ONLYOFFICE Docs 9.1: Introducing the new Admin Panel for enterprises
Starting with version 9.1, the Admin Panel is available for ONLYOFFICE Docs Enterprise. This secure web interface is designed to give server administrators streamlined control over configuration, monitoring, and security. It simplifies server management, providing a centralized location to oversee your ONLYOFFICE Docs instance. Let’s dive into what the Admin Panel offers and how you can get started.
What you can do with the Admin Panel
The Admin Panel is your new command center for managing the core aspects of your ONLYOFFICE Docs Enterprise. It provides a user-friendly interface to handle complex configurations and monitor performance without needing to dig into server files directly.
Key capabilities include:
- View statistics: Get insights into your server’s performance and usage, including info on your build, database, and license, current connections for the editors and Live Viewer, peaks.
- Configure AI: Add and assign AI models for various tasks, applied server-wide.
- Test example: Use the integrated example to experience live document editing in action.
- Configure security settings: Manage access and protect your instance with robust security options, such as IP filtering.
- Manage file size limits: Set maximum file sizes and download thresholds for document processing.
- Manage WOPI settings: Easily configure Web Application Open Platform Interface (WOPI) settings for integrations.
- Run health checks: Quickly check the status and health of your server to ensure everything is running smoothly.
Besides, you can configure expiration settings, enable request filtering, set up notifications, and locate forgotten files.
Please note: This is the initial version of the Admin Panel for Docs Enterprise. Future updates will bring more sections and options.
Getting started: initial setup
By default, the Admin Panel is disabled upon installation. To get it up and running, you’ll need to follow a simple, one-time setup process designed with security in mind.
1. Start the Admin Panel server
When you first start the Admin Panel server, it will detect that no administrator password has been configured. This triggers the initial setup process. You can find instructions by navigating to the welcome page at http://example.com/welcome.
2. Locate your bootstrap code
The server will automatically generate a temporary bootstrap code and display it in the server logs. The message will look something like this:
AdminPanel SETUP REQUIRED | Bootstrap code: AB12CD34 | Expires: 2025-10-01T20:50:00.000Z | Open: http://example.com/admin
This 8-character code is a crucial part of the secure setup process. It’s important to note that this code is only valid for one hour.
3. Complete the setup
Open your web browser and go to http://example.com/admin. You will see the setup page.
- Enter the bootstrap code from your server logs.
- Create a strong password for your admin account.
- Click Complete Setup.
Once you complete these steps, you will be automatically logged into the Admin Panel.
A focus on security
The entire setup process is built around strong security principles.
- Secure codes: The bootstrap code is stored only in memory and is displayed just once in the logs. It becomes invalid as soon as an admin password is set.
- No plaintext passwords: Your password is never transmitted over the network or stored in logs. Only secure hashes are stored in the
runtime.jsonconfiguration file. - Strong hashing: Passwords are protected using the PBKDF2-SHA256 algorithm with 600,000 iterations, following OWASP recommendations.
Daily use and management
Once set up, accessing and managing your Admin Panel is straightforward.
Regular login
To log in, simply navigate to http://example.com/admin, enter your admin password, and click Log In. For security, your session will automatically expire after one hour of inactivity. Sessions are protected using secure, HTTP-only cookies with SameSite=Strict protection to prevent CSRF attacks.
Changing your password
You can change your password at any time from within the Admin Panel.
- Log in and navigate to the Change Password page.
- Enter your current password.
- Enter and confirm your new password.
Your session will remain active after the password is changed.
Password reset and recovery
If you forget your admin password, you can reset it by deleting the passwordHash entry from the runtime.json file. After doing so, the server will generate a new bootstrap code, and you can follow the initial setup process again to create a new password.
Admin Panel in a cluster deployment
The Admin Panel is fully compatible with cluster deployments. To ensure seamless operation across multiple nodes, you need to use a shared secret.
Set the environment variable ADMINPANEL_BOOTSTRAP_SECRET to the same value on all nodes in your cluster. This allows a bootstrap code generated on one node to be used for setup on any other node. Once the setup is complete and a password is set, all bootstrap codes across the entire cluster become invalid.
Explore the new Admin Panel
The new Admin Panel for ONLYOFFICE Docs Enterprise puts powerful server management tools at your fingertips. It simplifies administration, enhances security, and provides valuable insights into your server’s health and performance.
We encourage all administrators to explore this new feature and discover how it can streamline your management workflow.
Got any questions? Feel free to reach out to us at sales@onlyoffice.com. We’re here to help!
Create your free ONLYOFFICE account
View, edit and collaborate on docs, sheets, slides, forms, and PDF files online.
