MindLink Anywhere Management Center

Configuration Sections

The MindLink Management Center will load with the logging configuration as its default page. The user can navigate through different configuration settings by using the navigation tree , which includes the following configuration sections:

  • Licence
  • Logging
  • General
  • Add-Ins
  • Lync/Skype for Business
  • Active Directory
  • Exchange
  • Call routing
  • Group Aliases
  • Translation
  • Custom Preferences
  • Advanced
  • Feature
    • MindLink Anywhere
      • Authentication


The licence page ensures the products you are using are supported by MindLink and that only the correct products (as stated by contract) are in use. Once you install a product's management center the License tab will be the first tab you see. Each Management center requires a valid license file to be provided.

MLA Newly Installed Management Center

License File

The Browse for license file... button opens a file browser window, from which you select the licence file provided during your pruchase of the MindLink Product(s); This will be the file you received within the correspondence with your account manager.

Once the file is selected the details will populate as long as the license is valid.

License errors

If the license is not accepted there will be an error message that indicates the cause of the issue.

For example, if a license reaches expiry the following message will appear. icon Please contact your account manage to receive a current license within contract renewal.

License Details

Selecting a valid license file will populate the details section with the license informaion. MLA License for 1000 users

  • License Holder: This field specifies the Company name the license is issued to and also the product owner at the time of purchase.

  • Expiry date: The date the product expires. At this time (grace period built in) the product will cease to function.

  • Details: This field contains the product/s that the license has been issued for. MindLink will not run with an incorrect product license (a single license can be issued for multiple products).

Enabled users

This capacity is based on the number of users who could log on, rather than the current number of users logged on.

The system periodically checks the number of users who could log on and starts rejecting new logons if it sees that the number of hypothetical users is larger than the licensed capacity.


The logging section enables the user to configure the logging level as well as the log file location for the Connector Service.

Please note that logging on the Connector Service is performed using the Microsoft Enterprise Library Logging Application Block.


By default logging is configured as follows:

  • Error level - Error class events
  • Warning level - Warning class events (Recommended)
  • Info level - Info class events
  • Verbose level - All class events

Logging Configuration

You can Configure the Connector service logging level and log file location by Clicking on the Browse button will let you find an absolute path to a new log file location, or you can manually edit the field to a path relative to the Connector Service install location.

The account used to run the Connector Service must have write access to the install location of the product in order to log to the rolling log file. The file can by default be found at %ProgramFiles%\MindLink Software\MindLink Application\ConnectorService\Logs\Connector.log


The General section lets the user configure the general settings that will be applied to the Connector Service. icon

Information Service

Information service port: The port number used when behind a load-balancer to provide a service heart-beat.To allow collocation, Default Ports are as below and can be tested eg http://{server}:9007/Connector/InfoService/Status

  • MindLink API = 9006
  • MindLink Anywhere = 9007
  • MindLink SharePoint 9008
  • MindLink Mobile = 9009

File Transfers

Maximum concurrent downloads: The maximum number of allowed concurrent file download requests.

If an attempt is made to download a file when the number of active file downloads to the server is equal to the number specified, the download will fail with an error indicating that the server limit is currently exceeded and to try again later.

Maximum concurrent uploads: The maximum number of allowed concurrent file upload requests.

If an attempt is made to upload a file when the number of active file uploads to the server is equal to the number specified, the upload will fail with an error indicating that the server limit is currently exceeded and to try again later.

Maximum file size for file uploads: If the configured connector supports file posting, the maximum size of files in kilobytes allowed to be uploaded.

If an attempt is made to upload a file that is larger than the specified size, the server will return an error indicating that the file is too large to upload.


Enable instant messaging: When set, allows connected clients to use one-to-one messaging. When not checked, user presence will not be published, instant messaging will be disabled, and the client will be limited to group messaging functionality. Any client that exposes instant messaging functionality when instant messaging is disabled will receive failure notifications from the server when an attempt is made to use such functionality.

MindLink Requires at least one chat modality - instant messaging or group chat - to be enabled

Enable group chat: When set, allows connected clients to use group chat. When not checked, group chat preferences are not loaded and users will not see any groups or chat rooms to which they are subscribed in their contacts list nor will they be able to search for and add groups.

