Users
Users are individuals who connect to BlueMind. Users have access to BlueMind features depending on their profile.
Creating a user
To create a new user:
-
From the Directories home page, click on "Create a user" or from the list of directory entries, use the button New > User:

-
Enter the new user's details in the popup that opens:

Full name
The full name is generated automatically when you enter your first and last names, and cannot be modified.
-
Sélectionner le groupe par défaut :
userpour les utilisateurs,adminpour les administrateurs ou un groupe par défaut créé par l'administrateur -
Check the desired options:
-
Hide BlueMind address lists: the user exists but is not visible in autocompletion (webmail dialer or calendar) or in the directory. Its address can still be used by administrators or those who know it.
-
Mail address: the mail account is activated and a default address based on the login is automatically created. To add aliases, click
at the end of the line.
If the installation includes multiple domain aliases, each additional address can be specified on a specific domain or on all aliases.Maximum number of possible addresses
In BlueMind, you can create as many aliases as you like, on as many domain aliases as you like.
-
-
Click "Create" for a simple and direct user creation or click "Create & Edit" to create the user and access configuration options.
Quick creation
The "Create" button allows a quick creation with the information entered in the popup and the following default options:
- server location (time zone, time format, etc.)
- default storage server, with no disk space quota
- no auto-reply or auto-forward
- empty coordinates
- the calendar can be shared with the option "can invite me to a meeting". This means that other domain users cannot view this user's calendar but are able to invite them to an event
- the mailbox is not shared
The user can then be modified via the administration interface.
Editing and managing users
From the page Directories >> Directory entries, select the user to be edited from the list.
General
Account information
The "General" tab displays the user's main information: account details, profile, group(s), location settings, etc.

L'onglet permet notamment de définir l'utilisateur comme membre d'un ou plusieurs groupes ou d'une délégation et définir les rôles affectés à l'utilisateur.
Change username
The account username can be changed on this page. Once a modification has been saved, it takes effect immediately.
If the user whose login is modified works with Outlook connected via MAPI, it is necessary for them to create a new profile with the new information.
The same applies to O365.
For more details, visit the following page: https://learn.microsoft.com/fr-fr/microsoft-365/admin/add-users/change-a-user-name-and-email-address?view=o365-worldwide
Group membership
En cliquant sur le lien « Modifier l'appartenance aux groupes », une popup permet de visualiser et modifier les groupes auxquels l'utilisateur appartient :

Pour supprimer un groupe, cliquez sur la croix correspondante ; pour en ajouter un, saisir les premières lettres et valider un choix proposé par l'autocomplétion.
Roles: administration rights and access to features
Here it is possible to customize, for each user, access to applications, certain specific features, or even administration rights:

The rights granted can only be added to the rights inherited from a group: the rights assigned to a group the user belongs to cannot be unchecked in the user's page.
For example, applications may appear checked but grayed out, unmodifiable: the user belongs to a group in which the application is activated. In this case, it is advisable to check the user's group membership (see above).
For more details on roles, see Roles: access and administration rights and Delegated administration.
User information
The "User information" tab allows the administrator to enrich a user's contact record.
L'administrateur peut saisir ici des informations telles que les numéros de téléphone et adresses postales ou affecter une photo qui sera réutilisée dans l'ensemble de BlueMind (fiche contact, invitation à un événement, etc.).

Les données de contact correspondent à l'annuaire interne de BlueMind et sont accessibles à l'ensemble des utilisateurs de la solution. Pour cette raison, seuls les administrateurs peuvent modifier ces informations. L'utilisateur lui-même ne peut pas modifier ses propres informations.
Le rôle "Modifier ses informations" permet à l'utilisateur de gérer les informations de sa fiche. Ces modifications ne peuvent à l'heure actuelle se faire que par script via la clef d'API de l'utilisateur, une interface de gestion via les paramètres sera prochainement disponible.
Mail
The "Mail" tab shows the user's mailbox settings (space, addresses, identities, sharing, etc.):

Email addresses
- Storage server: server on which this user is managed.
- Quota : taille maximale de stockage de la messagerie de l'utilisateur et quantité utilisée.
L'espace utilisé par l'utilisateur est indiqué par une barre de progression, cet espace est aussi visible en bas de la liste des dossiers dans la messagerie de l'utilisateur (For further information, see, Managing storage capacity (quota)). -
Hide BlueMind address lists: L'utilisateur exists but is not visible in autocompletion (webmail dialer or calendar) or in the directory. Its address can still be used by administrators or those who know it.
- Email addresses et alias : l'utilisateur peut posséder autant d'alias de messagerie que souhaité, sur l'un ou l'autre ou tous les alias de domaines disponibles.
Change default e-mail address
The default mail address can be set to any of the mail aliases. This address can be modified as many times as required. Once a modification has been saved, it takes effect immediately.
If the user whose default address is changed works with Outlook connected via MAPI, it is necessary for them to create a new profile with the new information.
The same applies to O365.
For more details, visit the following page: https://learn.microsoft.com/fr-fr/microsoft-365/admin/add-users/change-a-user-name-and-email-address?view=o365-worldwide
My identities
Identities allow users to write under the name of one of their aliases or shared mailboxes, or to define different signatures that they choose according to the emails they write.
To find out more, visit the dedicated page in the user guide: Managing Account Identities.
Mailbox sharing
La section de partage permet de donner accès à la boite de messagerie de l'utilisateur à des utilisateurs ou groupes.

