• HUID of a user (to find their “Saved Messages” chat)

Chat Properties

When clicking on a chat, the following information is displayed:

Chat Buttons

The following buttons are available in the interface:

Additional Questions

How Do I Know if a Chat Has Open History?

There will be Make chat private button available in the chat's properties. Also, in the Chat JSON section, the sharedHistory:true indicator can be used to determine if the chat history is open. This indicator appears when end-to-end encryption is disabled in the admin panel (available only for chats).

Where to Find Information About E2EE Deactivation Date/Time?

There's only an indirect way to determine this. In chat properties, open the Events table section. For messages (events with type message_new), check the key_id values in the keys section:

• If only a shared server key is specified (sometimes several server keys may be present), this means end-to-end encryption was disabled when the message was sent.
• If multiple participants' personal keys exist — encryption was enabled when the message was sent.

This section displays the full list of open chats and channels on the server available in the corporate chat directory. Users can join them independently via the catalog. The section is only accessible for CTS and ECTS.

Searching for Open Chats

In the search field, you can find open chats by ID or name.

Open Chat Properties

Clicking on a chat will open its detailed information (see above).

Creating Open Chat

The Create button allows you to create a new open chat on the server.

I Created an Open Chat. How to Add Users?

The first participant of an open chat cannot be added via the admin panel. The user must join independently through the chat catalog in the client app. After that, you will be able to add the rest through the admin panel.

In the Calls section, a complete list of all completed and current calls on the server is displayed. Conferences are not shown in this list — they have a separate section with the similar controls.

Searching for Calls

In the search field, you can find calls by:

• date and time
• chat name
• chat ID
• call ID
• HUID, email or name of a participant

Call Logs

The Download logs function is available to download call logs as a ZIP archive.

What Does the "Bad" Label Mean?

• logs from the participant who left feedback
• the call_id_issue.json file — the other field contains the user's feedback (if any)

How to Delete All Call Logs?

The Clear logs button deletes all call logs on the server.

Ending a Call

The cross button forcibly ends a call (use for stuck calls).

Information About the Group Chat Where the Call Took Place

Clicking on the chat ID opens information about the chat where the call was held (see above).

Call Properties

Clicking on the call ID displays the following information:

This subsection contains tools for working with conferences, similar to call tools.

There Is a Conference Between Participants from This and Another Server. Why Isn't It in the List?

Conferences are displayed in this list only if they were created on the current server.

This section was introduced in server software version 3.33. Here, the administrator can approve or reject user requests to change profile picture (avatar) if moderation is enabled in the “Server” section.

❓Related Topics:

• Avatar, Name, and Other Profile Data

This section displays a list of users for whom a logout request has been sent:

• by the user;
• via the corporate server administrator;
• due to an event in the corporate directory.

Here, you can view user information, check the logout reason, and Accept or Reject the request. This section is only available for CTS and ECTS.

Why Aren't Logout Control Buttons Working?

Note that if the admin panel is not opened via the server's FQDN address, the Accept or Reject buttons will not work.

Logout Reasons

Accepting Logout Request

After clicking Accept, the user's corporate account is detached from the personal account and changes to the unregistered status.

Bulk Selection of Requests

Starting from server software version 3.27, multiple logout requests can be selected using checkboxes. To select all entries (the top checkbox in the first column), first specify the logout reason in the filter. If no filter is applied, bulk selection is unavailable — entries will need to be marked manually.

Deleting an Account After Logout

After logout, the account remains in the list in the “Users” section. The deletion method depends on the account type:

Configuring user access to the admin panel. You can create and view users and groups.

Creating an Admin Panel User

To create a user for the admin panel, in the Administrators section, click Create. Specify the login, password, group memberships, and the account expiration date (check the Enable block box and enter the date below).

What are the Administrator Password Requirements?

The password must contain:

• A special character: #!?&@$%^*().
• A lowercase letter.
• An uppercase letter.

Minimum password length is 8 characters.

Creating a Group

To create a group, in the Administrators section, click List groups > Create. Specify the group name, the corresponding LDAP group, and configure permissions for the admin panel sections: no (no access), read (view only), write (edit).

This section displays all servers connected to this server: RTS, CTS (ECTS), ETS, Trusts, as well as the routing scheme Graph with all connected servers.

Server Status Indicators

Deleting a Server

The trash bin button deletes a server record (token) or a trust connection.

Why Delete a CTS Record from RTS/ETS?