MindLink Requires at least one chat modality - instant messaging or group chat - to be enabled

Allow user to disable instant messaging When set, allows users to specify whether they want to log on with or without the instant messaging capability enabled on their web or mobile client. When not checked, users will not be able to choose to enable/disable instant messaging upon login and the setting will default to the configuration in the management center .

Allow user to disable group chat When set, allows users to specify whether they want to log on with or without the group chat capability enabled on their web or mobile client. When not checked, users will not be able to choose to enable/disable group chat upon login and the setting will default to the configuration in the management center .

Enable file transfers in 1-1 conversations - Allows users to upload files into IM conversations. This functions the same as file uploads into Group Chat conversations, supporting most file formats. Images, Text files, PowerPoint, videos, Excel files and .PDF files are all supported, among other file types. Any file upload must comply with the size restructions configured in the File transfers section above.

Enable audio calls - Enables audio calls in MindLink. The call option will be available in IM conversations, as one-to-one calls, and in Multiparty conversations as a conference call. Both call types are ccross-platform compatable with the native Lync and Skype for Business clients.

More information can be found on the ML Anywhere Troubleshooting page, under the Troubleshooting Voice Calling section.

Enable setting profile pictures - Allows user to set profile pictures in the web client.

Users can add, change or remove profile pictures through the MindLink client itself. This functionality must be enabled in the management tool first [Lync 2013 only] and allows a user to make changes from their contact card. When configured, a 'Upload photo' button will be showin in the contact card.

When not check profile pictuires can be view in the MindLink client, but users are not able to set a profile picture.

Message Constraints

Message Constraints

Maximum message length: The number of characters that a single message can include.

If an attempt is made to send a message that is longer than the specified length, the server will not send the message and an information message will appear in the server logs.

Maximum story length: The maximum number of characters that a single story can include.

If an attempt is made to send a story that is longer than the specified length the server will not send the story and will return an error indicating that the story exceeded the allowed story length.


These are special panels that appear below the chat input panel in chat rooms. The system administrator configures which panel appears in which chat room using the Group Chat Administration Tool.


Client Add-Ins are actually web pages hosted inside the Group Chat Console client, which communicate with the parent window using JavaScript.

MindLink Anywhere hosts each Client Add-In inside a Html IFRAME element within the MindLink Anywhere page. The Client Add-In can communicate with MindLink Anywhere using the same JavaScript calls as in the Group Chat Console client.

However, to enable this communication to happen, both MindLink Anywhere and the Client Add-In page must be served from the same domain and port address. This is a standard security requirement enforced by all browsers.

For instance, if MindLink Anywhere is served from http://www.MindLink.net/MindLink Anywhere, then for any Client Add-In to be shown in MindLink Anywhere it must also be served from a relative path on http://www.MindLink.net e.g. http://www.MindLink.net/myclientaddin

In an enterprise environment, it is often not the case that MindLink Anywhere and any Client Add-Ins will be served from the same actual machine. Hence, they will be served from different domains/ports and so Client Add-In/MindLink Anywhere communication will be forbidden. The use of a reverse-proxy is therefore required to mux requests to MindLink Anywhere and to any configured Client Add-Ins to the same domain. See the Prerequisites page to Configure Add-in Proxies

Lync/Skype for Business

The Adaptor section manages the selection of the underlying chat system to which to connect and the infrastructure DNS servers that define the chosen platform. lync/sfb


Server Version: Select the chat platform from the dropdown : Lync 2013, Skype 2015 or Skype 2019

Auto Provisioning Server Information: (Lync 2013/SFB Only) Enable the auto detection of the Front End Server. This will allow the server to detect any server changes within the Topology and auto configure the new servers. This requires Lync Core Components to be installed

Auto Provisioning Application ID: (Lync 2013/SFB Only) Enter the Application ID of the trusted application on the Front End.

Local Server Name: Manually enter the FQDN of the local machine

Next hop connection

Server Name: Manually enter the FQDN of the OCS/Lync/SFB front end or pool server.

Trusted Application Server

Server/Listen Ports: The default communication port for OCS/Lync/SFB used by the Front End Server to listen on when using trusted authentication.To allow Collocation the default ports are as below :

  • MindLink API => 4096
  • MindLink Anywhere => 4097
  • MindLink SharePoint => 4098
  • MindLinkMobile => 4099

Platform Certificate: The certificate to use for establishing an MTLS connection with the OCS/Lync server.