Par défaut, lors de la création d'un utilisateur, aucun partage n'est activé.
Les droits de partage d'une boite de messagerie peuvent être définis :
- par un administrateur via l'interface présente ici
- par l'utilisateur, via la gestion de ses préférences
Pour en savoir plus sur le partage et les droits, consulter la page dédiée du guide de l'utilisateur : Partager une messagerie
Transfert automatique des messages
Il est possible d'indiquer plusieurs adresses vers lesquelles transférer les messages.
Cocher la case et saisir une adresse mail valide :

Valider la proposition de l'autocomplétion, même si celle-ci est identique à l'adresse saisie. Il est nécessaire que le cartouche bleu avec la croix de suppression apparaisse :

Il est possible de rajouter manuellement des adresses externes, qui ne seront pas ajoutées dans le carnet des adresses collectées lors des transferts.
Répondeur automatique
Cette section permet d'activer ou désactiver le répondeur automatique de l'utilisateur.
Pour en savoir plus sur le paramétrage et les règles d'envoi, consulter la page dédiée du guide de l'utilisateur : Managing out of the office
My filters
Filters can be used to apply sorting rules and automatic actions to the user's new incoming emails.

To find out more about how to set up these filters, see the dedicated page in the user guide: Applying sorting and action filters.
Carnets d'adresses
Cet onglet permet de gérer les abonnements de l'utilisateur aux carnets qui lui sont accessibles (ses carnets personnels ou des carnets qui lui sont partagés) ainsi que de gérer les partages de ses carnets avec d'autres utilisateurs ou groupes.

En revanche, il n'est pas possible pour l'administrateur de créer des carnets à l'utilisateur.
Pour en savoir plus, consulter la page dédiée du guide de l'utilisateur Créer et éditer un carnet d'adresses ainsi que la page dédiée à la Partager un carnet d'adresses
Calendrier
L'onglet Calendrier permet :
-
d'accéder à tous les paramètres de réglage de l'agenda de l'utilisateur (horaires, jours ouvrés, éléments affichés, etc.) :

-
de créer des calendriers supplémentaires pour l'utilisateur :

-
de gérer le partage des calendriers de l'utilisateur ou dont il a la gestion :

- en interne : avec tous les utilisateurs ou des utilisateurs et/ou groupes spécifiques
- en externe : en générant une adresse publique ou privée
Pour plus de détails sur le partage de calendriers, consulter la page dédiée du guide de l'utilisateur Partager un calendrier
-
de gérer le partage des disponibilités de l'utilisateur :

-
de gérer les abonnements aux calendriers (d'utilisateurs ou de domaines) qui lui sont partagés :

Listes de tâches
Cet onglet permet de gérer les partages des listes de tâches de l'utilisateur et ses abonnements aux listes qui lui sont partagées :

Pour en savoir plus, consulter les pages dédiées du guide utilisateur Partager une liste de tâches et Utiliser une liste de tâches partagées.
Maintenance
This tab provides the administrator access to maintenance functions and management of user mobile devices:

External ID
The field in this section is filled in when the group is synchronized with an AD or LDAP account (For further information, see pages LDAP Synchronization and Active Directory Synchronization).
This field can be filled in or modified in order to force or correct the user's UID corresponding in the AD or LDAP directory.
Validate user
The "Execute" button in this section allows launching a "Validate and Repair" operation on the user's account. This covers a set of operations that check and, if necessary, correct the integrity of the user and his/her data in the BlueMind system: checking mailboxes, calendar and address book containers, folder hierarchies, subscriptions, mail filters, etc.
This operation corresponds to the bm-cli command:
bm-cli maintenance repair user@domain.net
For further information, see the page CLI Admin Client.
As the user
The link in this section is accessible by the super administrator admin0 or another administrator with the "Sudo (elevation of privileges)" role. The link gives access to the user's BlueMind, i.e. logs on to BlueMind in the user's place, without the user having to give his or her password.
Password
In this section, the administrator can change/reset the user's BlueMind login password, without needing to know the user's old password. This section also shows the date the password was last modified (by the user or an administrator), if applicable.
The administrator has 2 additional options:
- Change password at next login: the user will be required to change his password the next time he logs in (this does not log the user out if he is currently logged in).
- Le mot de passe n'expire pas : cette option permet d'exclure l'utilisateur de la politique d'expiration des mots de passe du domaine si elle a été mise en place.
- Force OTP: the user will be forced to configure authentication via OTP (One Time Password).
For further information, see hereinafter Multi-factor authentication via OTP.
Pour activer ces options, cocher la ou les cases correspondantes et cliquer sur le bouton "Enregistrer" en bas de page.
L'expiration ne peut pas être appliquée aux utilisateurs importés d'un annuaire AD ou LDAP, les mots de passe étant gérés par celui-ci.
Mailbox indexing
This section launches the mailbox index consolidation operation: this completes the current indexing of the mailbox, indexing only the missing elements.
To launch the operation, click on the "Execute" button next to "Consolidate mailbox index".
Mobile devices
This section lets you manage the user's mobile devices: synchronization authorizations, information on devices known to the system, synchronization reset, remote wiping.