Deleting an inactive server may be necessary if a user needs to register on a new server, but the old server is physically unavailable, yet its record remains on RTS/ETS. Deleting from RTS can only be done through eXpress support. Deletion is only allowed if the server cannot be restored!

Searching for Servers

In the search field on the corresponding tab, you can find servers by ID, name, or address.

Adding a New Server

Click the Create button to add a new server for connection to the current server. More info in the admin guides.

Trust Connections

The Trusts tab displays trusted connections of this server to other corporate servers.

How to Configure Visibility of Contacts from a Trusted Server?

Server Properties

Clicking on a server opens information about it and its connection. Here, you can manage the connection, edit server properties, or delete it.

Changed the CTS Host. What Needs to Be Done on RTS/ETS?

If a server's host has changed, edit the record and specify the new address. Connected clients will encounter a connection error, and users may need to relogin to the client. The chat history will be preserved.

⚠️ If a suggest for simplified authentication was previously configured on RTS/ETS for the server, it will need to be recreated (simply re-saving is sufficient).

This section allows you to configure and connect chat bots and Smart Apps on the corporate server. It is only available for CTS and ECTS.

You can enable or disable already added bots and Smart Apps, modify their properties, avatar, visibility in the chats catalog, access settings including visibility for user groups in the role model (starting from server version 3.21), and other options.

For more information on administering bots and Smart Apps, see the admin guides.

What Are the Requirements for Bot Avatars?

Image dimensions 512 by 512 pixels, PNG/JPG format.

In this section, you can configure built-in bots and connect them to the global chat:

For more information on administering bots, see the admin guides.

This section is designed for configuring integration with external systems (currently in development). Such accounts are created for computers in meeting rooms or in other cases when logging into the application requires using a non-personalized account.

How to Edit an External Client User?

To modify the data of an external client user (for example, their email), locate them on the “Users” page.

Can I Create an Account Here for a Colleague from Another Organization?

A UI Alert is a trigger that blocks the use of the client application if its version is lower than the specified one. The list displays created UI Alerts. This section is available only for RTS and ETS.

Creating a New UI Alert

Click the Create button to create a new UI Alert. Field descriptions:

This section displays a list of all Docker containers on the server. Here you can:

• View the container version
• Check its status
• Review container logs

Viewing Container Logs

To view logs of a container from the corporate server, see the guide.

More info on working with containers in admin guides.

This secrion displays the actions log of administrators in the Admin panel or users in the app (if their client request reached the server). The following events are displayed in this section:

1. User login attempts to the corporate server (e.g. cts_user_registration_failed)
2. Administrator login attempts to the admin panel
3. Logout requests (e.g. user_logout_confirmed)
4. User settings changes
5. Server settings changes

The displayed event table can be filtered and downloaded as a CSV file.

How to View the Audit Event?

To check details of an event (admin/user name, IP address, error details, etc.), click the event ID in the first column.

More details about the section are in the admin guides.

This section displays sticker packs added to the server.

Creating and Editing a Sticker Pack

To create a new sticker pack, click the Create button. To edit a pack, click its ID.

In the sticker editor, you can:

1. Add or remove stickers
2. Make a sticker pack public
3. Select a sticker to preview the pack

What Does “Public” Mean?

A public sticker pack becomes available to all server users—they can find it in the server’s sticker catalog and add it to their collection.

How to Insert an Emoji for a Sticker?

What Are the Requirements for Sticker Images?

Deleting a Sticker Pack

To delete existing sticker packs, click the trash bin button.

This section allows you to manage virtual backgrounds for calls and conferences that will be available to all users on this server.

This section allows you to manage the display order of chats, channels, and bots in the corporate catalog. This section is only available for CTS and ECTS.

This section displays server statistics for users, chats, messages and group calls.

Where Does the Statistics Data Come From?

It is sourced from the built-in Prometheus monitoring software, where the default retention period is set to 2 weeks.

This Statistics Is Not Enough. Can Other Tools Be Used?

Yes. For longer storage and creating custom dashboards, it is recommended to export data from the built-in Prometheus to another compatible tool. Contact eXpress support for assistance with configuration.

The role model configures security policies for different user groups and the current server.

What Is the Purpose of the Role Model?

The role model allows you to:

• prevent data leaks in advance
• simplify the process of imposing restrictions on employees and partners of the organization
• manage access to app features based on various attributes

Basic Settings

The Role model activated toggle allows you to enable or disable the role model on the server.