Persistent Chat

Multiple Persistent Chat Pools

Auto Provision Group Chat Information: Automatic discovery of the lookup address for querying Group Chat. Use this option to look at multiple chat pools.

Default Persistent Chat pool endpoint address: Manually enter the lookup address for querying Group Chat. This is the address created upon activation; use Get-csPersistentChatEndpoint to identify.

Connect to Multiple Persistent Chat Pools Multiple Persistent Chat Pools

Users can connect to multiple persistent chat pools. This allows users to join any chatrooms that are in the located on any of the specified persistent chat pools


Explicit conections involve specifying specific chat pools in the management tool. Only users within those specified persistent chat pools can login. A single chatpool can be specified in the Default Persistent Chat pool endpoint address field. Multiple chat pools are specified by clicking the Connect to multiple Persistent Chat pools checkbox. Entries added in the table can be removed by pressing the Delete key.


Auto provision

Auto provisioned connections allow users to login as any user located on the configured persistent chat pools on the server. The user does not need to specify any of the configured chat pools to login as users located on them.


Use untrusted connection: To Debug the communication protocol and transport mechanism during debug mode.

Disable transport: The transport type between the Connector service and the OCS pool e.g. TLS or TCP during debug mode.

Authentication Protocol: Domain protocol set to either NTLM or Kerberos.

Conversation History

Conversation History: Enable conversation history saving and loading.


Preferences: Sets the file repository for saving local preferences.

Private File Transfers

Private file transfrer cache - Specified direcory where private file transfers cache folders are kept


Session timeout: This sets the timeout for MindLink Anywhere. The MindLink client will be set to an idle/away status after being disconected from the network after the configured time has elapsed.

Active Directory

active directory figure

LDAP Connections

Enable Auto discovery of Global Catalogue

OCS/Lync/ Forest Name: Select the relevant forest name in which platform is installed and base for AD operations for users.

Server Name: Manually enter the FQDN of the LDAP server is Auto-Discover is not detecting correctly.

Use Default Port: Default port number of the Global Catalog used to look-up user SIP addresses from Active Directory i.e. 3268.

Port Number: To enter a custom port number to look-up user SIP addresses from Active Directory.

Active Directory Time-out: Specify the time interval in seconds for Active Directory queries.

Use Default Naming Context: Auto-discover the name of the root context of the directory. Use this is membership is not restricted.

Naming Context: Manually enter full OU path if users are to be restricted to this AD OU object


Search Filter: Must be configured, responsible for retrieving sip address for a user via Active Directory.

Default user domain: The default domain that will be used if a user does log specify a domain in their user name when logging on.

Restrict usage to members of an AD group. Restrict access to Membersof this AD Group to be able to log in

Group Name: Select the Group from the dropdown (start typing the name to dynamically list) if users are to be restricted to this AD Group.



Administrators can explicitly configure how the exchange server is resolved. This can be done automatically by ticking the Autodiscover Exchange Web Services box or the URL can manually be entered in the box below. Additionally, a list of well-known URLs can be added where the management center will look to resolve the exchange server name based off of those URLs.

Call routing

Call routing

This section is for configuring connections to STUN/TURN servers for voice call routing.

Group Aliases

When enabled, per-room aliases can be set in chat rooms. This will replace the user name with a custom name up to 50 charaters. The user's actual name will still show below their alias name in smaller, grey text.

Enable group aliases: This enables aliases in chat rooms

Group Aliases

Database connection string Configure the connection string with the following syntax:

**Server=<Principal>;Initial Catalog=<Database>;Integrated Security=SSPI**

Server=FQDN SQL server; Initial Catalogue=SQL catalogue; Integrated Security=SSPI

or if you wish to use a Failover SQL partner you could use the following syntax :

Server=FQDN SQL server; Failover Partner=FQDN SQL partner; Initial Catalogue=SQL catalogue; Integrated Security=SSPI

Override credentials for database operation If the user running the management center does not have sufficient SQL permissions, then these can be overridden by a set of credentials that have sufficient permission by your SQL administrator.

After adding the credentials for the user, the connection to the database will need to be tested. The management tool will display an error if the configuration is incorrect.

Test the conneciton: To check the validity of a relevant SQL database connection string and the override credentials , select 'Test'. The following steps may differ and as such are outlined in the two scenarios listed below.

Once the database connection has been tested successfully, the MindLink service can be started.


