Rooms User Guide

A Tehama Room provides an isolated set of tools and services so you can collaborate securely. Organizations work together using a shared Room with access governed by policies. A Room is connected to a network, either a private or a public network (e.g. resources in the cloud) in which remote people work. All work performed in the connected network through the Room is audited.

---

What is a Room?

A Room is a container with a set of tools and services running within it.

Tools and services in a Tehama Room:

• Firewall Rules, a set of rules that constrain access to the 'connected network'.
  (See the description of the 'connected network' below.)
  
  
• Secrets Vault, secure storage of access credentials for assets in the connected network.
  
  
• File Vault, a secure transfer mechanism for files between the users local environment and the connected network.
  
  
• App Vault, a way to securely transfer application installation files to the Room's desktops.
  
  
• Desktops, both Windows and Linux Virtual Machines (VMs), used by Room members to interact with the connected network. Rooms contain Desktop templates from which Desktop instances are generated. A Desktop template contains the description of the Desktop configuration and the users assigned to it - those Room members who can connect to the template's generated Desktop instances. There can be as many as 500 Desktop instances in a Room. Each Desktop instance runs a 'Tehama Desktop Agent' application (AKA Workspace Agent) which provides access to tools/services in the Room. A Room member connects (logs in) to a Desktop instance to run a Desktop session. There can be a maximum of 75 concurrent Desktop sessions per Room when the Recordings Room feature is enabled and up to 200 concurrent Desktop sessions when the Recordings Room feature is disabled. (See the Desktop Session Auditing/Recordings User Guide for more details.)
  
  
• Audit, a set of audit tools including live Desktop session viewing, Desktop session recording, an activity stream of events occurring in the Room and reports.

The firewall rules, secrets vault, the file vault and the audit capabilities, are managed through the Tehama Web UI and accessible from the Tehama Desktop Agent in the Desktops. The app vault is managed through the Tehama Web UI and the files it contains are accessible from mapped drives in the Desktops.

Each Room is owned by a Tehama organization, the 'owner organization', and is connected to the network of a Tehama organization, the 'connected organization'. (These can be the same organization.) Other organizations can be invited to use the Room as well. These are known as 'user organizations'.

A Room has Desktops (as described in the list of Tools and Services above), used to interact with the connected network through Desktop sessions. The Room's owner organization manages the creation and lifecycle of Desktops in the Room, and controls the number of Desktop instances.

A Room has members. Members are users from the Tehama organizations in the Room. Members must comply with the access policy set for their organization in the Room. Only members in a Room can be assigned to Desktop templates in the Room. Typically, a Desktop instance is created from a template for each member that is assigned to it. Members access their Desktop instances through the Tehama Web UI. The Room's connected organization controls which members can be added to the Room, while the Room's owner organization is in charge of assigning/removing members to/from Desktop templates.

Note: The owner organization must, when constructing and assigning members to Desktop templates in the Room, take into consideration the number of concurrent Desktop sessions they expect to have running. While a Room can contain as many as 500 Desktop instances and unlimited members, to ensure optimum performance the maximum number of concurrent Desktop sessions per Room is limited to 75 when the Recordings Room feature is enabled and limited to 200 concurrent Desktop sessions when the Recordings Room feature is disabled. (See the Desktop Session Auditing/Recordings User Guide for more details.) If a higher number of concurrent sessions is expected, multiple Rooms may be required. Room owner organizations are encouraged to contact Tehama Support if they would like assistance in optimizing their Room environment for performance and availability, taking your auditing/recording needs into consideration.

A Room is connected to a network, either a private network or a public network (e.g. resources in the cloud) that is controlled by the Room's 'connected organization'. This is referred to as the 'connected network'. The only way the tools and services in the Room can access the connected network is through the connection the Room provides, isolating access to the connected network's access to Room members.

Since it is the confidentiality of their network and data that is at stake, the connected organization in the Room manages the network settings for the Room in addition to the Room membership.