Below is a list of categories and rules created under them. For each rule, the following is displayed:

• Rule name
• Description
• Status (here you can activate or pause the rule)
• Rule properties
• edit, duplicate, and delete buttons

Why Didn't the Role Model Restriction Work?

⚠️ Note that for new rules to take effect or to activate/deactivate the role model, users will need to restart the client app or turn off and on the Internet on their devices.

For changes to apply in the Android app, you need to close it and wait about 2 minutes before relaunching it — modern Android operating systems may not terminate the app immediately.

⚠️ Also the role model temporarily not supported in the Aurora app.

Besides Restrictions, What Else Will Stop Working If the Role Model Is Disabled?

When the role model is not active, the availability settings for Smart Apps to user groups also stop working.

Role Model Setup Approach

To avoid difficulties when setting up the role model from the very beginning, configure it using the following steps:

1. Clearly define which specific action and which users need to be restricted using the role model.
2. Create, configure, and test a user group. A target user group is required for most role model rules.
3. Create and configure a rule suitable for your task.

Role Model and CDTN Contour Settings

All role model settings (both user groups and rules) involving external/internal contours use the internal contour IP mask value specified in the Contour group under the File Service section.

How Do the Role Model and CDTN Rules Interact?

When configuring the role model for file-related restrictions, keep in mind that they may overlap with rules configured for the Corporate Data Transmission Network (CDTN) contour:

• if a file action is restricted in the role model but not in the CDTN settings — the role model will restrict the action;
• if a file action is restricted in the CDTN settings but not in the role model — the CDTN will restrict the action.

Thus, simultaneously enabled CDTN contour and role model restrictions are cumulative.

Can the Contour Be Used Only in the Role Model?

To use the contour in the role model without CDTN contour restrictions:

1. Enable the CDTN contour in the File Service section, set any in all settings fields, and enter the list of IPs/masks for the internal contour. The role model will use the specified internal contour.
2. In the role model user group settings, select Internal contour to apply rules to users inside the specified CDTN contour or External contour to apply rules to users outside the CDTN contour.
3. Create a role model rule targeting this user group.

In the future, the CDTN contour settings are planned to be fully moved to the role model section.

Is It Possible to Grant Permissions to Users in the Role Model?

How Is the Attachment Type Determined?

When viewing/saving, all attachments in web/desktop and mobile apps are determined by extension — downloaded as photos/videos or as documents. Therefore, the prohibition on downloading/saving documents applies only to document extensions.

Creating a Role Model Rule

To create a new rule, click Create new rule and configure it.

Rule Configuration Fields

After creating the rule, don’t forget to activate it.

Restriction Target, Global and Local Rules for Chats

The fields chat participant type (Select users whose presense in the chat prohibits the action) and chat type (Select the chat type to be restricted) in the Restriction target group can be left empty — then the rule will apply globally. If at least one of these fields is filled, the rule works locally (becomes narrowly targeted).

The list of fields in the restriction target depends on the selected attachment type and the rule itself.

Global Rule for Chats

Applies to all user chats. The server sends the rule to the client when logging into the app and when reconnecting to the server.

Fields that, when filled, keep the rule global:

• Select users whose attachments are restricted
• Maximum file size (MB)
• Type of restricted extentions (relevant only for documents; images and videos are not checked by extension type)

A global rule can be created without attributes by filling only the fields Rule name, User groups, Rule action, and Attachment Type. This means that attachments from any users, of any size, and with any extension will be prohibited.

• If the extension and size of attachments are not specified, a prohibition is created for the selected attachment type with all its extensions and sizes (e.g., prohibiting sending any documents in a chat)
• If chat type (Select the chat type to be restricted) or chat participant type (Select users whose presense in the chat prohibits the action) is not specified, the prohibition applies to all user chats and channels
• If sender (Select users whose attachments are restricted) is not specified, the prohibition applies to attachments received from any user

By default, if an attribute field is not filled, the attribute has the value “all”.

Local Rule for Chats

Applies to specific user chats based on specified attributes. The server sends the rule to the client when entering a specific chat, channel, or thread.

The rule becomes local when these fields are filled:

• chat participant type (Select users whose presense in the chat prohibits the action)
• chat type (Select the chat type to be restricted)

When filling the chat participant type (Select users whose presense in the chat prohibits the action) or chat type (Select the chat type to be restricted) field, you can specify excluded chats in the Exception chats field. Excluded chats do not apply to global rules.

