Admin FAQs

What types of sync modes do Onna’s retention policies work with?

Retention policies can be set for each type of integration in Onna. These retention policies are set globally at an account level through options only available to admins on an account. Retention policies work with all sync modes: one time sync, auto sync and archive. Learn more about retention policies in Onna in the help center.

What happens to the children of a file impacted by a retention policy?

If the file has children (attachment, image, etc…) Onna will not separate them. The children will be deleted only when the parent is.

I did not enable two-step verification - how do I disable it?

If you're suddenly being told to set up two-step verification when logging into Onna, It may be the case that your organization's admin has required two-step verification. If this is the case you will need to follow the instructions for enabling two-step verification. Contact your organization's admin for more details.

If your organization's admin did not require two-step verification, you can find the instructions for disabling in our Help Center.

Why am I now receiving 403 errors after I was able to log into Onna via SSO ?

Users may encounter an issue where they see a 403 error when accessing Onna but were previously able to log into Onna via SSO. The 403 error may occur if you have Google as your IdP and are logged in to just one Google account in Chrome but not the one tied to your SSO account in Onna. To address the issue the user will need to login to the appropriate Google account that is tied to Onna.

'SAML configuration update failed' message

If you receive this error message when configuring SAML 2.0 for Okta, confirm the identity provider name provided in Onna.

Here is an example of how the IdP ID / IdPName should look: acmecorp-okta

Does Onna Support SCIM?

We support SSO and parts of SCIM. By default, we will create a user who attempts to login via SSO if that user is provisioned in your IdP. If that user is de-provisioned for Onna in your IdP, then they will not be able to sign in, but we will not know to disable the account in Onna. The auto-creation of a provisioned account can also be disabled in Onna, but currently only by our team. Please contact support if you need to disable a provisioned account.

When an admin or source owner leaves a company, what is the process for ensuring the data remains in Onna?

If an admin or source leaves a company, we suggest locking the user from the user management page within Onna and sharing the source/workspace with the required users.

Please note that if the creator of the source is now locked, the source will be blocked from mirroring Slack retention policies or matching retention policies in Onna.

What are Smart Alerts?

Smart alerts allow you to receive notifications or label documents whenever you get a match for search criteria. You'll receive an alert when new data that matches your set criteria is added to your account.

Can Smart Alerts be shared?

Smart alerts cannot be shared, and smart alert recipients must be granted access to review the alerted resources. In addition, you must share the data sources or workspaces where the resources are located with the recipients so they can view them.

Can you add multiple emails in smart alerts?

Currently, only one email can be notified in a smart alert. If you would like smart alerts sent to multiple emails, your options include the following:

• Creating multiple smart alerts within Onna

• Using a distribution email list within your email provider

If adding multiple emails to a smart alert would impact your organization, please submit a product request to your Customer Success representative or email [email protected].

Learn more in the article Creating Smart Alerts.

Can API access to activity logs be granted?

You can use Python on Linux or macOS to export activity logs from Onna as a JSON file.

You can run the script with your user account or as a service account.

A service account is recommended if you plan to run it recurrently or unattended.

Please get in touch with support for assistance with setting up a service account.

Requirements

• The same Python version used by Onna Enterprise. Currently 3.8

• Python Virtual Environment (venv), included with Python 3.8

• Python Package Installer (pip)

Setup the virtual environment

1. Create a directory for your virtual environment, start the virtual environment, and then activate
    
   

2. Download the requirements file
    
   

3. Install the dependencies
    
   

4. Download the sample script

5. To see the script's arguments, run: ./venv/bin/python auditlogs.py --help
    
   Where:

   • USERNAME is your account email

   • PASSWORD is your account password

   • ACCOUNT is your account name

   • ACCOUNT_URL is your account URL. For example, https://enterprise.onna.com/ACMECORP

   • FROM_DATE is the start date of the logs to export. Use the format "MM/DD/YYYY"

   • TO_DATE is the end date of the logs to export. Use the format "MM/DD/YYYY"

   • FNAME is the name of the file. It will be saved as a JSON file in your /tmp folder

   • CONTAINER is the name of your account. For more info, see the glossary.