The character of the 'connected network' depends on the 'Network Access' setting chosen by the Room's 'connected to' organization. It can be set to either 'Internet Only' or 'Tehama Gateway'.

• When set to 'Internet Only', the 'connected network' is the set of applications and services in the cloud that the Room's firewall settings allow access to.
  
  
• When set to 'Tehama Gateway', the 'connected network' is the organization's private network where a Tehama Gateway must be installed (as well as desired resources in the cloud), constrained by the Room's firewall settings. (See the Tehama Gateway User Guide for more information on Tehama Gateways.)

The following image shows how the architecture achieves the isolation that Rooms provide. It shows the scenario where a service consumer (customer) has two Rooms in Tehama connected to their network where:

• Whiteroom X is a Tehama Room with 'Network Access' set to 'Tehama Gateway' and with the 'Multiple Gateways' option disabled.
• Whiteroom Y is a Tehama Room with 'Network Access' set to 'Internet Only'.

More information on the Room concept is available in the 'Room' section of the Introduction.

---

Roles and responsibilities in a Room

Each organization in a Room has one of the following roles:

• owner+connected: The organization created the Room (i.e.: they are paying for it) and connected it (i.e.: they configured the network access for the Room to connect to their private (or public) network).
• user-only: The organization has been added (invited to join) to a Room and has no particular responsibilities in the Room.
• user+owner: The organization created and is paying for the Room but the Room is connected to by another organization.
• connected-only: The organization connected to the Room that another organization is paying for.

Room management responsibilities are divided as follows:

⦿ In your role as the Admin user or an Org Manager or a Room Manager (who is a member of the Room) of the Room's connected organization (owner+connected or connected-only), it is your responsibility to:

• configure and monitor the connection to the connected network.
• keep the Tehama Gateway in the Room up-to-date (if applicable).
• set up firewall rules.
• add/remove secrets.
• grant membership to the Room to users from your own and other organizations.
• monitor and audit the actions users perform when accessing and using resources on the connected network. (See note below.) Actions you can audit include user sessions, users' use of access credentials, the transfer of files in and out of your systems, and much more.

⦿ In your role as the Admin user or an Org Manager or a Room Manager (who is a member of the Room) of the Room's owner organization (owner+connected or user+owner), it is your responsibility to:

• add and approve requests for Desktop templates for Room members.
• enable/disable the Multiple Gateways option for the Room (if applicable).
• monitor and audit Room activity.

In addition ...

⦿ In your role as the Admin or an Org Manager or a Room Manager (who is a member of the Room) of an organization in the Room that DOES NOT own the Room (connected-only or user-only), you can:

• request Desktop templates for Room members.

⦿ In your role as the Admin or an Org Manager or a Room Manager (who is a member of the Room) of an organization in the Room that IS NOT the organization that is connected to the Room (user+owner or user-only), you can:

• request/propose users from your organization for membership in the Room.

⦿ In your role as a Staff member of an organization in the Room that has been approved as a member of the Room, you can:

• request Desktop templates for Room members.
• be assigned to Desktop templates in the Room.
• connect to and work in Desktops in the Room - Desktops generated from the Desktop templates that you have been assigned to.

All of the above responsibilities are handled through the Tehama Web UI.

The Roles User Guide provides an overview of the roles and responsibilities that organizations can have in a Room. See the section 'Roles and their permissions vis-a-vis Room management' in the guide.

---

Typical Room workflow

First a Room has to be created.

Once a Room has been created, it must be set up properly. Between them, the Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization and its owner organization will:

• set and monitor the connection to the connected network.
  (Once the Room is connected, it needs to be monitored - see the Room Connection Status Monitoring/Management User Guide. For additional information on Room connections - see the Tehama Gateway User Guide.)
• set up firewall rules to constrain the Room's access to the connected network.
  (See the Firewall Rules User Guide.)
• set up secrets to generate credentials for assets in the connected network.
  (See the Secrets Vault User Guide.)
• add members to work in the Room's Desktops.
  (See the Room Membership User Guide.)
• configure Desktop templates for those members.
  (See the Desktops User Guide.)