This is one of the features we looked at in the 1. Planning & Prerequisites section. Message translation allows users to translate messages in a coversation from a foreign language into their target language, which is configured on the Logon page. Transaltion

Enable Translation will activate the translation configuration in the following section:

Translation Service

Translation service-based URL: This is the URL of the translation service you are using.

API Key: This is the key from your translation service used to provision the functionality.

API Key HTTP header name: This is the HTTP header name for the API key.

Configuring message translation will show the language picker on the log in page. From here users can select their language preference from the languages provided by the tranlsation service.

Langauge picker

Custom Preferences

The administrator is able to keep a repository of user preferences. This enables the continuation of preferences across group chat sessions. This also allows for the ability to read preferences across nodes.
An example of such a deployment could be a file share across a network. This allows an administrator to store preferences across multiple machines within a network (if required) meaning that changes made on one machine persist across multiple nodes when the same file store is referenced. In this sense, preferences can be stored cross-site.


Custom preferences repository location: The pathway in which the preferences are written to, which can be anywhere that is capable of being read and written to; including across networks. If you don't know where to put it the MindLink install directory can be used, as shown in the screenshot.

Test is a button that will test access to the pathway. In the event the file pathway referenced is not accessible it is possible to either A) change location (in the event it is invalid) OR Provision access rights to the service account running MindLink Anywhere, which is a prerequisite to utilising the custom preferences repository. If successful the message "Custom preferences repository location is available" will show.

Also worth noting is the possibility of having preferences persist during an outage such as in an active-passive disaster recovery scenario. If two machines are connected properly and preferences are shared it is possible that in the event machine 1 falls, machine 2 can pick the preferences up without any outage on the user side. Please note that a batch job would have to be setup to facilitate this transference of preferences across the machines


Advanced tab

You can add debug keys (such as configuring Exchange Online or enable pre-release features) and you can also override any other configuration value. Examples of a couple custom setting keys include:

  • Configuration key: connector.uma.serverversion Value: Unknown
  • Configuration key: global.message.maxlength Value: 200
Configuration Key Configuration setting value
Key Value
Key Value

Notes when using custom settings:
- Custom key/value
- Invalid keys cause the host to crash

This section manages MindLink Anywhere settings that affect the way the web client is hosted and displayed to a user.



Web client port number: The port number at which the web client will be available. For example, if the port number is 9080 and HTTPS is enabled, then navigating to "https://{fqdn}:9080/ will display the web client.

Use HTTPS: When set, hosts the web client over HTTPS. A valid certificate must be specified in order for the configuration to save successfully.

Certificate: A valid certificate must be specified in order for the configuration to save successfully.

Base Path: Appended text to the URL i.e. https://FQDN:port/yourbasepath .

Session Timeout: The session time out period assigned to manage the session when long polling stops.

Long Polling Session Timeout: Defines when long polling will stop.


Cusotm disclaimers can now be configured that will display when connecting to the web client. disclaimer

Enable Disclaimers will enable the functionality.

Disclaimer: Set the default disclaimer in the text box. This disclaimer will show for all users connecting to the web client, unless a client connects with a discriminating request header

Enable different disclaimers based on request headers will allow Request Headers to be set up that show different disclaimer content.

Discriminating Header Name will be the universal header name applied. One value is set and all Discriminated Disclaimers are nested within.

Discriminated Disclaimers is where the different disclaimers are set up. The Discriminator is the request header value, while the Disclaimer is the message content to display. Multiple disclaimers can be configured at once, as long as the Discriminator is unique.

A header and footer section can be configured in the MindLink Anywhere client. This banner shows at the top and bottom of the client respectively.

Custom Header: The header is shown at the top of the client

Header and Footer - A URL will need to be set

  • The height of each region can be set seperately.

  • An invalid URL format will display a warning message Header and Footer

The below image displays how these regions appear in application.

Custom Footer: The footer shows at the bottom of the client.

Header and Footer - A URL will need to be set

  • The height of each region can be set seperately.

  • An invalid URL format will display a warning message Header and Footer

Custom URLs

19.5 introduces a management tool configuration to Customize URL links for the homepage, help link and provide a group management link. Custom URL Links

Custom Homepage URL: When a custom Homepage URL is configured, the MindLink icon in the top-left will redirect to the configured URL instead of to MindLink's default page.

This new URL will be displayed within the MindLink client, rather than a new tab.

Help link URL: Providing a valid URL will introduce a new icon in the header of the web app.

