|CollabSpaces are the ideal way to share and collaborate on documents stored in NetDocuments with people outside your firm, whether clients or other third parties.
Discover how to share your documents using and administering CollabSpaces.
Note: CollabSpaces are compatible with ndOffice 2.6, not earlier versions of ndOffice. ndOffice 2.6 will be released soon. You can perform all actions with documents in CollabSpaces using NetDocuments for Web.
To have CollabSpaces enabled in your repository, reach out to your Customer Success Manager (if one has been assigned to you) or to the NetDocuments Support Team.
- Enable CollabSpaces
- CollabSpaces Repository Configuration
- Configure CollabSpaces for a Cabinet
- Manage CollabSpaces, External Users, and External Groups
- Consolidated Activity Log Entries
How to Enable CollabSpaces
CollabSpaces do not appear by default in any repository but must be enabled by NetDocuments.
CollabSpaces Repository Configuration
Exceptions to Advanced Authentication Options
Before enabling CollabSpaces in any cabinet, determine whether your repository uses an additional security measure, such as restricting access from certain IP ranges (in other words, IP whitelisting), which is done from the Advanced Authentication Options page. However, this type of restriction would likely bar external users from accessing your repository and accessing content shared with them via CollabSpaces, because external users will not be accessing NetDocuments from inside the permitted IP range (or will not satisfy any similar restrictions). To allow external users to use CollabSpaces while still enforcing these restrictions on internal users, an exception to these restrictions can be applied solely to external users. To apply this external user exception, select the Exclude external users from requirements check box on the Advanced Authentication Options page:
External users will have access only to the limited amount content to which they have been explicitly added.
Support the Creation of External Groups and Users
One of the primary benefits of CollabSpaces is the option to delegate to everyday internal users the ability to create external groups and create and add external users to those groups, without administrative assistance. (These are referred to as CollabSpace Groups.)
However, you can create CollabSpace Groups only if the repository is configured to allow the creation of external groups at the cabinet level.
Therefore, it is strongly recommended for Repository Administrators to select the Cabinet administrators can create external groups in the cabinet and add external members to those groups and the repository check box on the Users & Groups page:
If this setting is disabled, a red warning appears on the Cabinet Administration page next to the CollabSpaces setting:
After this Repository-level setting is enabled, an internal user can create CollabSpaces Groups and create external users to add to those groups in that cabinet ONLY if the internal user has been given VESA rights to a specific CollabSpace. If you do not want any regular internal users to be able to create external users and groups, then do not give regular internal users VESA rights to those CollabSpaces.
Configure CollabSpaces for a Cabinet
- Impact of Enabling CollabSpaces in a Cabinet
- Impact of Enabling CollabSpaces on ShareSpaces
- Enable CollabSpaces in a Cabinet
- Configure CollabSpaces
- Display the CollabSpaces Tab
- Permit Multi-Document Downloads
- Restrict External Access to History
Impact of Enabling CollabSpaces in a Cabinet
Enabling CollabSpaces in a cabinet means that all external document sharing in that cabinet will happen inside CollabSpaces (with the exception of ShareSpaces, as noted below). Therefore, to share a document, it must be added to a CollabSpace. This principle is embodied by the fact that external groups in a CollabSpace-enabled cabinet can have more than No Default Access rights to the cabinet. In addition, workspaces in a CollabSpace-enabled cabinet will not be visible to external users; external users will have access only to the CollabSpaces.
There are a few exceptions to this rule about external access rights to the content in the cabinet:
- If CollabSpaces have been enabled in a cabinet, secured links can still be created for documents in that cabinet. Secured links are a one-way, read-only, and ad hoc method of sharing individual documents, and they typically have an expiration date.
- If any content was shared externally at the time CollabSpaces were enabled in a cabinet, the external access rights to that content would not be changed. However, it will not be possible to modify the access rights of that content to add more external access.
- Profile-Based Security (PBS) is not directly impacted and external access can still be granted to workspaces and workspace content via PBS, although the ability of external users to navigate to content in the cabinet will be impinged.
- Existing ShareSpaces will continue to work as before and access to ShareSpaces can be given to ShareSpace Personal Contacts and any external groups that have access to the cabinet (other than CollabSpace groups).
In addition, unlike ShareSpaces, only true external users can be given access to CollabSpaces. There is no concept of a CollabSpace Personal Contact. Restricting access to true external users means that administrators have full control over the external users, including which groups these external users are members of. These creation of external users are subject to any limitation on the number of external users a client has licensed.
