This document describes a few common user scenarios and how to configure S/Notify for them.
Installation Test Setup
Scenario
After the installation, you want your users to test S/Notify, but you do not want to break notifications for those users who do not participate in the test or who do not have certificates or keys for encryption available.
Setup
S/Notify Configuration
On the administrative configuration pages of S/Notify
Leave the Key store file (for S/MIME) or HKP key server (for PGP) location empty
Leave the Encryption Fallback set to Allow unencrypted notifications
Show me where to do this in Jira ...
In Jira
Select Manage apps from the Jira Administration menu
From the S/Notify section on the left, select User Key Management for the Key store file and HKP key server settings
From the S/Notify section on the left, select Encryption Settings for the Encryption Fallback settings
Show me where to do this in Confluence ...
In Confluence
Select Manage apps from the Administrator menu
Scroll down to the S/Notify section on the left, then select User Key Management for the Key store file and HKP key server settings
Scroll down to the S/Notify section on the left, select Encryption Settings for the Encryption Fallback settings
Show me where to do this in Bitbucket ...
In Bitbucket
Go to the administration page by clicking on the cog wheel in the right upper area
Scroll down to the S/Notify section, from there select User Key Management for the Key store file and HKP key server settings
Scroll down to the S/Notify section, from there select Encryption Settings for the Encryption Fallback settings
User Profile
Users who want to participate in the test can upload their public certificate
Show me where to do this in Jira ...
In Jira
Select Profile from the user menu on the top right
Scroll down to section Email Security
Hit the edit symbol
Select which type to upload (S/MIME or PGP), the select the file and upload it
Show me where to do this in Confluence ...
In Confluence
Select Settings from the user menu on the top right
From the S/Notify section on the left, select Email Security
Select which type to upload (S/MIME or PGP), the select the file and upload it
Show me where to do this in Bitbucket ...
In Bitbucket
Select Manage Account from the user menu on the top right
On the left, select Email Security
Select which type to upload (S/MIME or PGP), the select the file and upload it
Results
S/Notify will immediately start encrypting the notification emails of each user who has provided a valid S/MIME certificate or PGP key. However, users who have not provided a valid S/MIME certificate or PGP key will still receive their notification emails unencrypted due to the Encryption Fallback setting.
Central Key Management Setup
Scenario
You want to enforce encryption of all notification emails, and the S/MIME certificates or PGP keys for all users are centrally available.
Settings
S/Notify Configuration
S/Notify supports several options for centrally managed S/MIME certificates and PGP keys. Choose whichever fits best in your environment.
S/MIME
User S/MIME certificates can be centrally provided
from a Key store file
from an LDAP that is configured as the User directory in Jira, Confluence, or Bitbucket
from any other External LDAP server (not currently available in Bitbucket)
PGP
User PGP keys can be centrally provided
from a Key store file
from a Key server – both HKP and LDAP based servers are supported
Both
Only if you do not want users to be able to provide their own S/MIME certificates or PGP keys, uncheck Allow user certificates and Allow user keys, respectively.
Set the Encryption Fallback to Do not allow unencrypted notifications - send problem report instead
Show me where to do this in Jira ...
In Jira
Select Manage apps from the Jira Administration menu
From the S/Notify section on the left, select User Key Management to set up the central S/MIME certificate or PGP key management
From the S/Notify section on the left, select Encryption Settings for the Encryption Fallback settings
Show me where to do this in Confluence ...
In Confluence
Select Manage apps from the Administrator menu
Scroll down to the S/Notify section on the left, then select User Key Management to set up the central S/MIME certificate or PGP key management
Scroll down to the S/Notify section on the left, select Encryption Settings for the Encryption Fallback settings
Show me where to do this in Bitbucket ...
In Bitbucket
Go to the administration page by clicking on the cog wheel in the right upper area
Scroll down to the S/Notify section, then select User Key Management to set up the central S/MIME certificate or PGP key management
Scroll down to the S/Notify section on the left, select Encryption Settings for the Encryption Fallback settings
User Profile
Users need not configure anything
Results
S/Notify will immediately start encrypting the notification emails of each user for whom a valid certificate is present in the global keystore. If, for some users, a valid certificate cannot be found, these users will receive an unencrypted email instead, telling them that their original notification message has been discarded for security reasons, because the email could not be encrypted, and asking them to get in contact with their Jira or Confluence administrator.
User Responsibility Setup
Scenario
You want to enforce encryption of all notification emails, but the users should manage their certificates on their own, and/or not all certificates are available in central keystore. You want the users to provide their certificates, but you do not want to allow unencrypted emails for users who have not provided their certificate.
Settings
S/Notify Configuration
On the administrative configuration pages of S/Notify
Leave the Global Keystore and Global Keyserver locations empty
Check Allow user uploads
Set the Encryption Fallback to Do not allow unencrypted notifications - send problem report instead
Show me where to do this in Jira ...
In Jira
Select Manage apps from the Jira Administration menu
From the S/Notify section on the left, select User Key Management for the Global Keystore and Global Keyserver settings, as well as User override
From the S/Notify section on the left, select Encryption Settings for the Encryption Fallback settings
Show me where to do this in Confluence ...
In Confluence
Select Manage apps from the Administrator menu
Scroll down to the S/Notify section on the left, then select User Key Management for the Global Keystore and Global Keyserver settings, as well as User override
Scroll down to the S/Notify section on the left, select Encryption Settings for the Encryption Fallback settings
Show me where to do this in Bitbucket ...
In Bibucket
Go to the administration page by clicking on the cog wheel in the right upper area
Scroll down to the S/Notify section, then from there select User Key Management for the Global Keystore and Global Keyserver settings, as well as User override
Scroll down to the S/Notify section, then from select Encryption Settings for the Encryption Fallback settings
User Profile
Users can now upload their public certificate
Show me where to do this in Jira ...
In Jira
Select Profile from the user menu on the top right
Scroll down to section Email Security
Hit the edit symbol
Select which type to upload (S/MIME or PGP), the select the file and upload it
Show me where to do this in Confluence ...
In Confluence
Select Settings from the user menu on the top right
From the S/Notify section on the left, select Email Security
Select which type to upload (S/MIME or PGP), the select the file and upload it
Show me where to do this in Bitbucket ...
In Bitbucket
Select Manage Account from the user menu on the top right
On the left, select Email Security
Select which type to upload (S/MIME or PGP), the select the file and upload it
Results
S/Notify will immediately start encrypting the notification emails of each user who has provided a valid certificate. Users who have not provided a valid certificate will receive an unencrypted email instead, telling them that their original notification message has been discarded for security reasons, because the email could not be encrypted, and asking them to get in contact with their Jira, Confluence or Bitbucket administrator.
Per Project or Per Space Encryption Setup
Scenario
You want encryption only for specific Jira projects or Confluence spaces, or you want to exclude specific Jira projects or Confluence spaces from encryption.
This feature is not yet available in Bitbucket. Please let us know if you are interested in seeing support for per-project encryption in Bitbucket.
Settings
S/Notify Configuration
On the administrative configuration pages of S/Notify
switch on Allow project / space configuration
if you want encryption for all but some projects / spaces, switch on Encrypt by default if you encryption for only some projects / spaces and not for all, switch off Encrypt by default
select if ambiguous emails should be encrypted
select if other emails should be encrypted
Show me where to do this in Jira ...
In Jira
Select Manage apps from the Jira Administration menu
From the S/Notify section on the left, select Encryption Settings
Scroll down to Per Project Encryption
Select Allow project configuration
Select Encrypt by default if you want encryption for all but some projects, or deselect if you want encryption for only some projects
Select Encrypt ambiguous, if you want emails that refer to more than one project to be encrypted, or deselect if you want such emails to be left unencrypted
Select Encrypt other, if you want emails that do not refer to any project to be encrypted, or deselect if you want such emails to be left unencrypted
Show me where to do this in Confluence ...
In Confluence
Select Manage apps (or Add-ons in earlier versions of Confluence) from the Administrator menu
From the S/Notify section on the left, select Encryption Settings
Scroll down to Per Space Encryption
Select Allow space configuration
Select Encrypt by default if you want encryption for all but some spaces, or deselect if you want encryption for only some spaces
Select Encrypt ambiguous, if you want emails that refer to more than one space to be encrypted, or deselect if you want such emails to be left unencrypted
Select Encrypt other, if you want emails that do not refer to any space to be encrypted, or deselect if you want such emails to be left unencrypted
Project or Space Configuration
On the project or space configuration pages
Switch encryption on or off as desired
Show me where to do this in Jira ...
In Jira
Select Projects from the Jira Administration menu
Select the project you want to configure by clicking on its name
From the Project Settings menu on the left, select Email Security
Depending on the required setup, select or deselect Encrypt emails for this projects
Repeat for additional projects that need to be set up different from your default setting
Show me where to do this in Confluence ...
In Confluence
Select Space directory from the Spaces menu at the top
Select the space you want to configure by clicking on the info symbol on the right of the space name
From Space Tools tabs, select Apps
Depending on the required setup, under Email Security, select or deselect Encrypt emails for this space
Repeat for additional spaces that need to be set up different from your default setting
Results
S/Notify will check all outgoing emails for references to Jira projects or Confluence spaces. According to the settings for project or space identified, S/Notify encrypts the email or leaves it unencrypted.
When an email does not refer to a Jira project or a Confluence space, or refers to multiple Jira projects or Confluence spaces with different encryption settings, the email in handled according to the setting for ambiguous emails.
Related articles
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.