Creating a User Account

This procedure provides instructions for creating a user account on Sites that use GlobalSCAPE Authentication. For the procedure for creating an EFT Server administrator account, refer to Configuring Server Administrators.

To create a user account

1. After you have completed the Site Setup wizard, you can continue directly to the New User Creation wizard. Otherwise, in the EFT Server administration interface, connect to EFT Server and click the Server tab.

2. Do one of the following:

   • On the main menu, click Configuration, then click New User.

   • Right-click the Server node or any node within it, then click New User.

   • On the toolbar, click the New user icon .

   (On Active Directory Sites, if an invalid domain was created, the New User option is disabled.)

   The Create New User wizard appears.

3. In the Username box, provide the logon name. All characters are supported except the asterisk (*) and the plus sign (+). Username length is limited to 150 characters. (If the path to the user's home folder happens to exceed the maximum number of characters allowed by the Windows operating system, the VFS home folder name will be truncated. The default path is in the Site root /Usr/%USER.LOGIN%.)

4. (Optional) Click Details. The New User Account Details dialog box appears.

   1. Provide the user account Name, Description, Phone, Fax, E-mail, and/or Pager information. In the Custom 1, Custom 2, Custom 3, and Comments boxes, you can provide other phone numbers, office numbers, mail box number, location, and so on. The E-mail address box cannot contain more than 255 characters.

   2. Click OK to return to the wizard. (The e-mail address is validated when you click OK. If the e-mail address contains invalid characters or does not contain the @ symbol, an error message appears. Click OK to dismiss the error message, then correct the address.)

5. In the Password and Confirm password boxes, provide the account password or click Generate to generate a complex password. If you click Generate, the password appears in the box so that you can provide it to the user. (If the passwords do not match, an error message appears when you click Next.)

6. In the Password Type drop-down list, click one of the following:

   • Standard - A plain text password is required.

   • Anonymous - Any password, including nothing, allows an anonymous connection. (See note below.)

   • Anonymous (Force e-mail) - Any well-formed e-mail address is the password. (See note below.)

   • OTP S/KEY MD4 - Used for logging in to an OTP- enabled server.

   • OTP S/KEY MD5 - Used for logging in to an OTP-enabled server.

   • PCI DSS requirement 8.5.8 states that you should not use group, shared, or generic accounts and passwords. To address this requirement, EFT Server hides the Anonymous password types for Sites defined using the "strict security settings" anywhere that the password type is selectable.

7. If RADIUS is enabled on the Site, the Enable RADIUS check box appears under the Generate button. The check box is set to inherit the Settings Template/Site setting by default. If the check box is selected/inherited, the Password, Confirm password, Generate, Password type, and the E-mail check box are disabled. If you do not want to enable RADIUS for this account, clear the check box. When the user is created, the account is assigned an auto-generated password based on the password complexity Rules for the assigned Settings Template. Doing so avoids the possibility of a user account with a blank password if RADIUS is disabled. (RADIUS is available in EFT Server Enterprise only.)

8. (Optional) In the E-mail address box, provide the user's e-mail address. If you do not provide an e-mail address for the user, the user icon is identified as such in the tree, and the account will not be available for multi-user editing. The E-mail address box cannot contain more than 255 characters. (If you provided an e-mail address in the New User Account Details dialog box in step 4 above, the address is copied to this E-mail address box.)

9. (Optional) Select the E-mail login credentials to this user check box. The username and password are sent to the e-mail address provided. Refer to E-mailing User Passwords for details, if necessary.

   PCI DSS requirement 8.5.7 states that you should communicate password procedures and policies to all users who have access. You can edit the default text of the e-mail that is sent when you create a new user (CredentialsTemplate.txt) to include your organization's password policies and procedures. This file is stored in EFT Server's Application Data folder (by default, C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server Enterprise. On Windows 2008, Application Data files for all users are in a hidden folder named %systemroot%\ProgramData instead of under Documents and Settings\All Users\Application Data.)

10. Click Next.

11. In the Site drop-down list, click the list to select the Site to which you want to add the user. If only one Site is defined, or if you clicked in a Site tree before clicking New User, the Site's name is displayed in the list box.

12. Click the Settings Template list and click the Settings Template to apply to the new user. All new users are automatically members of the Default Settings Template. You can move the user to a different template later if you have not yet defined a custom Settings Template.

13. In the Home folder box, type or click the folder icon to browse for and select a path (from the relative Site root) to the user's home folder. The default path is in the Site root /Usr/%USER.LOGIN%. You can also add the variables %USER.FULL_NAME% and %USER.EMAIL% to the path. You cannot navigate up past the Site root and no verification is performed to determine whether the path is valid.

    If you use /Usr/ as the account's home folder (and remove the default %USER.LOGIN%) and clear the Grant FULL permissions to user in this folder check box, the account will inherit the permissions of the /Usr/ folder, which are Show this folder in parent list and Show files and folder in list. The account will not have permission to upload, download, and so on. Refer to Setting VFS Folder Permissions for details of setting permissions on individual accounts.

    • The Make the home folder the default root folder for this user check box setting is inherited from the User Settings Template/Site, but you can override the setting. If you do not want the user to have a home folder, clear this check box. Select the check box to make the home folder the user's default root folder.

    • Select the Grant the user full permissions in their home folder check box if you want the user to have full permissions to their home folder.

    • If you do not grant users full permissions to their home folders, they will inherit their Group's permissions.

14. Next to Assign group membership, click Groups. The Group Membership dialog box appears.

15. Permission Groups are used in the Virtual Folder system to assign permissions to users. Each user is assigned to the All Users group. To assign the user to one or more other Groups, double-click the Group or click the Group and use the arrows to move the Group between the Member of and Not a member of boxes, then click OK.

16. Click Next. The protocols page appears.

17. Select one or more check boxes next to the protocols on which the user is allowed to connect to EFT Server. (At least one check box must be selected.) The grayed-out check boxes indicate inherited settings from the Settings Template and Site. Clear the check boxes next to the protocols on which the user is not allowed to connect to EFT Server. If the text next to the protocol is also grayed out, the protocol has not been enabled for the Site and is not available.

    • If you selected any SSL protocol check boxes, click SSL Auth to configure SSL authentication options for this user, if different from the Site/Settings Template.

    • If you selected the SFTP check box, click SFTP Auth to configure SFTP authentication options for this user, if different from the Site/Settings Template. After specifying an SSH key for a user, new user accounts will have the same SSH key preselected.

    • You can configure inbound only or outbound only AS2 partners/accounts.

18. Click Finished.

    • If you selected the AS2 check boxes, a prompt appears regarding configuring this partner's AS2 settings. Click OK.

19. The user account appears in the tree and is selected. To create more users, repeat the procedure above starting with step 2.

Related Topics

Adding or Removing Users to or from a Group

Enabling or Disabling a Settings Template or User

Expiring a User Account