   • SIZE is the number of items downloaded for each batch

6. Run the script. For example:
    

After running the script, remember to deactivate your virtual environment by typing deactivate in your shell.

The result

The snippet of the result will look similar to the output below:

What is a temporary user account?

Have you discovered a mysterious user in your Onna account following this naming convention: temporary{account_name}_{user_num}@onna.com?

If so, this is a temporary user account, enabling our support team to perform troubleshooting within your Onna instance. Temporary user accounts typically expire within a few hours, which may necessitate the creation of multiple accounts by a support member to troubleshoot an issue. Only Onna support members (and PSO staff if required for specific projects) can generate such accounts.

If you have any questions regarding the activities conducted by these accounts, please feel free to reach out to our support team.

What are common role setups for IT and Non-IT departments?

• IT are Admins; Users are Members with different permissions across workspaces

  
  

  In this setup, the IT team is assigned Admin(s) roles and the users (ex: Legal team) are Members. Only the IT team can manage user roles, but Members can be assigned certain permissions to optimize workflows. For example, IT can create the initial workspace(s) and sources (ex: setup the “full-mirrored sync” or “Archive” for Slack), but share the appropriate Authorized Connections with Members so they can create new workspaces and sources. This configuration enables the non-IT team to create an on-demand custodian collection, for example, without requiring them to ask an Admin to do so on their behalf. We recommend enabling “Create Preservation” and “Manage custom fields” for Members as well so they can implement legal holds in Onna and/or use custom fields. If the Admins will be creating multiple workspaces, we also recommend saving the workspace setup as a template.
  
  The Admins (IT team) can also assign more restrictive workspace permissions to the “Archive” workspace while allowing more permissions for workspaces the legal team creates on their own (on-demand collections). To do so, the Admin who creates the initial workspaces should assign “Edit” permissions to the Members who will have access to the workspace. These permissions will enable them to add or manage sources in the workspace, edit tags and custom fields and export from the workspace, but will not permit them to manage members in the workspace or delete the workspace.
  

• eDiscovery team are Admins; Outside counsel are Guests with different permissions across workspaces

  
  

  Some customers prefer end users (Ex: LegalOps or eDiscovery team) to be more self-sufficient, assigning them “Admin” roles and sharing Authorized Connections to any application from which the users will be regularly collecting. Customers with LegalOps or eDiscovery teams have increasingly found ways to reduce costs by using Onna for Early Case Assessment (ECA). and have granted access to attorneys (both in-house and outside counsel) to take a first pass at reviewing documents in Onna, which reduces the number of documents required to be processed in a review platform. To do this, Admins add reviewing attorneys as Members and restrict their access to either certain workspaces or Preservations (if leveraging a full-mirrored sync). The reviewing attorneys can also be added with “Edit” permissions (allowing them to edit tags, custom fields, and sources). Some customers may prefer to add in-house counsel as “Members” but assign outside counsel “Guest” accounts, which have view-only permissions to workspaces/preservations shared with them.

Learn more about roles and permissions in the article “Managing Users, Roles, and Special Permissions in Onna.”

Who should create collections in the eDiscovery workflow?

Option 1: Having IT/Technical team own collection creation

• Pro: Sensitive company and employee-generated data is kept within the team most likely maintaining that data. Since the IT team usually has ownership of third-party software and would likely also set up authorized connections to Onna connectors, this option streamlines the collection process in Onna.

• Con: The legal team will have to relay collection parameters (e.g. custodians, channels, DMs, etc.) to the IT team to create new collections. elaying parameters may introduce unnecessary data or exclude necessary data. This workflow may lead to delays, potentially incomplete collection data, and overall frustration.

Option 2? Having Legal own collection creation

• Pro: The legal team completely owns the eDiscovery process from creation to completion. The collection is created with correct parameters the first time and would likely minimize delays to the eDiscovery process, especially during tight litigation deadlines.

• Con: The company would have to give the legal team slightly more access to company and employee-generated data.

Do you have to be an Admin to enable a source in Admin Preferences? And does enabling a source apply to the person making the change or to all the Admins?

The Admin or account holder can enable a source. Once a source is enabled it applies to every user in your Onna platform, including