If you have given external users access to a cabinet where CollabSpaces are intended to be enabled, consider the impact that enabling CollabSpaces will have on them before enabling CollabSpaces. Determine a strategy for migrating the currently shared content and external users and groups to CollabSpaces.
Impact of Enabling CollabSpaces on ShareSpaces
Enabling CollabSpaces in a cabinet, by itself, has no impact on existing ShareSpaces in that cabinet or in other cabinets. ShareSpaces may remain enabled after CollabSpaces are introduced. However, one of the primary benefits of CollabSpaces is the control and transparency it provides over external document sharing. If ShareSpaces continue to be enabled, that will undermine the benefits of CollabSpaces.
If both ShareSpaces and CollabSpaces are enabled at the same time and a user selects documents in a CollabSpace-enabled cabinet and selects Share Externally, the assumption is that the user wants to share the documents to a CollabSpace, not to a ShareSpace, and the Share Externally dialog box will list only CollabSpaces in that cabinet as possible destinations for those documents. To add documents to an existing ShareSpace, select Move/Copy or drag documents.
With or without CollabSpaces enabled, if ShareSpaces are disabled at the repository level, then new ShareSpaces can no longer be created in that repository and additional users and groups cannot be given access to existing ShareSpaces. Further, if ShareSpaces are disabled at the repository level and CollabSpaces are enabled in a cabinet, then for any ShareSpaces in that cabinet, no additional documents can be added. In other words, after ShareSpaces are disabled, existing ShareSpaces in a CollabSpace-enabled cabinet will be static. That means neither new content nor the content already added to the ShareSpaces can be shared with anyone else. That will make CollabSpaces the sole mechanism for sharing new content externally in the cabinet.
Enable CollabSpaces in a Cabinet
By default, CollabSpaces are disabled in every cabinet in a repository. CollabSpaces must be enabled per cabinet by a Cabinet Administrator. Also, CollabSpaces work only with workspaces; therefore, there is no reason to enable CollabSpaces in a cabinet that is not configured to use workspaces.
To enable CollabSpaces in a cabinet, go to Cabinet Administration, and under Allow CollabSpaces to be created in this cabinet, select the Only in workspaces option.
If this setting is absent, then contact NetDocuments to have CollabSpaces enabled in your repository.
After you enable CollabSpaces, a confirmation prompt appears:
The changes mentioned in that prompt will not take effect until you select Submit at the bottom of the Cabinet Administration page.
Because one of the main principles of CollabSpaces is that CollabSpaces become the sole mechanism for sharing content externally in a cabinet where they have been enabled, external groups are not permitted to have more than No Default Access to a cabinet where CollabSpaces are enabled. Therefore, if there are any external groups – created either at the repository level or in the cabinet – that are currently given more than No Default Access to the cabinet, you must first reduce the access of those groups to No Default Access. (It is already a NetDocuments best practice for external groups to be limited to No Default Access rights to a cabinet.) If, after enabling CollabSpaces and submitting the page, you see an error message like this:
It is likely because one or more external groups have been given greater than No Default Access rights to the cabinet. To fix this, identify those groups and reduce their rights to the cabinet to No Default Access. If you do not see any external groups with greater than No Default Access, it is likely those group are configured to be hidden, so make sure to check the box to display hidden groups:
Delegate the Creation of CollabSpaces
At the time CollabSpaces are enabled in a cabinet, the Cabinet Administrator alone will have the right to create CollabSpaces in that cabinet. However, it is possible for the Cabinet Administrator to delegate the ability to create CollabSpace to other internal users in the cabinet, like an Extranet Team. (External users are never permitted to create CollabSpaces.)
To delegate this right to others, select an internal group of users in the Select the internal group… drop-down box (shown below) by starting to type the name of the group:
Any internal group can be selected, from the default Internal Users group that includes all internal users to a small group of administrative users dedicated to managing CollabSpaces. The internal users in the selected group will also be able to create CollabSpaces in that cabinet, subject to the following restrictions:
- Each user in that group must have access to the cabinet. Adding the group in this setting alone does not add that group to the cabinet. Therefore, either add this group to the cabinet in addition to selecting it here (giving that group No Default Access rights is sufficient) or ensure that all of the users in that group have access to the cabinet via other groups.
- In order to create a CollabSpace in any particular workspace, a user must also have VES rights to that workspace.