After that, as a member of a Room, you can start to work as follows:

• Log in to one of your Desktops.
  (See the 'Connect to a Desktop' section in the Desktops User Guide.)
  • for Windows Desktops, either launch the Desktop directory from the Tehama Web UI, logging in with temporary access credentials automatically passed along for you by the UI, or launch the Desktop from an AWS app, logging in with temporary access credentials that you can obtain from the Tehama Web UI.
  • for Linux Desktops, launch the Desktop directly from the Tehama Web UI. It will launch in a new browser tab.

Through the Desktop, you have access to the Room's connected network. This is where you perform your tasks on the connected network.

To help you in your work, you can:

• transfer files between your local environment and the connected network using the Room's file vault.
  (See the File Vault User Guide.)

  • use the Tehama Web UI to upload files from and download files to your local environment.
  • use the Tehama Desktop Agent (Workspace Agent) to upload files from and download files to your Desktop (and from there to the connected network).
    
    

• use the secrets from the Room's secrets vault to access assets in the connected network.
  (See the Secrets Vault User Guide.)

  • access the secrets in the secrets vault (from either the Tehama Web UI or the Tehama Desktop/Workspace Agent) to generate temporary credentials that you can use to gain access to password protected assets/resources in the Room's connected network.

---

View list of Rooms

View the list of Rooms you have access to as follows:

1. Log in to the Tehama Web UI.
2. Click on the ROOMS tab.

An organization's Admin user and its Org Managers will see all the Rooms the organization has a stake in - that is all the Rooms they own, are connected to or otherwise use.

An organization's Room Managers and Staff members will see all the Rooms that they are a member of.

The list displays the following information for each Room:

• Room: the name of the Room
• In use: the number of Desktops in the Room that are currently in use (maximum allowed is 50)
• Policy: the policy that members of their organization in the Room must comply with
• Status: the status of the Room (Connected, Disconnected, Pending, Deactivated or Archived)

The graph at the top right of the list shows the TCU usage for the Rooms. (See the TCU Usage reports under REPORTS for more information on TCU Usage.)

Note that the Rooms list can be sorted on all columns.

Note that an entry whose text overruns the column can be expanded by clicking within the text field in the entry. (Avoid clicking on the text itself if it is a link.)

---

Create and connect to a Room

In this creation scenario, your organization will be both the Room's owner organization and the Room's connected organization. (i.e.: Your organization will be the Room's owner+connected organization.)

All of the ways to create/connect/join a Room are covered in the Tehama Installation section of Tehama's Getting Started Guide.

If you want to create a Room and connect to it, see Room Creation Scenario 1 in the installation guide.

Once your Room is created, it will appear in the list of Rooms in the Tehama Web UI.

---

Create a Room and invite another organization to connect to it

In this creation scenario, your organization will be the Room's owner organization and the other organization will be its connected organization. (i.e.: Your organization will be the Room's user+owner organization and the other organization will be the Room's connected-only organization.)

All of the ways to create/connect/join a Room are covered in the Tehama Installation section of Tehama's Getting Started Guide.

If you want to create a Room and get another organization to connect to it, see Room Creation Scenario 2 in the installation guide.

Once your Room is created, it will appear in the list of Rooms in the Tehama Web UI.

---

Connect to a Room via invitation

In this configuration scenario, your organization will be the Room's connected organization and the other organization will be its owner. (i.e.: Your organization will be the Room's connected-only organization and the organization that invited you will be the Room's user+owner organization.)

All of the ways to create/connect/join a Room are covered in the Tehama Installation section of Tehama's Getting Started Guide.

If you want to respond to an invitation to connect your network to a Room created by another organization, see Room Configuration Scenario 1 in the installation guide.

---

Join a Room via invitation

In this configuration scenario, your organization will not have any particular management responsibilities in the Room. _(i.e.: Your organization will be (one of) the Room's user-only organization(s).)

All of the ways to create/connect/join a Room are covered in the Tehama Installation section of Tehama's Getting Started Guide.

