General
Company logo
You can have your company logo displayed on the ZEP login page and in ZEP at the bottom left: select the corresponding file (maximum size: 1MB) and upload it.
ZEP color
Either enter the desired color shade in hexadecimal format in the input window or select the desired color by clicking on the color icon. If you would like to reset ZEP to the original color, delete the entry completely and click on save.
Access via secure SSL connection
You can specify whether you generally want to force an SSL-encrypted connection, offer this as an option, or if it should not be possible. We recommend always accessing ZEP with SSL encryption.
When changing the setting from "redirect automatically" to something else, users must manually delete their ZEP session cookie in the browser. Otherwise, a login is not possible.
Allow saving of username and password in the browser
If you want to allow the browser to save the username and password, you can specify this here.
ZEP language
Here you set the default language for ZEP. The language setting also includes the language-specific formatting of the date, time, and decimal numbers.
The employees created in ZEP generally have "-Standard-" set as their language. This refers exactly to the language you set here. If a specific employee should have a fixed language other than the standard one, then set this for the respective employee. The login page will then continue to be displayed in the standard language, and after logging in, the user will see ZEP in their own language.
Setting the number of entries per page
In ZEP, search results are often presented in a scrollable table, e.g., project administration, employee administration, etc. By default, 15 entries are displayed per page. You can change this number here.
The number of entries per page affects ease of use and speed:
A large number only makes sense with large or high-resolution monitors. All entries should always be visible on one screen page, otherwise the interaction between paging through the table and scrolling in the browser is uncomfortable.
With a large number, the display takes longer. Since the first table page is already displayed when a page is first called up, the impression is created that the menu change is slower.
This setting has no effect on fully displayed, non-pageable tables in reports and no effect on tables in pop-up windows.
There is also a fixed minimum number of entries: a page break only occurs if the following page will contain at least 4 entries.
This means the last page of a table can contain up to three more entries than the set number.
Display company name in reports (header)
If you do not want your company name to appear in the heading on the printout of reports, do not place a checkmark.
Keep line breaks in CSV export
If you have longer formatted texts with line breaks in remark fields and would like to export them formatted as such as a CSV, specify Yes here.
Using ZEP Mail client
When you click on an email address, the local mail client (e.g., MS Outlook, Lotus Notes) is called up by default. If you do not wish this, you can alternatively use the integrated ZEP mail client by activating this option.
Advantage of the ZEP mail client: the length of the mail is not limited.
Separator for email addresses
Set here globally whether a comma or semicolon is used as a separator between email addresses.
As soon as a user has saved their own setting for the email parameters under Profile > Email, a change to the global setting will no longer have an effect for this user.
Sender name for automatically sent emails and for ZEP mail client
This sender name is used by ZEP in automatically sent emails:
The recipient then sees the following information in their mail program:
From: Sender name <sender-email-address>
Reply to: Reply-to name <reply-to address>
Sender address
This email address is used by ZEP as the email sender when ZEP sends automatic emails, e.g., in the case of planned hour overruns, overtime notifications, or in connection with the ticket module.
If you have not configured anything special, the default setting [email protected] applies.
The email address [email protected] is only used for sending; replies are rejected.
Using own E-Mail address
If you wish to use your own email addresses, you should also use your own mail server that belongs to these addresses (see “Use special outgoing mail server for sending mail”).
Use ZEP mail server
However, if you use the ZEP mail server and your email address contains your own domain, you must update your SPF record in the DNS settings to prevent your emails from being marked as spam. This means that you must add “a:mail.zep.de” to your SPF record. You must insert the entry “a:mail.zep.de” at a suitable position in the SPF record with spaces before and after it. Please contact your IT system administrator (not the ZEP Support Team) for this; they should know the appropriate location.
An example of the updated entry would be “v=spf1 +a +mx a:mail.zep.de -all” or “v=spf1 +a +mx a:mail.zep.de”.
Explanation of SPF Record
The SPF record (Sender Policy Framework record) is a type of security measure that helps protect email delivery and reduce email fraud. In simple terms, it is a rule set in the DNS settings of a domain to confirm which email servers are authorized to send emails on behalf of that domain.