Therefore, for an internal user who is not a Cabinet Administrator to create CollabSpaces in a workspace, the user must both (a) have VES rights to that workspace and (b) be a member of the internal group selected in the setting above.
Route Requests to Create CollabSpaces
The other CollabSpace-specific setting that can be configured at the cabinet level involves handling requests that come from internal users to create a CollabSpace. It is possible, if not likely, that many internal users in a cabinet will not have the right to create CollabSpaces. In those circumstances, and in those workspaces, where an internal user cannot create a CollabSpace, that internal user can request that a CollabSpace be created. That request will be routed by default to all of the Cabinet Administrators for that cabinet. To route those requests to a different set of users, like a firm’s Support Desk or a designated Extranet Team, enter the email address(es) to which these requests should be routed in CollabSpace administrative email address(es):
An example of the request email is shown below (the user requesting the CollabSpace will be cc’d on this email):
That email includes the following information:
- the name of the person who requested the CollabSpace
- a link to the workspace where the CollabSpace should be added
- the name of the CollabSpace to be created
- a suggestion to give the requesting user administrative rights to the CollabSpace
The recipient of the request email can select the link, which will open the workspace to the CollabSpaces tab:
If the recipient has sufficient rights to create a new CollabSpace, they can select Add CollabSpace and create a new CollabSpace with the requested name. In the Access List dialog box that appears after the CollabSpace is created, add the user who requested the CollabSpace and give that user VESA rights to the CollabSpace to give that user the ability to manage the CollabSpace, then apply the changes:
Next, in the CollabSpace menu, select Email link to send an email to the requesting user to let them know that the CollabSpace has been created:
The email will automatically include a link to the new CollabSpace. (The email will be generated using the native email application if desktop email integration is enabled.)
Display the CollabSpaces Tab
All of the CollabSpaces in a workspace will be listed in a new CollabSpaces tab.
By default, the CollabSpaces tab does not appear in any workspace in the cabinet. There are two ways to make the CollabSpaces tab visible in a workspace.
In a workspace template, under CollabSpaces, select the Enable CollabSpaces check box.
After this change has been applied to the workspace template, any newly created workspaces based on this template will display the CollabSpaces tab, and any existing workspaces tied to that template that are later refreshed will also display the CollabSpaces tab.
Workspace Dialog Box
To enable or hide the CollabSpaces tab for an individual workspace, select Customize Workspace and then select the CollabSpaces check box.
Any user with VES rights to a workspace can access this dialog and enable CollabSpaces. Disabling the CollabSpaces tab will NOT delete any previously created CollabSpaces in that workspace, but those existing CollabSpaces will not be viewable from the workspace page. However, an existing CollabSpace can still be accessed from a link to the CollabSpace (such as a link added to the Home page), in a search result, or from the Navigation Pane where the CollabSpace appears as a child of the workspace:
Permit Multi-Document Downloads
One of the most common reasons to share content externally is to allow external users to download that content. Therefore, to make sure that is allowed, it is strongly recommended that you enable the External users are not subject to restrictions on multi-document downloads cabinet-level setting:
The alternative approach would be to give the right to perform multi-document downloads one at a tmie to every external group created in the cabinet, which will not be easy to do if most of those are CollabSpace groups created by everyday internal users who do not have access to the Cabinet Administration page.
Restrict External Access to History
The External members are allowed to access the history of objects in this cabinet cabinet-level setting governs whether any external user, regardless of their rights to content, can access the history of documents and containers in that cabinet:
Object history might contain sensitive information and will list actions performed by any user. This information typically should not be exposed to external users. By default, this option is disabled in all cabinets. It is strongly recommended to keep it disabled.
Manage CollabSpaces, External Users, and External Groups
- Search for CollabSpaces
- Access and Configure a CollabSpace
- Manage External Users and Groups
- Management of External Users and Groups by a Repository Administrator
- Best Practices for External Access to a Cabinet
After CollabSpaces have been enabled in a cabinet, these CollabSpaces can be managed in several ways by a Cabinet Administrator.
Search for CollabSpaces
On the Advanced Search page, if one or more CollabSpace-enabled cabinets are selected, a CollabSpaces Only file-extension filter appears:
Although this search filter is available to any user, a Cabinet Administrator will be able to use this filter to find any CollabSpace in their cabinet. The CollabSpaces-only search results can be refined with other search filters.
Access and Configure a CollabSpace
A Cabinet Administrator has full access to all content in a cabinet, including every CollabSpace.