Once a Room has been created and connected, the connected organization for a Room can invite other organizations to join the Room.

If you want to respond to an invitation to join a Room, see Room Configuration Scenario 2 in the installation guide.

---

Delete or archive a Room

WARNING: A Room, once deleted, cannot be recovered. Connections associated to the Room are also deleted and cannot be recovered. Archiving the Room will preserve recordings.

Delete or archive a Room as follows:

1. Log in to the Tehama Web UI.
2. Click on the ROOMS tab.
3. Select the Room you wish to delete or archive by clicking in the checkbox to the left of the Room's name.
   
4. At the bottom of the page, click the Trash Can icon. You will see the DELETE ROOM dialog.
   
5. Acknowledge the warning and type the name of the Room into the dialog.
6. If you want to delete the Room:: Click DELETE.
7. If you want to archive the Room:: Click ARCHIVE.

---

View a Room's interface

Access the interface for a Room in the Tehama Web UI as follows: (Choose A or B.)

A: find the Room in the list of Rooms that you have access to

1. Log in to the Tehama Web UI.
2. Click on the ROOMS tab. You will see a list of all the Rooms that you have access to.
3. Click on the name of the Room you want to access. You will see the page for the Room.

Here is the Room interface with the WORK tab selected for a member of a Room's user organization who is not currently assigned to a Desktop template in the Room:

B: find the Room in the list of all your Desktops in the organization

1. Log in to the Tehama Web UI.
2. Click on the DESKTOPS tab. You will see a list of all the Desktop templates you are assigned to. ¹ Each entry contains the name of the Room to which the Desktop template belongs. Note, this will not contain Rooms in which you are not assigned to a Desktop template.
3. Click on the name of the Room you want to access. You will see the page for the Room.

1. Admin users and Org Managers and Room Managers also have the option of seeing either a list of all Desktop templates in the organization or a list of in-use Desktop templates in the organization from the DESKTOPS tab. If the first option is chosen, all Rooms in the organization that have at least one Desktop template will be in the list. (Note, for Room Managers, the listed Desktops templates are restricted to those belonging to Rooms of which they are members.) ↩

Here is the Room interface with the WORK tab selected for a member of a Room's owner organization who is assigned to a couple of Desktop templates in the Room:

---

Change a Room's name

Change a Room's name as follows:

1. Access the Room's interface.
2. Click on the Room name in the breadcrumbs at the top of the page in order to make it editable.
3. Type in the editable field.
4. Save your change by selecting the checkmark or discard it by selecting the cross.

Note that a Room's name can only be modified if the Room has not been archived.

Note that a Room's name can be modified by a 'Tehama Super Admin' user (a super user belonging to the Tehama Support team) if necessary.

Note that the ability to change a Room's name is available from any tab in the Room's interface.

---

Room Desktop Settings

A Room has a collection of Desktop settings that are applied to all the Desktops that belong to the room. These settings can be set from your Room's CONFIGURE -> SETTINGS page.

 • Set Idle Session Timeout

The idle session timeout setting is the length of time a desktop session will idle before disconnecting (and no longer using TCU).

Change a Room's idle session timeout setting as follows:

1. Access the Room's interface.
2. Click the Room's CONFIGURE tab.
3. Click on the SETTINGS sidebar item.
4. Click on the EDIT button at the top right of the DESKTOP SETTINGS section.
5. Locate the dropdown field to the right of the "Idle Session Timeout" desktop-setting.
6. Click on the dropdown field to display the preconfigured idle timeout options.
7. Select the idle timeout option you wish for your Room's desktop sessions.
8. Click SAVE.

---

Room Feature Settings

A Room has a collection of features that can be enabled or disabled for the room. These features can be enabled or disabled from your Room's CONFIGURE -> SETTINGS page. Note that only one feature can be enabled/disabled at a time, to allow the Room's infrastructure to update before the next change is made.

---

 • Enable/Disable App Vault

The App Vault Room feature provides a way to securely transfer application installation files to the Room's Tehama Desktops, through the Tehama Web UI and mapped drives on the Room's desktops. See the App Vault User Guide for more details.

