Skip to main content

Reference articleQUICK GUIDE - Onboarding for Admins/Managers

  • Updated

QUICK GUIDE - Onboarding for Admins/Managers

Purpose

This guide provides a point-by-point checklist of the steps necessary for administrator and managers to complete their initial Tehama setup.

If you are an end-user (Staff member) - e.g.: you expect to use Tehama only to access a Desktop, so you can perform work - you are in the wrong article. See QUICK GUIDE - Onboarding for end-users.

This checklist covers the following administrator/manager Tehama setup journeys:

A. You have been invited to create an organization and an Enclave for your corporation in Tehama.

B. You have been invited to connect your corporation's network to an existing 'Enclave' owned by another corporation's Tehama organization, which may require you to create an organization for your corporation in Tehama.

C. You have been invited to join your corporation to an organization and a Enclave as a manager, by your own corporation, to help connect the Enclave or perform administration tasks in the Enclave.

D. You have been invited to join your corporation to an existing 'Enclave' owned by another corporation, which may require you to create an organization for your corporation in Tehama.

For a more detailed walk through, go through the Getting Started guides for administrators and managers, starting with the "Getting Started Overview" article, or reach out to Tehama Support.

Prerequisites

  • Mobile device (Smartphone or Tablet)

    Note: Optional, depending on the method of authentication selected for you/your organization.

  • An MFA-code generating application (currently supported app: Google Authenticator App) used to provide Multi-Factor Authentication (MFA) as part of the 'Tehama Credential with MFA' authentication method (to be installed on the mobile device).

    Note: Optional, not required if you opt to use the 'Google Credential' authentication method.

  • Tehama Client (AWS Enclave) or Windows App (Azure Enclave) Host (host for the Tehama Client in AWS Enclaves or Windows App in Azure enclave - the host device from which each Tehama user connects to their Tehama Desktops)

    Note: Each user for whom you provision a Tehama Desktop is going to need a host device from which to launch and connect to the Desktop. They must be able to install the Tehama Client or Windows App (enclave-type dependent) on this host device.

Joining Tehama

  • Invite Email:

    • Locate the invite email. It will tell you if you are joining to:
      • create a new organization, or
      • join an existing organization, or
      • connect a Enclave.
    • Click on the link it contains to proceed.

  • User Account Creation 
    (not required for users joining existing organizations with Corporate Single Sign On (SSO) enabled) 
    Create an account with one of the following two authentication methods:

    Note: Once you have created your account with one of the authentication methods, you will not be able to change your selection. 
    with the Tehama credentials with MFA authentication method:

    • Enter personal details and choose a password
    • Click Register

    or with the Google Credential authentication method:

    • Click Sign Up with Google.
    • Select (or create) a Google account that uses the email address that your invitation email was sent to.

  • Google Authenticator Setup (the currently supported MFA-code generating app) 
    (not required for users joining existing organizations with Single Sign On (SSO) enabled, nor for users who opted to create an account with the Google Credential authentication method)

  • Initial Log In 
    (users joining existing organizations with Single Sign On (SSO) enabled will see the login screen for their identity provider instead, after clicking on the link in their invitation email, instead of the following)

    From the LOG IN dialog, which will appear after creating your Tehama user account:

    • For accounts created with the "Tehama credentials with MFA" authentication method:
      • Enter your username (email).
      • Enter your password
        - NOTE: After entering five invalid passwords in a row, Tehama will lock your account for a period of 30 minutes. If you need to log in within that period, contact a manager in your organization or Tehama Support to reset your password.
      • Enter the 6-digit code from the Google Authenticator. 
        - NOTE: After entering five invalid MFA codes in a row, Tehama will lock your account for a period of 30 minutes. If you need to log in within that period, contact a manager in your organization or Tehama Support to reset your MFA code.
      • Click LOG IN.
    • For accounts created with the "Google credentials" authentication method:
      • Click SIGN IN WITH GOOGLE.
      • Next: 
        - If you are already logged in to your Google account, then you will be automatically logged in to Tehama. 
        - If you are not already logged in to your Google account, log in as you normally would to your Google account.
    • For accounts in organizations with "Single Sign On" authentication enabled:
      • Follow the login procedure for your corporate identity provider.

