ID:

Created:

Type:

Enabled

When account is disabled, all authentication requests will fail.

The account name is also known as the user name or login name used in the authentication process.

Select the list of groups associated with this account.
The first group in the list is the primary group.

One or more comma-separated email addresses associated with this account.

Free text description for this account.

File access

The directories and files to which this account has access to.

Path to folder in which files for this account are stored.
${OS_HOME} will be replaced with the path provided by the operating system.

Mapping of virtual folders to real paths available for this account. Set it to inherit to use the group configuration.
Leave it empty to not use virtual folders.

Comma separated values of permissions for this account.
Check the documentation for more details.

Most of the time you want to create SFTPPlus application accounts. OS account type should only be created when you need to overwrite OS configuration options.

Lock access

Deny access to files and folders outside the home folder. Only operating system accounts may have this configuration option.

When this option is enabled the server will try to create missing home folders for authenticated accounts.

OS local account to hold ownership of the newly created home folder.

OS local group to hold ownership of the newly created home folder.

You can only change this configuration at the group level. The groups configuration values are presented below for quick review.

Maximum number of bytes allowed for a single file upload operation.
Set to 0 to not have any limit.

Group configuration: bytes.

bytes
Unique Uploads

Once the UUID prefix is enabled, a unique identifier string is amended at the beginning of each file name.

Authentication

The following configuration option define the credentials used to authenticate this account.

Update password for this account.
Current password is stored using one way encryption method and cannot be retrieved.

Score {{password_meter.score}}

Shared secret for TOTP-based multi-factor authentication. It can be used with Google or Microsoft Authenticator or any other compatible application.

TOTP hidden

A single public key (in any format) or a list of OpenSSH public keys (one per line) used to authenticate this account.

Path to file or directory containing authorized SSH keys.
This is legacy config. Use Allowed SSH Keys instead.
Leave empty to not load SSH keys from external files.

Allow SSL certificates

When SSL/TLS certificate-based authentication is enabled, accounts can be authenticated without requiring a password.

What type of credentials to require for the successful authentication of this account.

Security

The following configuration option define the access restrictions for this account.

Source IP/CIDR access control rules for this account.
Check the documentation for more details.
Leave empty to use the IP addresses configured in the associated groups.

Number of inactivity days after which the account is automatically disabled.
Set to 0 to not auto disable the account.

Group configuration: days.

days

Local date and time after which this account will no longer be authorized.

at
Allow password change

You can only change this configuration at the group level.

Yes No

Number of days for which a password is valid.
Set to 0 to disable password expiration.

Group configuration: days.

days
AS2 file receive

The AS2 configuration options from the account page are used for receiving AS2 files. For sending AS2 files, you will need to configure an AS2 location.

Require AS2 HTTP authentication

Whether all AS2 messages should be HTTP authenticated.

One or more certificates (in PEM format) used to validate signed files received for this account.

One or more CA certificates (in PEM format) used to validate the asynchronous MDN HTTPS connection.
Leave it empty to disable async MDN support for HTTPS.
Set it to "Disabled" to disable the HTTPS security checks.