A Cabinet Administrator can change the configuration of any CollabSpace, even if the Cabinet Administrator did not create the CollabSpace.
The configuration of a CollabSpace can be managed in the CollabSpace drop-down menu by the Customize, Edit Profile, and Modify Access options:
- Customize – To rename the CollabSpace, update its description and icon and change the default sort order.
- Edit profile – To change the profile values associated with the CollabSpace, which will be inherited by default when new content is added directly to it.
- Modify access – To change the access rights of the CollabSpace, including creating and modifying CollabSpace groups.
Manage External Users and Groups
By enabling CollabSpaces in a cabinet, three types of external groups can be given access to a cabinet:
- Repository-level groups. The membership and configuration of these groups are controlled by a Repository Administrator. It is a Cabinet Administrator’s choice whether to add a repository-level group to a cabinet.
- Cabinet-level groups. The membership and configuration of these groups are controlled solely by a Cabinet Administrator, which automatically have access to the cabinet.
- CollabSpace groups. The membership and configuration of these groups are controlled jointly by the everyday internal user(s) given VESA rights to the corresponding CollabSpace and by Cabinet Administrators, although typically these groups are created by every internal user.
A Cabinet Administrator has full control over cabinet-level and CollabSpace groups, including the membership of those groups, how those groups are configured and whether those groups should be removed from the cabinet. (Removing a CollabSpace group from the cabinet will delete the group entirely.)
A Cabinet Administrator can manage all of these types of groups from the Cabinet Administration page. That page lists all of the groups and indicates whether each group has been added to the cabinet:
The list also indicates the type of each group:
- Internal – A repository-level internal group
- External – A repository-level or cabinet-level external group
- CollabSpace - A CollabSpace group
In the case of a CollabSpace group, the Cabinet Administrator can hover over the word CollabSpace to determine which CollabSpace and workspace the group is associated with:
Select View Members for that group, and the Modify CollabSpace Group dialog appears. It displays the CollabSpace and workspace the group is associated with, including a link to the CollabSpace itself:
In addition, from the Cabinet Administration page a Cabinet Administrator has access to the full list of external members of the repository:
The Cabinet Administrator can select an external user and determine whether that user is a member of the cabinet (which means that the user is a member of the group added to the cabinet) and which groups the user is a member of, limited to repository-level external groups where the membership is not hidden and any cabinet or CollabSpace group in that cabinet:
For any CollabSpace group the user is a member of, the Cabinet Administrator can select the group, and then select Details to see the name of the associated CollabSpace, which will be a link to open the CollabSpace page in a new tab.
Management of External Users and Groups by a Repository Administrator
In addition, a Repository Administrator will be able to manage all external members of the repository from the Users & Groups page. In managing external users, the role of the Repository Administrator is different from the Cabinet Administrator. The Repository Administrator’s role is mostly limited to evaluating the scope of the external user’s access to the entire repository so that the Repository Administrator can decide whether or not to remove the external user from the repository. For example, the Repository Administrator can determine the last time the external user signed into NetDocuments, whether the external user is still a member of any group, which groups those are, and the type of each group.
Also, the Repository Administrator can generate a User Group report, which will list every group – repository, cabinet or CollabSpace – in the repository, the membership of each group, the type of group and whether the group is internal or external.
Best Practices for External Access to a Cabinet
When CollabSpaces are enabled in a cabinet, it is a best practice to give external access to that cabinet exclusively through CollabSpace groups, because each CollabSpace group is limited to a single CollabSpace.
Higher-level groups, like repository and cabinet groups, that are added to a cabinet increase the risk that the wrong group of external users will be given access to the wrong content. Adding repository-level external groups to a CollabSpace-enabled cabinet is rarely recommended. Use cabinet-level groups in situations where the same group of external users needs to be given access to different CollabSpaces.
In the future, a new type of cabinet-level group will be available, each of which can be added only to the CollabSpaces added to the workspaces of a single client (or the equivalent workspace attribute). Those restricted cabinet groups will have the benefit of reusability across different CollabSpaces, while at the same time mitigating the risk of the wrong group being added to the wrong CollabSpace.
Consolidated Activity Log Entries
If an action is taken on a document that would be logged to the consolidated activity log, and that document is part of a CollabSpace, then an extra attribute will be included in the corresponding consolidated activity log entry, indicating which CollabSpace the document is part of. In the XML version that log entry looks as follows:
And in the JSON version it looks as shown below: