Administrators can manage user accounts for all domains configured in Email Gateway Defense from the Users tab, including:
- Manually add or delete users;
- Set a user as domain administrator to select domains;
- Set user role;
- Log in as a user;
- Set notification status for account and domain administrators;
- Set default email scanning policies for managed and unmanaged users;
- Enable user quarantine and quarantine notification interval;
- Set the default time zone for all users;
- Change user account passwords and settings.
Default User Settings
Configure default scan/block/allow policies for both Managed Users and Unmanaged Users on the Users > Default Policy page:
- Managed Users – Users configured either manually or by synchronizing through user authentication via LDAP or Azure AD. Managed Users display in the Users > Users List page.
- Unmanaged Users – All email senders and recipients for the configured domains, but who are not in your users list for some reason.
These settings apply to all domains verified in Email Gateway Defense for processing email unless you change these settings for a specific domain. In that case, the domain-level settings override the global system settings.
- Exempt Senders – Specify whether users can exempt messages from a specific email address or domain on the Settings > Sender Policy page.
- Allow users to exempt senders – Users can exempt senders, and user exemptions override account and domain admin block lists.
- Allow users to exempt senders but do not override admin block lists – Users can exempt senders, but account and domain admin block lists take precedence over user exemptions.
- Do not allow users to exempt senders – Users cannot exempt senders.
- Allow users to block senders – Specify whether users can block messages from a specific email address or domain on the Settings > Sender Policy page.
- Yes – Users can block messages from a specific email address or domain.
- No – Users cannot block messages from a specific email address or domain, and the Block option is not available in the message log.
- Allow end users to view and deliver blocked messages – Specify whether users can view and deliver blocked messages from their message log.
- Yes – Users can view and deliver blocked messages from their message log, except messages blocked for Antivirus or Advanced Threat Protection.
- No – Users cannot view, deliver, allow, or download blocked messages from their message log.
- Allow end users to view and deliver quarantined messages – Specify whether users can view and deliver quarantined messages from their message log.
- Yes – Users can view and deliver quarantined messages from their message log.
- No – Users cannot view, deliver, allow, or download quarantined messages from their message log.
Add or Update Users
From the Users > Add/Update Users page, you can:
Manually create or update user accounts – When Notify New Users is set to Yes, Email Gateway Defense sends a welcome email once the account is created. The email states that the user has a new quarantine account and includes a link to log in to change their password or review account settings. Note that the link will expire in 7 days.
Once the user receives their first quarantined email in their quarantine inbox (Message Log), a second email is generated as the first quarantine notification. This email is only generated if there is a notification interval set and the recipient has received at least one message marked with the Action Quarantine.
- Enable User Quarantine – When set to Yes, Email Gateway Defense sends a notification that the user has quarantined messages. Set a predefined notification interval or allow users to override this setting and configure their own notification interval on the Users > Quarantine Notification page.
The quarantine digest (summary) is sent when new quarantined mail is saved in the user's account (inbox) since the last notification cycle. The quarantine notification service runs daily for all users. If there is no new quarantined mail for a user since the last notification interval, no quarantine digest is generated to that user for the same 24-hour period.
The quarantine digest includes a link to the user's account valid for seven days, otherwise the user can manually log in to access their account: https://ess.barracudanetworks.com
Edit or Delete Users
From the Users > Users List page, you can:
- View or Edit a particular user's settings.
- View a user's Message Log. Click Log in to the right of the account name to log in as that user.
- Delete an individual user, or delete all users.
- Reset the user password. Clicking this link means that Email Gateway Defense sends an email to the user with a link, requesting that the user change his or her password.
You can see the number of current users above the Users List if you remove any search filters.
User Account Features
Users can view their quarantine inbox (Message Log) and set account preferences. Available settings are dependent upon administrator settings.
- Modify individual settings for quarantine notification reports.
- Deliver or delete quarantined messages.
- Change password.
- Use the current account as an alias to link accounts. From the Settings > Linked Accounts page, the user can add additional email addresses they may have in the same domain for which quarantined email should be forwarded to this account.
- Create exempt and block lists for email addresses, users, and domains.
The Email Gateway Defense User Guide explains how users can manage their accounts, and is designed to be handed out to users.
Select LDAP or Azure AD for user login authentication on the Domains > Domain Settings page for each domain you have configured in Email Gateway Defense:
- LDAP – Configure LDAP authentication via your organization's LDAP servers for this domain.
- Azure AD – Configure user authentication via your organization's Azure AD service for this domain.
The service can use your user authentication to create new accounts, recipient verification, and for authenticating users. For more information, see:
Automatically Add Users
Use the Directory Services section on the Domains > Domain Settings page to set up either Azure AD or LDAP directory services to enable single sign on and synchronization of users lists.