Specify which technique should be used to authenticate the Web User. Valid methods are Azure Active Directory, Windows Active Directory (AD), LDAP, IBM i user profiles, LDAP Managed server(s), and the
Managed File Transfer
database. The valid methods are defined on the
Login Methods page.
When the default option is selected, the Web User will use the default Login Method for Web Users specified in the
Login Methods page. To authenticate against another Login Method, clear the checkbox and select it from the drop-down list. The password options are only shown when authentication is performed against the
Managed File Transfer
database.
Password Generation
Passwords for Web User accounts can be generated automatically based on the
Web User Password Policy. Otherwise the Web User Manager creating the account can manually specify a password. If specifying the password,
Managed File Transfer
will alert you if the password does not meet the
Web User Password Policy. The maximum password length is 20 characters.
Password Options
If authenticating the Web User account against the
Managed File Transfer
database, the following options can be specified for the Web User password:
Display password to the page - The new Web User password is displayed on the page.
Allow User to Change Password - This option makes a Change Password link available at the top of the page in the HTTPS File Transfer Portal.
Force Password Change at Next Login - This option is only available to Web Users using the HTTPS service. If selected, this option will force a Web User to type a new password after a successful initial login.
Password Expiration Interval
>If authenticating the Web User account against the
Managed File Transfer
database, the password expiration interval determines how long before a password expires.
Password Expires After - The Web User password will expire after the specified number of days.
Authentication Types
The Authentication Type can be specified per service. This provides the Web User Manager with complete control over the Web User's access. For example, a Web User can be forced to use a Password and Certificate when authenticating to FTPS but only require a Password for HTTPS. If a certificate is used for authentication, the Client Authentication setting on the SSL tab of the specific
service must be set to Optional or Required.
If certificate authentication is specified and the certificate being used is either self-signed or signed by an untrusted Certificate Authority (CA), then the certificate will need to be
imported into the Default Trusted Certificates Key Store. Importing the certificate instructs
Managed File Transfer
to trust this source. If the certificate being used is already signed by a trusted authority (for example, Verisign, GoDaddy, Equifax, etc.) the certificate does not need to be imported since the trust is inherited.
HTTPS
Password - Web Users login using their standard Web User name and password.
Certificate - Web Users are authenticated by a certificate which must be in the
Managed File Transfer
Default Trusted Key Store and on the Web User's local computer. This method does not require the Web User to specify a user name or password any time they use
Managed File Transfer
. If Certificate is selected, type the unique SHA1 Fingerprint for the Web User's certificate in the box. Each Web User must have a unique SHA1 Fingerprint.
Either - If a matching certificate is found during the connection, the Web User will automatically authenticate. However if a match is not found, the Web User can still login to the
Managed File Transfer
server with a user name and password. If Either is selected, type the unique SHA1 Fingerprint for the Web User's certificate in the box.
AS2
Password - Web Users login using their standard Web User name and password.
Certificate - Web Users are authenticated by a certificate which must be in the
Managed File Transfer
Default Trusted Key Store and on the Web User's local computer. This method does not require the Web User to specify a user name or password any time they use
Managed File Transfer
. If Certificate is selected, type the unique SHA1 Fingerprint for the Web User's certificate in the box.
Either - If a matching certificate is found during the connection, the Web User will automatically authenticate. However if a match is not found, the Web User can still login to the
Managed File Transfer
server with a user name and password. If Either is selected, type a SHA1 Fingerprint for the Web User's certificate in the box.
Password and Certificate - Web Users are authenticated by their standard Web User name and password along with a shared certificate that is both on the
Managed File Transfer
server and the Web Users' local computer. Type the certificate's SHA1 Fingerprint in the box.
FTPES (Explicit SSL)
Password - Web Users login using their standard Web User name and password.
Certificate - Web Users are authenticated by a certificate which must be in the
Managed File Transfer
Default Trusted Key Store and on the Web User's local computer. This method does not require the Web User to specify a password any time they use
Managed File Transfer
. If Certificate is selected, type the certificate's SHA1 Fingerprint in the box.
Either - If a matching certificate is found during the connection, the Web User will automatically authenticate. However if a match is not found, the Web User can still login to the
Managed File Transfer
server with a user name and password. If Either is selected, type the certificate's SHA1 Fingerprint in the box.
Password and Certificate - Web Users are authenticated by their standard Web User name and password along with shared certificate that is both on the
Managed File Transfer
server and the Web Users' local computer. Type the certificate's SHA1 Fingerprint in the box.
FTPS (Implicit SSL)
Password - Web Users login using their standard Web User name and password.
Certificate - Web Users are authenticated by a certificate which must be in the
Managed File Transfer
Default Trusted Key Store and on the Web User's local computer. This method does not require the Web User to specify a password any time they use
Managed File Transfer
. If Certificate is selected, type the certificate's SHA1 Fingerprint in the box.
Either - If a matching certificate is found during the connection, the Web User will automatically authenticate. However if a match is not found, the Web User can still login to the
Managed File Transfer
server with a user name and password. If Either is selected, type the certificate's SHA1 Fingerprint in the box.
Password and Certificate - Web Users are authenticated by their standard Web User name and password along with shared certificate that is both on the
Managed File Transfer
server and the Web Users' local computer. Type the certificate's SHA1 Fingerprint in the box.
SFTP
Password - Web Users login using their standard Web User name and password.
Public Key - Web Users use a public key on the server to encrypt a session key that produces a secure login.
Either - If a matching public key is found during the connection, the Web User will automatically pass authentication. However if a key match is not found, the Web User can still login to the
Managed File Transfer
server with a user name and password.
Password and Public Key - Web Users must login using their Web User name and password along with a public key.
Associate an SSH Public Key with a Web User by using the
SSH Keys option on the
Web Users page.