In addition to chat attributes, local rules can include the fields size (Maximum file size (MB)), extension (Type of restricted extentions), or sender (Select users whose attachments are restricted).

Attribute Combinations

Attachment attributes: sender, size, extension. Chat attributes: chat participant type, chat type.

If chat attributes are not specified, rules for attachment attributes apply globally. If chat attributes are specified, rules apply only in the specified chats.

How multiple attributes are combined:

• Prior to version 3.46,
• Starting from version 3.46,

Examples:

• if for the attachment type Documents, you specified size = no more than 30 MB, and in the extension type field — pdf, pptx, a rule with two attributes is created:
  • prohibited action with all documents over 30 MB (any extension)
  • prohibited action with files of extensions pdf and pptx (any size)
• when both Chat participant type and Chat type are filled, the rule applies:
  • Prior to version 3.46:
    • in chats that match the value of the Chat participant type field
    • in chats that match the value of the Chat type field
  • From version 3.46 and above: the rule will apply to a chat that matches the value of both the Chat participant type field AND the Chat type field in the rule
• if for the attachment type Documents, you specified size = no more than 30 MB and selected a chat type, the action will be prohibited for all documents larger than 30 MB with any extension in chats of the selected type

What Happens If Multiple Restrictions Are Configured for a Single User Group?

Since role model rules operate only on a denial basis, when configuring multiple different prohibitions for a user group, they are cumulative and apply simultaneously.

Rules for Smart Apps

Role model rules can be configured not only for messenger chats but also for Smart Apps.

What Can Be Restricted in Smart Apps?

Prohibitions for Smart Apps apply only to actions with attachments in them. Actions with the content itself (e.g., forwarding an email in the Email Smart App) cannot be controlled via the role model.

For example, when configuring the restriction for sending/forwarding attachments for Smart Apps, the user is prohibited from uploading and sending attachments. However, if the user receives an email with an attachment and tries to forward it, this action will be allowed because the Email Smart App uses existing attachments uploaded by another user when forwarding. With any prohibition in place, the user can forward an email with attachments or reply to it.

Configuring Rules for Attachments in Smart Apps

In a Smart App rule, you can specify:

• application to all Smart Apps (with the option to specify exceptions)
• application to specific Smart Apps

Attachments in Smart Apps can be restricted entirely or by file size/extension. Smart Apps handle attachments differently on platforms:

Rules for Smart Apps Chat Bots

Role model rules for Smart Apps also apply in chats with their bots:

• in a 1-on-1 chat with a Smart App bot, only Smart App rules apply
• in a 1-on-1 chat with a regular bot (not a Smart App), global or local rules for chats apply
• in group chats and channels with any bot, global or local rules for chats apply

Searching and Checking Role Model Rules by User

To search and check rules, use the search field at the top of the page.

Searching for a rule by the user it applies to is performed only by the user HUID.

Search works by name (entered in the top search field), connection type, platform, and status.

“Sending/forwarding attachments in chats is not allowed” Rule

“Downloading/viewing attachments is not allowed” Rule

This rule can apply to both the messenger and Smart Apps. See the descriptions of the rule fields and their actions below.

This rule already automatically includes the “Forwarding/sharing/saving attachments to device memory is not allowed” rule, as it prevents downloading a file from the server.

“Forwarding/sharing/saving attachments to device memory is not allowed” Rule

Disable forwarding of messages with attachments in the app — this setting (since version 3.49) additionally prohibits forwarding attachments not only to other applications but also within the app itself.

“Recipients are not allowed to download attachments from cts users”

• internal contour — a user in the CDTN contour from the same server;
• trusted contour — a user in the CDTN contour from a trusted server.

Sender and Recipient

• the sender is a user from the group for which this rule is configured. The prohibition will apply to attachments sent by users of this group.
• the recipient is a user who meets the criteria specified in the rule.

Mandatory Rule Fields

• Select contour
• Select the users for whom the action will be restricted

Instant Action of the Restriction

Contour and Role Model Rules Comparison

• with a prohibition via the CDTN contour using the Corporate files can read field, the attachment will be available to the recipient under these conditions — the contour is disabled, but the IP mask is filled in, and the user is within this network;
• with a prohibition via the role model (with contour restriction), the attachment will be unavailable to the recipient under these conditions.

