Global Settings
The following settings apply to all users and all files uploaded via MetaDefender Vault. Changing any of these settings will only affect files uploaded after the setting has been changed.
You can configure the default settings by going to Settings → Global Settings. Please note that you will need administrator privileges.
Guest Settings
Disable guest creation
This option disables the guest creation for all users, including administrators. If this option is turned on, the Users → Guests page on the left menu will disappear for all users.
This option is useful when you don't want your users to create temporary accounts and share files with people outside your organization or when the Single Sign-On enforced authentication option is active.
The options below will be inactive when this option is active.
In case there are any existing guests created they will not be able to login after this option is enabled.
Disable guest creation by users
Specifies if users can create guest accounts or not. Please note that administrators are still able to create guest accounts. If this option is turned on, users will not see the Users → Guests page on the left menu.
This option is useful when you don't want your users to create temporary accounts and share files with people outside your organization.
Disable editing guest expiration date by users
Use this setting if you wish to control the expiration time of guest accounts created by your users. For example, the following configuration ensures that your users can't create guest accounts that are valid for more than a day.
Default guest expiration period
The default period after which a guest account is permanently removed from the system.
External User Settings
Disable external user creation
This option disables external user creation for all users, including administrators. If this option is turned on, the Users → External Users page on the left menu will disappear for all users.
This option is useful when you don't want your users to create temporary accounts and share files with people outside your organization.
The options below will be inactive when this option is active.
Disable external user creation by users
Specifies if users can create external user accounts or not. Please note that administrators are still able to create external user accounts. If this option is turned on, users will not see the Users → External Users page on the left menu.
This option is useful when you don't want your users to create temporary accounts and share files with people outside your organization.
Disable external user expiration
This option controls whether external user accounts should have an expiration date or not. When enabled, the external user accounts creation dialog will no longer require users to select an expiration date for the new account. Also the system will disallow editing the expiration date for existing external users.
Disable editing external user expiration date by users
Use this setting if you wish to control the expiration time of external user accounts created by your users. For example, the above configuration ensures that your users can't create external user accounts that are valid for more than a day. Users will also be unable to edit the expiration date for owned external user accounts.
Default external user expiration period
In case there are any existing guests created they will not be able to login after this option is enabled.
The default period after which a external user account is permanently removed from the system.
Limit login attempts for External Users
This option enables the user lockout feature for External Users. When enabled, It will lockout external users, If they fail to authenticate before reaching the configured maximum amount of login attempts. The lockout time is depending on Lock account for (minutes) configuration field.
- Login attempts allowed before the account is locked: Number of failed login attempts that can be done before the account will be locked.
- Lock account for (minutes): If the number of failed login attempts is higher than the predefined number, the account will be locked for X minutes.
- Reset failed login attempts counter after (minutes): 0 - Counter is never reset X - Counter resets after X minutes.
Local User Settings
Force password reset on Local User creation
Use this settings If you wish to enable the Force password reset on next logon on the Local User creation modal. Important information, the Administrator can override this global configuration.
Limit login attempts for Local Users
This option enables the user lockout feature for Local Users. When enabled, It will lockout local users, If they fail to authenticate before reaching the configured maximum amount of login attempts. The lockout time is depending on Lock account for (minutes) configuration field.
- Login attempts allowed before the account is locked: Number of failed login attempts that can be done before the account will be locked.
- Lock account for (minutes): If the number of failed login attempts is higher than the predefined number, the account will be locked for X minutes.
- Reset failed login attempts counter after (minutes): 0 - Counter is never reset X - Counter resets after X minutes.
Session Settings
Absolute session timeout period
When enabled, this option defines an absolute timeout for a session. A session is automatically extended while a user interacts with the web application, however, it will not be increased any longer than the absolute timeout.
For example, with default values, a user who logs in at 9 AM would be able to stay signed in until 10 AM. If a file uploaded happens before 10 AM (i.e at 9:45 AM) the session is automatically extended until 10:45 AM.
This can happen over and over again until the user signs out (at which point the session is terminated) or a day has passed (1 day is the default absolute timeout).
Absolute session timeout period can range from a minimum of 5 minutes to a maximum of 7 days.
Please note that a very small value (i.e one hour) may lead to interrupted uploads while large values can negatively impact security.
Idle session timeout period
When enabled, this feature sets an idle timeout for user sessions. If there is no user interaction with the web application within this specified timeframe, the session will automatically expire, leading to an automatic logout of the user.
For instance, if the idle session timeout is set to 1 hour, a user who logs in at 9 AM and leaves the application untouched until 10 AM will experience an expired session.
However, if the user interacts with the application, the session will be extended until it reaches the absolute session timeout.
The idle session timeout has a minimum value of 1 minute and a maximum value of 2 hours.
File Settings
Download authentication required
This setting specifies if the files uploaded using MetaDefender Vault can be downloaded with or without requiring the user to login before downloading.
Enforce password protected download
This option demands users to download their files or folders in password protected archives.
Enforce system password policy for downloads
Enabling the option will force users to adhere to MetaDefender Vault password policy. The policy requires users to choose a password that has a minimum length of 12 characters, and the password also has to conform the required strength.
Archive file after download
This setting enables file archiving when the file is downloaded via MetaDefender Kiosk integration.
Fallback to global Core workflow
This option allows MetaDefender Vault to use the integrated MetaDefender Core global workflow in case no workflow is configured for the user or the workflow has been removed.
Sharing
This option specifies if file sharing between users is allowed or not.
Advanced sanitization
Allows users to skip sanitization: data sanitization can be skipped when uploading a file if the users wishes so.
Block files without sanitization: this option will ensure that files that were not sanitized are not available for download and will reach "Blocked: No Sanitization" state.
In order for this feature to work Supervisor Approval must be enabled and Multi-scanning and Data Sanitization must be configured.
The Blocked: No Sanitization state can only be changed by administrators by approving the file on Processing History page. Also, make a note of the fact that supervisors cannot allow a file in Blocked: No Sanitization state even by approving it.
Limit maximum file size
Enable this option if you wish to set a maximum size limit when a file is uploaded.
User quota (limit total files size)
Enable this option to limit user storage. When this setting is active
- All users will not be allowed to upload any files that would exceed the quota
- Current storage status will be shown at the information dropdown list area
Expiration date
Every file has its own expiration date. A default value can be configured with this option. Once a file expires it is permanently removed.
Allow editing file expiration date by users
Upon disable this option, the user is unable to change the file expiration time at uploading time, the value is set by default as the Expiration date.