- Partnership: this box is used to suspend or enable a device's syncing without removing it altogether.
- Identity: shows the serial number the device signed in under
- Type: device brand/OS
- Last Sync: date and time of the device's latest sync with the server
- Reset sync: resets the device's sync information. The next synchronization will be performed in the same way as an initial synchronization: the device will perform a complete synchronization as if it had never been known to the server.
- Actions in case of loss or theft of a device :
-
Remote wipe :
⚠️ Irreversible operation
If the phone tries to re-synchronize with BlueMind, it will be deleted again.
- on Android : deletes the EAS account and all its data (messages, contacts, calendar).
For a device to be completely wiped remotely (accounts, photos, SMS, files, etc.), the EAS account must be created using the "Microsoft Exchange ActiveSync" account type. - on iOS : deletes all data on the phone, whether related to the BlueMind account or private (accounts, photos, SMS, files, etc.).
- on Android : deletes the EAS account and all its data (messages, contacts, calendar).
-
Cancel device deletion: allows a deleted device to be synchronized again with BlueMind
-
Trash icon: removes a device from synced devices. When unknown smartphones are not authorized by default, deleting a smartphone from the list will block its synchronization with BlueMind.
-
Pour aller plus loin, consulter le Guide de l'administrateur > Configuration du serveur EAS
Deleting users
Suspend
A user can be suspended: this allows you to deny access to BlueMind without deleting the user's data. He can then be reactivated, and his account restored to its previous status.
To suspend a user:
- go to the management record of the relevant user: Directories > Directory Entries > select the user.
- on the first tab ("General"), tick the box "Suspended" on the right side of the page then click on "Save" to apply the modification
Delete
To delete one or several users completely and permanently, go to the page Directories > Directory Browser.
In the list of users, tick the box at the beginning of the row corresponding to the users to be deleted and then click on the button "Delete". A deletion confirmation will be requested, once confirmed, the users and all their data will be permanently deleted.
A user can be restored in BlueMind by going back to a previous backup. Data modified since the last backup cannot be recovered (new messages, modified contacts, calendar events added/deleted/modified, invitations received, etc.).
See Backing up and Restoring Data for more information on the restore backup feature, which allows you to restore all or part of a user's data.
See also User Departure and Email Redirection
Secure authentication
Multi-factor authentication via OTP
OTP stands for "One Time Password". This is a randomly generated 6-digit number that strengthens authentication and complements the user's password.
This number is valid only once for 30 seconds, after which a new number is generated.
Multifactor authentication is currently only available for connections to BlueMind webmail, including on mobile devices, and does not apply to connections via a third-party mail client.
However, to secure the connection, it is possible to disable the IMAP connection via a third-party client.
Two-factor authentication can also be managed via the bm-cli tool, enabling batch activation or deactivation, or for superadministrator admin0.
For further information, see Enabling two-factor authentication from the command line.
Activate security
This security feature can be activated in the user's management file:
- go to the Maintenance tab
- check the "Force OTP" box
- Save to accept the change
The next time the user logs on, he or she will have to set up a secure connection using OTP.
As the server has a 5-minute cache, activation or deactivation may not be immediate and may take some time before being visible to the user.
For further information, see Securing connection with OTP.
Manage identification keys
Identification keys are administered from the user's Maintenance tab: the "User credentials" section lists the keys set up by the user, using the device name they indicated when they were created:

To delete a user-set identification key:
- go to the Maintenance tab
- go to "User credentials" section
- click the trash icon corresponding to the key you wish to delete
- confirm to proceed
💡 Deletion is immediate, there is no need to click "Save"
As with activation, this will have the effect of prompting the user to set up a secure connection.
To force a user to reset his credential, simply delete it.
Password security add-on
For added password security, you can install the "Password SizeStrength" add-on to define strict password validity rules.
Installation
The plugin is simply installed by installing 2 packages on the command line, logged in as root on the:
aptitude install bm-plugin-core-password-sizestrength bm-plugin-admin-console-password-sizestrength
L'installation nécessite un redémarrage de BlueMind :
bmctl restart
Configuration
La configuration se fait dans la console d'administration > Configuration Système > onglet Password.

Pour les versions antérieures de BlueMind, consulter la Documentation 4.
La prise en compte des modifications est immédiate et ne nécessite pas de redémarrage.
Changes are not retroactive and only apply to future password changes – users whose current password does not meet newly set rules will not be asked to change it and it will continue to work.
If the rules are not respected when a user tries to change his or her password, the user is informed and the password is not changed:

These rules do not apply to administrators (global administrator admin0 or domain administrators) whose choice of password continues to be free. In addition, the rules do not apply when changing a user's password from the administration console.