“Require pin” Rule

This role model rule adds a mandatory requirement to create a PIN code for the app additional protection. The rule applies only to iOS, Android, and the desktop app.

When Does the Rule Trigger?

• A user logging into the app will see a screen for creating a mandatory PIN code, which cannot be skipped:

  Platform	Action
  iOS	Immediately after authentication.
  Android and Desktop	Upon the next app launch.

• A user already logged into the app will see the mandatory PIN creation screen upon app restart, reconnecting to the network on all platforms, or after a post-check (where rules are re-requested, and the user receives all applicable rules).

How Does the Rule Work in Client Apps?

I Switched the Rule, but Nothing Happened. Why?

Enabling or disabling the “Require pin” rule or the role model itself may not immediately show or hide the PIN creation screen, but only after restarting the app or reconnecting to the network. This behavior is more common on Android and less frequent on iOS — for example, when disabling the rule.

How to Set the Time After Which Auto-Lock by PIN Code Will Be Activated?

In the desktop app, the auto-lock timeout for entering a PIN code cannot be set, so such a setting is currently unavailable in the role model.

In mobile apps, auto-lock occurs by default after 5 minutes, and this time can be changed in the app settings. However, on Android, if the user has already set a different auto-lock time, it will be preserved — the user can change it at any time.

❓Related Topics:
• What to Do If You Forgot Your PIN Code

Configuring Smart Apps Visibility in the Smart Apps Catalog

Currently, this is the only rule that is configured not in the Role Model section but in the bot or Smart App settings under “Bots”.

What Is Required for the Rule to Work?

For the rule to work:

• Activate the role model.
• Use the default standard catalog: in the admin panel, open the SmartApps > Display in main menu > APP_ID > Default catalog section.

How to Restrict Smart App Visibility?

To configure Smart App visibility in the Smart Apps catalog in the app:

1. In the admin panel, go to the “Bots” section.
2. Click the pencil button next to the desired Smart App.
3. Specify the desired Availability: for all users or specific user groups. If specific groups are selected, the Smart App will only appear in the catalog for users from these groups. In the Contacts section, it will remain available to everyone regardless of the settings.
4. Save the changes.

Rule Operation Example

The impact of availability settings using the Calendar SmartApp as an example:

Forbid Clipboard Usage in Application

This rule can apply to both the messenger and Smart App. Available since 3.46 version.

If enabled:

• Disables the use of the device's clipboard while the app is open: forbids copying message text, pasting text, copying text when viewing documents, etc. Copying and pasting within the message field is still available BEFORE the message is sent.
• The Copy/Paste context menu buttons are hidden; pressing the keyboard shortcuts for copy/paste has no effect.

If the Branded Build of the App for ETS Also Has a Clipboard Restriction, How Do They Interact?

• If a restriction is configured in the role model, use it;
• If a restriction is not configured in the role model, the built-in restriction from the ETS app build is used (if available).

Forbid Screenshot Creation

This rule applies to both messenger and Smart App — cannot apply separated. Available since 3.46 version.

If enabled:

• Disables the ability to take screenshots while the app is active (does not work when the focus is on another window or application).
• The area of the client app that is not in focus turns black.

The Rule Is Enabled. Why Can Screenshots Still Be Taken in the Web App?

⚠️ It is technically impossible to block screenshots in the web app, so this restriction does not work there.

If the Branded Build of the Application for ETS Also Has a Screenshot Restriction, How Do They Interact?

• If a restriction is configured in the role model, use it;
• If a restriction is not configured in the role model, the built-in restriction from the ETS app build is used (if available).

This section of the admin panel is used to create user groups that will be subject to the role model rules.

Creating a User Group

Adding Users to a Group

Field Descriptions

How to Create a Group with All Users?

This section collects information about call and conference ratings submitted by users. The list can be filtered using dropdown menus, date pickers, and the search field at the top.

❓Related Topics:
• User ratings

This section is only available on CTS and ECTS.

It allows you to view and manage the call and conference recording processing queue. The queue can be filtered using the status dropdown and the search field at the top.

Recording Properties

The recording page includes a button to resend the recording for transcoding and information about the recording start, readiness, and participant media streams.

Did the Recording Fail to Arrive or Did Transcoding End with an Error?

This section is available only for ETS and RTS.

This section contains a list of all SMS messages with confirmation codes requested and received by users. The confirmation codes themselves are not displayed here. For SMS statuses on RTS, check with eXpress support, and for SMS statuses on ETS, check with the connected SMS provider’s support.