Clicking the icon will open the URL in a new tab.

If an invalid URL is used the icon will not show.

Group Management URL: When a valid URL is provided, a new icon is added to the top of the dock.

Clicking the icon will open the URL in a new tab.

If an invalid URL is used the icon will not show.


Password authentication is the default mechanism, where users manually provide their usernams and password. MLA Management Center Authentication

MindLink also supports Single Sign-On which allows a user to log onto related systems once and not have to re-enter their credentials for each system. Enabling SSO involves the configuring of the adaptor, and may involve extra configuration depending on the type of connector. For all connectors, the client must be told to connect via SSO by checking the Enable SSO box.

There are two protocols which support Single Sign-On, 1. Windows Authentication and 2. HTTP Header Authentication


Token Issuing Certificate: Select the certificate to use for the Token Issuing Service. It is mandatory that you provide a token issuing certificate, as this is used to manage user authentication. Ensure that the certificate has a key length of 2048 bits and is set up for digital signing.

allow users to select preferred authentication mechanism: Gives the user the ability to select their prefered authentication mechanism. This is only available when more than one mechanism is configured. If more than one authentication mechanism is enabled and the authentication fails then the mechanism will attempt to authenticate with the next mechanism, until all have been attempted. Desktop Auth

Password Authentication

Enable password authentication: Enabled by default. When enabled, connecting to the MLA server simply presents a web version of the MindLink Anywhere username and password screen. Desktop Password Authentication

Windows authentication (NTLM/Kerberos)

MindLink Anywhere Single Sign-On supports both Windows Integrated Authentication and NTLM mechanisms.

Windows Integrated Auth is supported browsers except Safari. If Kerberos is not available, Single Sign-On automatically resorts to NTLM.

For Kerberos to be supported, the MLA URL must be registered as a Service Principal Name.

These are windows authenticaion mechanisms to authenticate using SSO. SSO (Single Sign-on) allows users to sign in once with their details and be automatically authenticated each time they visite the MindLink site.

NTLM: For the SSO functionality of MindLink Anywhere to work correctly, the MindLink Address will need to be treated as a trusted site section of the End-Users Web Browser. This can be configured by Group Policy or manually. These Instructions are based on Manual configuration using Internet Explorer - other Browsers may vary.

From within Internet Explorer go to Tools > Internet Options Internet options

In the dialogue box that launches, select the security tab

Select the Trusted Sites icon and click the Sites button Trusted sites


Insert the address of the MindLink Anywhere instance, and click Add.

Click Close, Click OK Close

Kerberos: operates using "principles" which are identifiers for users and services for which Kerberos tickets can be generated. So that a client can create a ticket readable by a service, it looks up the service principal name and asks the Kerberos server to produce a ticket that can be given to the service. If the service has no registered principal name, or an incorrect principal name is used (for instance falling back to a default service name) then the ticket will be incorrect and authentication will fail.

Windows Authentication: Windows authentication can be implemented by running the following command as a domain administrator: Kerberos Note this only affects Windows Authentication, NTLM does not use SPNs.

Bypass SSO

By appending a query string to the url the SSO mechanism can be bypassed, allowing the client to automatically utilise the configured authentication mechanism to log on directly without prompting. Windows configuration needs to be configure to use bypass feature. The query string to bypass SSO is below:

  • ?bypassLogOnConfiguration=true#/

The first request will require the user to enter credentials, even when using the bypass query string. Every login after the initial will login automatically.

HTTP header authentication

This allows the client to be authenticated using a configured pre-authenticated header. Enabling this option allows HTTP headers to be passed to an external authentication module, for example a proxy server.

Example:User credentials can be read from the relevant attributes within the HTTP header of theuser's security certificate. These attributes are thenauthenticated against an authentication module such as a proxy. Once authenticated successfully, a session is thenestablished.

further information on SSO can be found in the Pre-Requisites section found further information on SSO can be found in the Pre-Requisites section found here

External URL Redirection

External URL redirection allows the MLA client to redirect to a specified URL in the event of authentication failure opr the user logging out. Desktop Auth

Authentication failure redirect URL will redirect the user to the configured URL if they fail to authenticate.

Log out redirect URL will redirect the user to the configured URL when they log out. If a user is unable to authenticate i.e. enters the wrong credentials, it is possible to have them redirected to an external URL i.e. www.google.com