Security settings in Collaborate

Below is more information on what each option within the Security screen does:

• Make bidder site - Use this setting for any scenario where multiple parties need access but should not be aware of each others' existence, for example, multiple bidders in an auction. Once selected, a site administrator can tag organisations as bidders and manage the bidders on two additional administrative pages that are displayed via User permissions > Manage organisations and User permissions > Data room team

• Restrict site to internal users - If you choose this option, any external users to the site will be suspended. Select the checkbox to restrict the site to internal users. A message will be displayed: 

Click Yes, any external users to your organisation will be suspended from accessing the site as shown in the image below:

When this setting is used only internal users or groups can be added to the site. Once the setting to restrict the site has been lifted, any external users or groups can then be added. 

• Use groups for permissioning - Use this setting to select whether to use user or group-based permissions within the site. If this checkbox is not selected, access to site content will be determined on a user-by-user basis. If this checkbox is selected (which is the default setting), then users must be assigned to at least one security group in order to access any site content.
  A user can belong to more than one security group and it is recommended that group-based security is applied. With group-based security, each user will inherit the access rights that have been granted to the security group(s) of which they are a member. 
  If this setting is changed after users have been added to the site, all previously configured site permissions will be removed. Therefore it is important to choose the appropriate security model when the site is first created and a warning message will be displayed. Please consider carefully when changing the site security model.
  If it is determined to be absolutely necessary to change the security model, change the site status to Preparation and then reconfigure the permissions. That way, site users will not have access to content they should not see while permissions are changed.
• Display site label - This can be used to add a further name to the site for example 'Confidential'. 

Select the Display site label checkbox and a new field will be displayed where you can add a site label:

Save your changes and click Home. Your site will now be displayed in the list with its new site label. 

• Authenticated RSS Feeds - The site's RSS feeds contain summary information about site activity using the standard RSS format and they can be accessed using an RSS reader, outside of the Collaborate website.
  To access the link for an RSS feed, go to one of the modules that supports RSS (Activity, Tasks, Blog and Events), right-click on the RSS icon and copy the RSS link.

Each module has a unique RSS feed, with Activity summarizing all of them.

This administrative setting determines whether a user must authenticate themselves in order to access the RSS feeds. If authentication is required, then a user's Collaborate username (email address) and password must be entered into the RSS reader. (Not all RSS readers support authentication.)
If authentication is not required, then the only thing required to access the RSS feed is the link itself. Whether or not authentication is required, a user accessing the RSS feed will have access only to the same content they can see on the Collaborate website. This limitation is enforced because each user on each site is given a unique link to every RSS feed. If no authentication is required and a site user shares their unique RSS link with a third party, then that third party will have access to the same RSS information as the user. If the user sharing the RSS feed is the Site Administrator, the third party will have access to ALL site content available via RSS.
It is recommended that authentication be required for all RSS feeds, unless the information in a particular site is not considered sensitive. This option is only available in Security if switched on by HighQ Support.  

• Hide this site in HighQ Drive and Office Plugin - If this checkbox is selected, this site will not be visible in HighQ Drive and Office Plugin
• Enable advanced Site Admin options - If this setting is enabled, then site administrators will have access to every administrative page for the site. If unchecked, site administrators will only have access to the iSheet, User permissions, Q&A and Reporting administrative pages, and a System Administrator will need to administer the other features of the site. This setting is typically enabled.
• Enable site password - This setting provides the option to add an extra layer of security for particularly sensitive sites. Once enabled, every user - even site and system administrators - will need to enter the extra password each time they try to access the site. If the password is lost, the only way to reset it is to ask a system administrator to contact HighQ to have the password reset. To enable this setting, check the box and enter a password in the Password field.
  The password must be at least 8 characters, and have one upper case character, one lower case character, and one digit. (The same requirements for the regular Collaborate password.)
  An Administrator should not use their Collaborate password in this field. Once entered here, the password will not be displayed, but it can be changed or disabled at any time by deselecting the checkbox. The extra password will need to be separately distributed to site users, preferably in a secure matter, such as by telephone.
• Enable two-factor authentication - Select this checkbox to enable two-factor authentication. A confirmation window will display advising that you will have to enter a passcode for the session if you haven't already. Users who have entered a passcode at system level will not be required to enter another at the site level. 

• Enable IP address restrictions - This setting provides the option of adding an extra layer of security for particularly sensitive matters. Once enabled, only users attempting to access the site from one of the listed IP addresses can access the site. This restriction applies to both internal and external users.
  To enable this setting, check the box and enter one or more IP addresses in the Enter IP address field, separated by commas.
  To add a range of IP addresses click on the Add IP range link. The Add IP range link opens a window for you to enter the From and To IP addresses. Click Add to save your changes. If your IP address is not added to the list, you will lose access to the site. 
• Microsoft Azure AI translation enabled - Please see this page for further information on how to set this up.