User Management

Overview

MetaDefender Managed File Transfer supports several types of users:

• Local Users
• External Users
• Active Directory Users
• Guest Users
• Global Supervisors

Local users can be created and managed through the graphical user interface by navigating to "Users" → "Local Users." Administrators can create, enable, disable, or delete users at any time.

External Users are accounts intended for clients outside the organization. These users have minimal permissions, such as uploading and downloading files.

Active Directory Users are users imported from your Active Directory server. To enable Active Directory synchronization in MetaDefender Managed File Transfer, please refer to Active Directories.

Guest Users are temporary accounts that any user can create. By default, these accounts expire after one hour, but the expiration time can be adjusted. Note that guest users do not have a username or password—they use only a Guest ID to log in.

Deleting Users

When deleting any type of user, all their owned files are moved to Recycle Bin. User deletion can be performed through the user interface, API, or Active Director Sync.

When attempting to delete a Supervisor, Managed File Transfer checks to ensure the user is not a mandatory Supervisor whose deletion would disrupt the Approval Process. In such cases, Managed File Transfer will not allow the deletion.

Local Users

Administrators can create local users from the user interface without needing to integrate with an Active Directory server. When creating a local user, it is also possible to assign a role to that user.

Administrators can create new accounts by clicking the "+" button. Passwords must be in line with the system's policy.

Administrators can require new users to change their password upon first login. This feature can also be applied to existing local users during their next login, though active sessions will not be terminated.

When creating a new user, administrators can choose between six user types:

1. User - regular account with minimal permissions, such as uploading, downloading and sharing files.
2. Administrator - account with elevated permissions to change configuration settings.
3. Readonly Administrator - account with view-only access to all the configured settings.
4. Helpdesk Administrator - account with access to change global configuration.
5. Auditor - account with access to audit logs with file activity.
6. Global Supervisor - account with the ability to see and instantly approve all pending requests, eliminating the need for further steps.

Administrators can edit existing local users, including their username, password, email, and role.

External Users

External user accounts are designed for long-term file sharing with partner clients or organizations. This role cannot see internal users and can only share files with their owner.

An external user account can only log into the system if:

• It has not expired
• The external account is enabled
• The parent/creator account is active and enabled
• Trusted network rules are met

Administrators and users can create external user accounts by navigating to "Users" → "External Users" and clicking the "Create external user" button.

Ensure the password meets the system policy requirements, then click "Continue."

External user accounts may require an expiration date, depending on the configured settings. Click "Create" to finalize the new account.

Once created, external user accounts can be edited, enabled/disabled, and deleted.

By clicking the "Edit" button, you can update the account's credentials using the same dialog that was used during account creation.

Active Directory Users

Active Directory users are synchronized from your "Active Directory" server into MetaDefender Managed File Transfer. They can login using the same username and password as their Active Directory credentials. Note that you cannot edit or change information for these users in any way.

Guest Users

A guest account is a temporary account with limited access and lifetime. Any user can create a guest account and share files with it. A guest user can only upload files to themselves or to the account owner who created their guest account.

A guest user account can only log into the system if:

• It has not expired
• The guest user account is enabled
• The parent/creator account is active and enabled
• Trusted network rules are met

To create a guest account, log in and go to "Users" → "Guest."

Click the "Create Guest" button in order to generate a new guest user. You can configure the ID length to be between 12 and 255 characters.

You can also add an optional email address for the guest user to receive notifications.

Choose the desired expiration date and click "Create" to finalize the operation. Use this page to perform actions like suspending, editing, or deleting a guest account.

Logging in with a Guest Account

To log in with a guest account, instruct your guest user to access the login page and use the generated PIN code.

Groups

The "Groups" page lists both "Active Directory" and "Custom groups."

Listing Active Directory and Custom groups

Custom Groups

Custom Groups are user-defined collections created by an administrator, where both Local and Active Directory users can be included as members. Each Custom Group must have a unique identifier (name) and can optionally have a separate display name. Administrators can modify group MetaDefender Core™ Workflow (Custom MetaDefender Core Workflow Rule for Groups) and enable Shared Spaces for collaboration within the group.

Modal of Add Custom Group

Modal of Edit Custom Group

Active Directory Groups

Active Directory groups are created after an Active Directory Authentication Source is configured. You cannot add new groups, but you can edit attributes such as Display Name or Custom MetaDefender Core Workflow Rule for Groups.

Edit modal for Active Directory Group