User Management
Overview
There are multiple types of users in MetaDefender Managed File Transfer:
- Local Users
- External Users
- Active Directory Users
- Guest Users
- Global Supervisor
Local users can be created using the graphical user interface by navigating to Users → Local Users. Using this page administrators can create / enable / disable or delete users at any moment.
External users are accounts meant to be used by clients outside the organization. They have minimal permissions such as uploading and downloading files.
Active Directory users are users imported from your Active Directory server. In order to learn how to enable Active Directory synchronization in MetaDefender Managed File Transfer please refer to Active Directories.
Guest users are temporary accounts that any user can create. By default, these accounts expire in one hour but the user can choose a different expiration. Please note that guest users do not have a username or password they have only a Guest ID that can be used to login.
Additional topics:
Deleting Users
When deleting a user of any type all their owned files are moved to Recycle Bin. User deletion in this context can be executed via any of the following methods: user interface or API or Active Director Sync.
When attempting to delete a Supervisor, Managed File Transfer checks and verifies that the user isn't a mandatory Supervisor, which its deletion will result in breaking the Approval Process. In such cases Managed File Transfer will not allow the deletion.
Deleting a user will also remove any API keys created by that user
The last local administrator can't be deleted, but can be disabled if other administrators are present e.g. administrators set by an Active Directory configuration
Local Users
Administrators can create local users from the user interface without the need to integrate with an Active Directory server. When creating a local user it is also possible to specify a role for that user.
Administrators can create new accounts by clicking the '+' button, make sure your password is matching the system policy.
Administrator users can force the newly created users to change their new password upon the next logon. In the context of user creation, It means the first authentication. This feature exists for existing local users, this will be applied again for their next login, If They are having an active session, It will not be terminated.
When creating a new user, administrators may choose between six user types:
- User - regular account with minimal permissions such as uploading, downloading and sharing files.
- Administrator - account with elevated permissions that can change configuration settings.
- Readonly Administrator - account that is able to see all the configured settings in read-only mode without altering any of the current settings
- Helpdesk Administrator - account having access to change global configuration
- Auditor - account with the ability to access audit logs, what files were uploaded and many more
- Global Supervisor - account with the ability of see and instantly approve all pending requests, eliminating the need for further steps.
Administrators have the ability to edit existing local users including the username, password, email and role.
External Users
External account role is designed for sharing files with partner clients or organizations on a long-term basis. This role cannot see internal users and can only share files with its owner.
An external user account can only log into the system if
- It is not expired yet.
- External user account is enabled.
- Parent/creator account is active/enabled.
- Trusted network rules are met.
Administrators and users can create external user accounts by navigating to the Users → External Users tab and clicking on the Create external user button.
Please make sure that the password matches the system policy and click Continue.
External user accounts may or may not require an expiration date depending on configured settings. Please click Create in order to create the new account.
Once created, external user accounts can be edited, enabled/disabled and deleted.
By clicking on the Edit button, the same dialog used in account creation will appear allowing you to update the account's credentials.
Active Directory Users
Active Directory users are users that have been synchronized from your Active Directory server in MetaDefender Managed File Transfer so that they can login using the same username and password as the Active Directory username and password. Please note that you cannot edit/ change information for these users in any way.
Guest users
A guest account is a temporary account that has limited access and lifetime. Any user can create a guest account and can share files with this account. A guest user can only upload files to himself or to the owner that created his guest account.
A guest user account can only log into the system if
- It is not expired yet.
- Guest user account is enabled.
- Parent/creator account is active/enabled.
- Trusted network rules are met.
In order to create a guest account, you need to log in and go to Users → Guest
Click on Create Guest button in order to generate a new guest user. You can configure the length of the ID to be between 12 and 255 characters.
You can also add an optional email address to the guest user, through which the guest user can receive notifications.
An email address can be shared among multiple guest user accounts, but not with any other user types.
The email address can also be removed during editing, but email notifications will no longer be sent to that guest.
Choose the desired expiration date and click Create in order to finalize the operation. Use this page in order to perform any operation like suspending, editing or deleting a guest account.
Login with a guest account
In order to login with a guest account, you need to instruct your guest user to access the login page and use the generated PIN code.