SMS Status Codes

❓Related Topics:
• Error After Requesting an SMS Code | SMS Code Is Incorrect or Not Received

Configuring Administrator Connections from Active Directory

This section is only available for CTS and ECTS.

AD Synchronization

When creating an AD-synchronized administrator group, in the LDAP Group field, specify not the full path but the value of the cn attribute from AD.

In this section, you can enable user connection tracking by selecting the Track users connects/disconnects checkbox and configure sending audit event information to a third-party SIEM system.

Here, the administrator can enable and configure the global chat on the current server. The global chat enabled in the CTS settings will be available only to users of this CTS, while the global chat enabled in the ETS settings will be visible to all users of corporate servers connected to the ETS.

Global Chat Setup

1. Enable the server’s global chat by selecting the Enabled checkbox, then specify the name, avatar, and description. If this is an ETS and you need to hide the federated eXpress global chat, clear the RTS global checkbox.
2. Click the Save button. The global chat will appear for users of the current corporate server or for users of all corporate servers connected to the ETS.
3. In the Internal Bots section, enable the Notifications bot: click the pencil button next to it and select the Enabled checkbox.
4. Add the Notifications bot to the list in the Global Bots subsection: select Add Bot to Global Chat and click the plus button next to Notifications bot.
5. Add the user who should send messages to the global chat as a bot administrator: in the Internal Bots section, click the gear button next to Notifications bot and select Add bot admins.

Sending a Message to the Global Chat

The user assigned as the bot administrator can find instructions for sending messages to the global chat here.

Multiple Global Chats

Users may see two global chats in their chat list: one from the current CTS and another from the RTS or ETS. The first is configured in the CTS admin panel, while the second is managed in the RTS admin panel (controlled by the eXpress team) or the ETS admin panel.

In this section, you can specify your custom host for chat and call invitation links instead of the default one, as well as configure the minimum access level to the custom host (otherwise the xlnk.ms is used):

What is the xlnk.ms?

It is the default link host xlnk.ms owned by eXpress, which is located in a Russian data center.

Guests on the Current Server

Enable the Generate links for guest users to this server option, and guest users who receive new links will connect via this corporate server instead of RTS from now on.

I Switched Guests to My Server. Will Previous Links Be Redirected?

If a guest uses an old link created before enabling this setting, they will connect via RTS.

Connecting the push notification mechanism for various platforms: Android, web browsers, Huawei, iOS. This section is only available for ETS and RTS, as these servers are responsible for handling push notifications.

For configuration details, refer to the Administrator Documentation.

Contour

This group of settings is available only on CTS or ECTS. Here you can configure which IP addresses are considered part of the internal contour of the corporate data transmission network (CDTN), as well as define file handling permissions for users within the internal contour.

How to Configure Networks Recognized as CDTN Perimeter?

Specify corporate networks/IPs considered as secure corporate network perimeter — corporate data transmission network (CDTN) perimeter (“contour”). Client device requests will be verified against this perimeter when required.

1. Add subnet IP addresses with masks using /, separating values with commas. Example: 192.168.0.0/24, 10.129.0.0/16.
   You can even specify an exact external provider IP with /32 mask — this IP will also be considered part of the perimeter. Recommended for testing only. Example: 55.66.77.88/32.
   Check your provider-assigned IP on these sites:

   • 2ip.ru
   • Google — search “what is my ip”.
2. Optionally set file transfer permissions relative to the perimeter. Note these will combine with existing role model restrictions.
3. Check the Enabled box and click Save.

How Is Role Model Related to CDTN Perimeter?

Note how the role model operation depends on the contour settings.

CDTN Perimeter Parameters

CDTN Contour and End-to-End Encryption

When selecting the Trust or Local parameters, users within the CDTN cannot send files to open chats or chats with end-to-end encryption disabled. When selecting Any or Corporate, sending is possible (starting from server software version 2.9).

File Service Retention

This section allows you to configure automatic deletion of certain file categories from the server after a specified number of days.

Files Sent from Another Server

Note that the File Retention feature activated on the server also applies to files sent by users from other servers. This is because chats and files are uploaded from there to the current server, where automatic deletion will take effect after specific time left.

Proxying

Proxying settings for static content delivery to public clients: the ability to download a file via File Service instead of a redirect link to S3.