When an email server receives an email, it checks the SPF record of the sender's domain to ensure that the email comes from an authorized server. If this is the case, the email is accepted. If not, the email may be classified as spam or forged and rejected or treated accordingly.
Reply-to name for automatically sent emails and for ZEP mail client
Here you enter the reply-to name that the recipient of an email automatically sent from ZEP sees.
The recipient then sees the following information in their mail program:
From: Sender name <sender-email-address>
Reply to: Reply-to name <reply-to address>
Reply-to address for automatically sent emails and for ZEP mail client
Here you enter the reply-to address that the recipient of an email automatically sent from ZEP sees. The recipient then sees the following information in their mail program:
From: Sender name <sender-email-address>
Reply to: Reply-to name <reply-to address>
Since it is usually not desired that the recipient responds to these automatically generated emails, a noreply reply-to address is frequently used.
E-mail header and E-mail footer
Here you can design the header and footer area of the emails sent by ZEP using a simple HTML editor.
Use special outgoing mail server for sending mail
If you wish to use your own email addresses as the sender, you can use your own mail server that belongs to these addresses (same domain).
We recommend using the ZEP mail server, as this avoids unnecessary waiting times when using ZEP. The ZEP mail server accepts the emails immediately and adds them to a queue - this is then processed in the background. (You only need to add a:mail.provantis.de to the SPF record for all your domains so that the emails are not considered spam.) Example: v=spf1 +a +mx a:mail.zep.de -all
When sending via your mail server, ZEP must transmit all emails directly to your server, and you have to wait while using ZEP during this time - depending on the mail provider used, this can take a few seconds. Depending on the ZEP settings, this can also influence the time recording of employees, as emails are sent directly when saving a time if overtime is exceeded, the planned number of the project is reached, etc.
Enter your outgoing mail server here if you do not wish to use the ZEP mail server. To do this, define your mail server as a "special outgoing mail server" with corresponding access data and set:
Sender name for automatically sent emails: ZEP
Sender address for automatically sent emails: [email protected]
In this case, nobody@localhost must no longer remain as the sender address, as this becomes [email protected] and our SPF record defines that emails with the sender @zep.de may only be sent by our systems.
Mail dispatch via Microsoft OAuth Azure
To allow ZEP to send emails via Microsoft Azure, access via OAuth must be configured as follows:
Azure Settings:
Access Azure: https://portal.azure.com
Then navigate via Azure Active Directory > App registration > "+ New registration" to the App registration:
Enter a Name, e.g., "ZEP"
Supported account types: Accounts in any... and personal Microsoft accounts...
Redirect URI:
Platform: Web
https://www.zep-online.de/zepXXX/view/oauth2smtp.php (replace zepXXX with your own ZEP; this URL can also be found in ZEP under Administration > Email > Change settings)
Press Register
Once the app is registered, copy the "Application (client) ID" and temporarily save it in a file (e.g., azure.txt).
Now select "Add a certificate or secret" and click on "+ New client secret". Here:
Enter a description
Valid until: 24 months (recommended)
Press Add.
Now copy the code displayed as the Value (Caution: not the Secret ID) and add it as a new line in azure.txt. Important: this code will not be displayed again later.
Afterwards:
API Permission menu option, then Add a permission > Microsoft Graph Delegated permissions:
Under OpenId permissions: select offline_access
Under SMTP: select SMTP.Send
Under User: select User.Read (this is usually created automatically; if not, please select it as well) Press the Add permissions button
Microsoft 365 Admin Center: Users > Active users > select the user > Email > Manage email apps > "Authenticated SMTP"
ZEP Settings:
Administration > My Company > Settings > Email > Change settings => select Use special outgoing mail server for sending mail
Fields relevant for Azure:
Sender address: same domain as username
Server: smtp.office365.com
Port: 587 (submission)
OAuth Id: first saved line in (e.g., azure.txt)
OAuth Secret: second saved line in (e.g., azure.txt)
Connection security: STARTTLS All others as before (no password required with OAuth)
Save
Then click the External Link icon. This leads to the Office 365 login page. Please complete the login
After a successful login, you will be redirected back to the mailbox page
=> Done!