When it is enabled, the Admin user and Org Managers and Room Managers (who are members of the Room) in the Room's owner organization will be able to see the APP VAULT page under the Room's CONFIGURE tab; and all Room members assigned to a desktop will be able to see the corresponding mapped drive for the App Vault feature in their desktops.

When it is disabled, the APP VAULT page under the Room's CONFIGURE tab will not be available, nor will the mapped drives on the Room's desktops.

Enable or disable the App Vault Room feature as follows:

1. Access the Room's interface.
2. Click the Room's CONFIGURE tab.
3. Click on the SETTINGS sidebar item.
4. Click on the EDIT button at the top right of the ROOM SETTINGS section.
5. Locate the toggle to the right of the "App Vault" feature.
6. Enable the feature as follows:
   • Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
   • Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
7. Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)

---

 • Enable/Disable File Vault

The File Vault Room feature secures the transfer of files between your local environment & the Room's Tehama Desktops. See the File Vault User Guide for more details.

When it is enabled, all users with access to the Room will be able to see the FILE VAULT page under the Room's WORK tab.

When it is disabled, the FILE VAULT page under the Room's WORK tab will not be available.

When enabled, a sub-option exists that allows users in the Room to download files from the File Vault to their local desktops from the File Vault interface in the Tehama Web UI. (See step 6.(SUB-OPTION) below.)

Enable or disable the File Vault Room feature as follows:

1. Access the Room's interface.
2. Click the Room's CONFIGURE tab.
3. Click on the SETTINGS sidebar item.
4. Click on the EDIT button at the top right of the ROOM SETTINGS section.
5. Locate the toggle to the right of the "File Vault" feature.
6. Enable or disable the feature as follows:
   • Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
   • Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
     (SUB-OPTION) Once enabled, you will see the "Allow users to download files onto their local desktops" sub-option. Proceed to enable or disable this sub-option.
     • Check the box to the left of the sub-option to enable it.
       - Once saved, the users will be able to download files from the File Vault to their local desktops.
     • Un-check the box to the left of the sub-option to disable it.
       - Once saved, the users will not be able to download files from the File Vault to their local desktops.
7. Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)

---

 • Enable/Disable Multi-GW

The Multi-Gateway Room feature allows you to connect multiple Tehama Gateways (to a maximum of 2) to your Room to provide redundancy for your network access.

When the Multi-Gateway Room feature is enabled, the Room's owner organization will be able to see the feature and to turn it on or off in the Room's CONNECTION -> STATUS page. The Room's connected organization will be able to see the feature. See both the "View the 'Multiple Gateways' option for a Room" section and the "Enable/Disable the 'Multiple Gateways' option for a Room" section in the Room Connection Status Monitoring/Management User Guide for more details.

Note, ensure that the 'Multiple Gateways' option in the Room's CONNECTION -> STATUS page is turned off before attempting to disable the Multi-Gateway Room feature.

Note that enabling the 'Multi-Gateway' feature here in the Room Settings does not incur any cost for your Room, however, subsequently enabling it (turning it on) under the room's CONNECTION -> STATUS page does incur an added expense for your room.

Enable or disable the Multi-Gateway Room feature as follows:

1. Access the Room's interface.
2. Click the Room's CONFIGURE tab.
3. Click on the SETTINGS sidebar item.
4. Click on the EDIT button at the top right of the ROOM SETTINGS section.
5. Locate the toggle to the right of the "Multi-Gateway" feature.
6. Enable or disable the feature as follows:
   • Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
   • Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
7. Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)

---

 • Enable/Disable Linux Dsktps

The Linux Desktop Room feature provides virtual Desktop environments connected via PCoIP to Linux-based servers. These are known as Tehama Linux Desktops. It is offered with a range of hardware and software options similar to a Windows Desktop. The currently available Operating System is Ubuntu Server 18.04.

The Linux Desktop Room feature, when enabled, allows the creation of Tehama Linux Desktops in the Room.