This section and its subsections are available only for CTS and ECTS. Click Save to apply changes.

CTS-Only Registration

User Contact Management

Corporate Data Visibility in Unauthorized Zone

Registration Methods

Select the registration and authentication method for the corporate server: E-mail, NTLM (Active Directory), or OpenID (KeyCloak). Only one method can be selected.

Checking the Current Authentication Method

The current corporate server authentication method can be checked not only in the admin panel but also by entering the following URL in a browser: https://the_server_FQDN/api/v2/ad_integration/register_methods. The response will indicate: "register_methods":["current_authentication_type"]}.

Synchronization Settings

This section configures the synchronization of the app with Active Directory.

Connection Parameters

Logout Settings

Authorization Method

Choose between a simplified (matching by email domain) and a full authentication method.

Attribute Mapping

Define which user attributes from AD will be used in the messenger profiles.

For proper operation, ensure the attribute case matches the LDAP records.

Manage Settings

Additional Questions

The Account from AD Did Not Appear in the User List. What to Do?

If an account from AD does not appear in the Users section of the admin panel:

1. Wait for synchronization or force it manually.
2. Check in AD: account status, password expiration, and other restrictions.
3. Perform a test LDAP query (e.g., ldapsearch) to verify the sync filter.

What Are the Requirements for User Avatars in AD?

E-mail Registration Settings

How to Enable User Self-Registration?

1. For self-registration to work, you must add an email-to-server match record (suggest):

   • Via eXpress support (for eXpress app users)
   • Manually by the administrator on ETS (when using a branded ETS app)
2. Enter the mask — users now can register automatically if their email corresponds to the mask, even without prior account creation on the server.

How to Specify Multiple Email Domains?

How to Disable User Self-Registration?

What Happens If a User Enters an Email of an Already Existing Account?

⚠️ If a user self-registers with an email address that already has an account in CTS, a duplicate account will be created. Users are created with email in the name, you will need to edit the name afterward manually in the “Users” section.

This section configures synchronization with OpenID (Keycloak/Blitz).

OpenID Provider

• Keycloak version below 17
• Keycloak version 17 and above
• Blitz.

Connection Parameters

Logout Settings

Device Authorization Method

Selected method for the QR code authentication.

Attribute Mapping

Define which user attributes from OpenID will be used in user profiles.

This section configures who can view corporate user fields. It is only available for CTS and ECTS.

The visibility of corporate profile fields is configured individually for specific user groups:

• nobody;
• all users;
• corporate users only;
• only users of trusted servers;
• only users of your corporate server.

How to hide the “Public Name” Field?

The Public name field cannot be hidden, but in the Active Directory or OpenID section, you can configure which attribute will be loaded into this field.

How to Remove the Internal SIP Number in User Profiles?

This section configures sending greetings to new users and verification code messages via email.

Specify the following details:

• Application name;
• Sender address;
• Authentication details for the outgoing mail server;
• Connection security;
• Send emails with current settings or RTS settings.

Sending Test Email

There is a field nearby to test sending an email message.

This section allows you to configure the welcome email with instructions sent to users.

Sending Test Email

Nearby is a field for test-sending the message.

How to Attach Images?

You can attach images to the email using a dedicated button, not via clipboard.

The Email Has no Images Visible via the Outlook. Why?

Microsoft Outlook disables automatic image loading by default. To load all images, click the “To download pictures, click this link” prompt in the email header.

This subsection configures the email sent to users whose corporate account has been blocked in the synced directory.

Sending Test Email

Nearby is a field for test-sending the message.

This section configures calls, in-app conferences, and integrations with third-party systems: Vinteo, SIP telephony.

Janus Instances & Janus load

Configures the ability to use multiple Janus servers.

VoEx

Configures calls and conferences in the app.

Detailed setup instructions are available in the administrator documentation.

How to Configure the Retention Period for Call and Conference Recordings?

The retention period for processed recordings (in days) is configured in the File Service section. To configure the retention period for unprocessed recordings, use a special flag in the configuration file. For details, contact eXpress support.

Centralized Call Settings Management

These settings allow you to set predefined quality settings for all server users in calls and conferences. For example, you can forcibly reduce the quality for all users if the organization's network channel has low bandwidth.

User Ratings

❓Related Topics:
• Call Ratings
• Calls
• Conferences

Third-Party Integrations

The Links Settings, Vinteo, and SIP groups configure integrations with third-party calling systems. See the administrator documentation.