Mail dispatch via Google Mail
Google Settings:
A guide on how to create an app in Google can be found here:
You must register the mail dispatch from ZEP as an app (https://cloud.google.com/console). There you will receive the OAuth ID and the OAuth Secret which you must enter in ZEP.
The redirect URL can be found in the ZEP settings for email when you switch to Google OAuth. Normally it is the following URL, where you must replace your ZEP name:
ZEP Settings:
Administration > My Company > Settings > Email > Change settings
Use own mail server
OAuth = Google
OAuth ID = obtained after creating credentials at Google
OAuth Secret = obtained after creating credentials at Google
Server = smtp.gmail.com
Username = your Google username at Google
Save
Afterwards, an arrow symbol appears in a box. You must log in there and grant the necessary permissions via pop-up if you have not already done so.
After logging in, you can send a test email using the letter symbol.
Company data and bank details
Here you can provide data about your company, such as location, tax numbers, and commercial register numbers, as well as details about bank accounts.
Login
Optionally specify whether ZEP may only be accessed from specific IP addresses: Activate the checkbox Use IP address authentication, enter the corresponding IP addresses separated by spaces, and save.
Optionally, ZEP provides the possibility of Login via OAuth: Under Administration > My Company > Settings > Login, specify whether you want to "Enable login via OAuth". Choose whether you want to enable this via Google, Microsoft (Azure), Keycloak, or General. Select the method first, and then the links will become visible. For secure communication from ZEP via OAuth, the "CLIENT ID" and "CLIENT SECRET" must be stored in the ZEP settings.
Optionally, you can specify whether the normal ZEP login should be blocked and who is allowed to unlock the ZEP login via email if necessary.
Google:
For this, your ZEP must be registered as an app via the "Google Cloud Console" https://cloud.google.com/console; the "CLIENT ID" (Google: "Client ID") and "CLIENT SECRET" (Google: "Client secret") are generated by Google during registration. During registration, ensure that the address for "glogin.php" below the view directory of ZEP is stored with Google as the "REDIRECT URI" (Google: "Authorized redirect URIs").
After configuration, any employee with a valid Google account can log in with their Google access data if the email addresses of the Google account and ZEP match. The employee has an additional field in their data (next to the email field): Google ID: the email address of the Google account must be stored here.
Login via Google can be initiated by calling the "glogin.php" page below the view directory of ZEP. The Google login can also be reached via the "Sign in with Google" link on the ZEP login page, provided the normal ZEP login is not blocked by the administrator.
Microsoft OAuth:
For Microsoft OAuth, your ZEP must be registered as an app via the app registration portal: https://aka.ms/appregistrations.
Select "New registration", enter the "Name" and "Redirect URL", and register.
Select "Authentication", enter the logout URL, and save.
In the registration, select "Certificates & secrets" and choose "Add new client secret". Please enter this value in ZEP under CLIENT SECRET.
Select "API permissions". Note that the user must have read permission for the API permissions.
Select "Overview": copy the "Application (client) ID" and enter it into the Client ID field.
If you have the setting "Supported account types: My organization only" in Azure, you must copy the Tenant ID (also known as the client or directory ID) from Azure and enter it in ZEP under Administration > My Company > Settings > Login > OAuth > Tenant ID.
Further information can be found at the link https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-registration-portal.
When logging in via OAuth through Microsoft, you must set the connection security to https (under Administration > My Company > Settings > General: Access via secure SSL connection: redirect automatically).
Password
Here you can set quality criteria for the passwords used in ZEP.
Minimum password length: Specify a minimum length for the password (at least 4, at most 30 characters).
Password character space: Optionally specify which character spaces (lowercase letters (a-z), uppercase letters (A-Z), numbers (0-9), special characters) must contain elements.
Password expiration days: Optionally, you can enter the number of days a password remains valid.
Allowed password attempts: You can specify how many attempts the employee has when entering their password before being prompted to request a new password.
What happens if you have forgotten your password or have exceeded the allowed number of input attempts?
ZEP then offers you: "Use this form if you have forgotten your password for ZEP. Enter your username or email address. ZEP will send you an email with information on how to define a new password."
Sending information for setting a new password only works if an email address is stored for your user in ZEP.