When enabled, Tehama Linux Desktops can be created in the room, and the LINUX DESKTOPS page found under the Room's CONFIGURE tab in the Tehama Web UI will be present.

When disabled, Tehama Linux Desktops cannot be created in the room, and the LINUX DESKTOPS page found under the Room's CONFIGURE tab in the Tehama Web UI will be absent.

Note any Tehama Linux desktops that have been created for the room will continue to exist after the feature has been disabled and will be accessible through the Tehama Web UI (although note that the ability to request or add new Tehama Linux desktops will be unavailable).

Enable or disable the Linux Desktop Room feature as follows:

1. Access the Room's interface.
2. Click the Room's CONFIGURE tab.
3. Click on the SETTINGS sidebar item.
4. Click on the EDIT button at the top right of the ROOM SETTINGS section.
5. Locate the toggle to the right of the "Linux Desktop" feature.
6. Enable or disable the feature as follows:
   • Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
   • Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
7. Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)

---

 • Enable/Disable Windows Dsktps

The Windows Desktop Room feature provides virtual Desktop environments connected via PCoIP to Windows-based servers. These are known as Tehama Windows Desktops. It is offered with a range of hardware and software options. The currently available Operating System is Windows Server 2019.

The Windows Desktop Room feature, when enabled, allows the creation of Tehama Windows Desktops in the Room.

When enabled, Tehama Windows Desktops can be created in the room.

When disabled, Tehama Windows Desktops cannot be created in the room.

Note that the WINDOWS DESKTOPS page found under the Room's CONFIGURE tab in the Tehama Web UI will be present regardless of whether Windows Desktops Room feature is enabled or disabled since it is also used for Desktops of type 'Workspace', which are always available in every Room.

Note any Tehama Windows desktops that have been created for the room will continue to exist after the feature has been disabled and will be accessible through the Tehama Web UI (although note that the ability to request or add new Tehama Windows desktops will be unavailable).

Enable or disable the Windows Desktop Room feature as follows:

1. Access the Room's interface.
2. Click the Room's CONFIGURE tab.
3. Click on the SETTINGS sidebar item.
4. Click on the EDIT button at the top right of the ROOM SETTINGS section.
5. Locate the toggle to the right of the "Windows Desktop" feature.
6. Enable or disable the feature as follows:
   • Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
   • Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
7. Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)

---

 • Enable/Disable Recordings

The Recordings Room feature provides recordings of the Room's Desktop sessions.

From the time it is enabled, any subsequent desktop sessions in the room will be recorded.

From the time it is disabled, any subsequent desktop sessions in the room will not be recorded.

Recordings are available in the Room's SESSIONS page under the AUDIT tab. See the Desktop Session Auditing/Recordings User Guide for more details.

Note, any recordings that are already present will continue to be available once the feature is disabled.

This Room feature is a useful capability but it does come with a cost in Desktop performance and availability. When Recordings are enabled in a Room, the Room can support a maximum of 75 concurrent Desktop sessions. When Recordings are disabled, the Room can support up to 200 concurrent Desktop sessions. Room owner organizations are encouraged to contact Tehama Support if they would like assistance in optimizing their Room environment for performance and availability, taking your auditing needs into consideration.

IMPORTANT: Before enabling the Recordings feature for a Room, confirm that the current number of concurrent Desktop sessions in the Room is at most 75. Enabling Recordings while the number of concurrent Desktop sessions is higher than this maximum will result in undefined behaviour. You can view a list of the "in-use" Desktop Templates in your Room on the DESKTOPS page. (See section View list of in-use Desktop templates in your Organization in the Desktops User Guide.)

Enable or disable the Recordings Room feature as follows:

1. Access the Room's interface.
2. Click the Room's CONFIGURE tab.
3. Click on the SETTINGS sidebar item.
4. Click on the EDIT button at the top right of the ROOM SETTINGS section.
5. Locate the toggle to the right of the "Recordings" feature.
6. Enable or disable the feature as follows:
   • Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
   • Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
7. Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)