    Accept the latest Terms of Service (ToS), if required. (It is never required for members of organizations that have enabled custom terms of service.) 
     

  • Organization Setup: (only part of the process if you are creating an organization)

  • Profile Page Completion 
    (optional for some roles and methods of authentication)

    • Enter user details when prompted
    • Press Save


Tehama AWS or Azure Enclave Creation and Connection (Enclave create/connect/join)

Continue with this step if one of the following scenarios applies to you.

  • Create Enclave - "I want to create an Enclave."
  • Connect Enclave - "I've been invited to connect my network to an Enclave that was created by my service provider."
  • Join Enclave - "I've been invited to join an Enclave as a third-party organization."

 Create Enclave

Choose the Enclave type that best suits your needs:

  • Create and connect a Standard Enclave: "I am creating an Enclave, connecting it to my network, and then (optionally) inviting another organization to join and use the Enclave." 
     
  • Create a Service-provider Room: (special case of the Standard Enclave) "I'm creating an Enclave and requesting another organization, my service-consumer, to connect it to their network."

Both of the above workflows begin in the ENCLAVES tab for your organization:

Synopsis:

For Standard Enclaves:

  • Click NEW in the ENCLAVES tab.
  • Select Standard Enclave.
  • Select "Your Organization" in the Connect this Enclave to field.
  • Enable or disable the File Vault in the Enclave.
  • Enable or disable the App Vault in the Enclave. (specific to AWS Enclave only)
  • Select the type of network access in the Enclave('Multi-Path).
  • Connect the Enclave

For Service-provider Enclaves:

  • Click NEW in the ENCLAVES tab.
  • Select Standard Room. (A Service-provider Enclave is a special case of a Standard Room.)
  • Select "Third-Party Organization (Invite)" in the Connect this Enclave to field.
  • Enable or disable the File Vault in the Enclave.
  • Enable or disable the App Vault in the Enclave.
  • Enter info needed to invite the Third-Party organization to connect the Enclave.
  • Send out the invitation to connect the Enclave to the Third-Party organization.

 Connect Enclave

Connect to a Service-provider Enclave: "I've been invited to connect my network to a Enclave that was created by my service provider."

Synopsis:

After having clicked on the link in the invitation email, and, if necessary, creating an organization in Tehama:

  • Accept the invitation to join and connect the Enclave.
  • Click on the Room name in the ENCLAVES tab.
  • Select the type of network access in the Enclave as Multi-Path.
  • Connect the Enclave

 Join Enclave

Join a Standard or Service-provider Enclave: "I've been invited to join a Enclave as a third-party organization."

Synopsis:

After having clicked on the link in the invitation email, and, if necessary, creating an organization in Tehama:

  • Click on the Enclave name in the ENCLAVES tab.
  • Accept, if necessary any policy set for your organization.

Proceed to propose members in the Enclave from your organization.

 

Configure Multi-Path Enclave Connections

Only necessary if the Enclave's 'Network Access' is set to 'Multi-Path', and you wish to connect to private network(s).

  • Configure one or more IPSec VPN connections in your Multi-Path Enclave (an Enclave with 'Network Access' set to 'Multi-Path') to your private network(s) following the instructions in Configure a Connection in a Multi-Path Enclave.
  • Verify Connectivity with your Enclave
    Once Tehama has reported a connection with your Enclave, confirm the connection to your network, and its associated IP address by navigating to your Enclave's CONNECTION tab's STATUS sidebar item (when 'Network Access' is set to 'Multi-Path'):
    • A green checkmark beside the connection will indicate a healthy connection was established.

For more detailed information about adding and managing connections in a Multi-Path Enclave, please see Multi-Path Enclave - Add and Manage Connections.

Optionally, you may consider adding DNS Resolvers for your private network(s). See Multi-Path Enclave - Add and Manage DNS Resolvers.

Tehama Administration (Org/Enclave setup)

Having create and connected a Enclave, you can now carry out basic and necessary organization and Enclave setup.

See the Getting Started with Tehama Administration guide for help with the following:

As the organization that created and connected a Standard Enclave:

As the organization that created a Service-provider Enclave:

As the organization that connected a Service-provider Enclave:

As the organization that joined a Standard or a Service-provider Enclave:

Related articles