Allow admin to login as a different user without password
I would like the admin to be able to see a user's mailbox without having to change his password. Or set temporarly the admin password to the mailbox and set it back to its normal password after.
Any solution for that would do
This is a good idea, but not something we will deliver for a while. It is on the backlog, so it is not lost, but now you can use your votes for other features.
Robin Hickmott commented
If it's illegal in one particular country then have an option to disable it or simply don't use it. Having a feature and using a Feature are two completely separate things. There is nothing stopping you from editing the Kerio Config file and replacing the users hashed password with a known hash and then swapping it back again after you have logged in so the ability is already there for technically minded people.
If it's a company e-mail you should generally have a clause in the employees contract that says company e-mail isn't private use and all correspondence is owned by the company yada yada yada.
Jeroen Keerl commented
This would cause several companies, for instance in Germany, to immediately get rid of Kerio ... or go to jail.
This is against so many data privacy regulations, I don't even know where to begin with counting.
If the user wants to have the admin (or the boss) to have a look at e-mails: Share the inbox.
If it's a new user: Log an as the user. Every other case: There are remote support tools out there, which you can use to support the user.
It would be amazing to have this feature! There are a number of reasons to have this feature, including verifying a user's claim that they did not get/send an important email. This seems like a very basic email feature to have, and it really surprises me that it is not included by default.
Will O'Neal commented
Will O'Neal commented
I get that it is declined, and it only matters if you add in (admin level access) to why we need this level of access.
When we set up users, we have to log in as the user to pre-share and subscribe to calendars, contacts, and other things.
So declining this outright is fine, so long as we get the functions reserved for user only level access at the admin level.
Michael Monnerie commented
This is a very missing feature! We used Zarafa before, and it also had the concept of a "super admin" who can do everything. Right now, we have a customer with 15 e-mail accounts, where the chief secretary needs access to all accounts. For this we have to log in to all accounts, and give rights to the secretary. This takes about 5 minutes per account, in sum 75 minutes that the customer has to pay. They don't like that. Also, if the secretary changes, we have to do all again for the new secretary - a mess.
Currently we help us by entering the users password into the "comment" field, which is a complete security nightmare, and I hope this feature will come soon.
As to law in Europe: It is absolutely no problem to technically give access to the admin for everything, it's just the admin is not allowed to read mails. That's an organisatorical problem, not a technical one. For this reason, admins have to sign contracts swearing not to read mails.
+1 we also need this functionality. For example, we have integraion Kerio with AD, some worker has left our company, we need to get access to he's mailbox. Right now I have to:
1. Enable his AD account
2. Reset password
3. Login as this user
4. Share inbox and sent folders to some user
5. Disable user Account
It's really too hard...
Nicolas Rieger commented
> However, I would like to have a feature that makes it possible to set up out of office messages, shared and subscribed folders - but never would I like an admin to check my mail without my knowledge unless at least having to change my password.
Same here. I'd love to have the possibility to change all user's preferences (all those which appear when clicking on my name on the top right, then Preferences) as an admin.
Mostly, I don't need access to their e-mails, but change some settings for them - Out-of-office message, default sender address etc., often when they're absent.
Markus Mohr commented
> In addition, all email is owned by my organization and we have the right to access it at any time
> for any reason. There are plenty of reasons why admins would need to access a users account > without them knowing (personnel issues, accusations, etc.)
I don't know where you are from, but in any europe country + US etc. it is forbidden by law to read mails from the employees without them knowing.
You don't own their mails, even IF private mails are forbidden by a company rule, you DON'T have to legal rights to access their mails. And that's just because they "could" get a private mail. Even more, you as admin are personally responsible and prosecutable before the law. The employee and state can sue/get you for that. Even if your boss ordered you to do so, if you know you're breaking the law, you have to decline your boss.
Also if you find something in the mail folder by illegal access it can't be used at court.
And then it would open a massive security breach. I mean, you could just read the mails of your boss and nobody would ever know...
If this option is integrated it has to be in a different way. Also, when you access mails of someone else, there should be someone with you as witness - if the company is big enough, it has/should be the privacy/data protection officer.
The only case where it is allowed to access a mailbox without the user knowing would be a case with suspicious activitys of an employee and immediate danger from it. Like he sending away customer data etc. But even then, get someone else to watch the folder with you and document everything you did.
Chris Weiss commented
if I'm not mistaken, the "master authentication" feature covers this.
Louis Moeckler commented
This is a huge deal. It makes it infinitely easier to troubleshoot and resolve support requests. In addition, all email is owned by my organization and we have the right to access it at any time for any reason. There are plenty of reasons why admins would need to access a users account without them knowing (personnel issues, accusations, etc.)
Andreas Hahn commented
hi, i have all mailboxes give a right that the admin user can look at the mailbox entry i think that is a good reason.
Ralph Oesker commented
Also here my full ACK!
Jörgen Olsson commented
I don't agree at all!
If a user wants admin to look at a mail, he can provide his password to the admin.
However, I would like to have a feature that makes it possible to set up out of office messages, shared and subscribed folders - but never would I like an admin to check my mail without my knowledge unless at least having to change my password.
Sam Bergin commented
Definitely a must-have. Allow the admin to login as ANY user in the webmail interface. Great for away messages, setting up and sharing out folders, etc.
James Fitzell commented
Agreed. An admin needs to be able to open mailboxes for staff when they are on the phone asking where their meeting is (as an example). An Admin should be able to open a specific mailbox via Webmail.
Steve Miller commented
Or when management wants to monitor employee email communications.
Andrew Rausch commented
Exchange offers this feature, why doesn't Kerio Connect? It's extremely useful when a user calls asking 'can you look at this suspicious email I received' or 'I forgot to turn on my out of office and I'm now on vacation'.