In addition to or instead of EFT-managed administrator accounts, administrator users can authenticate via Active Directory (AD). For remote connections, the connecting account must have access to the computer on which EFT is installed. Password complexity, expiration, and so on for AD accounts are managed by the AD server rather than on EFT.
You can add Active Directory users and groups as administrator accounts and the user or group appears in the administrator account names list on the Server's Administration tab. If a user account is added to EFT only as a part of a group, the user assumes the permissions of its group. If the user is a member of multiple defined groups, the permission (role) and assignment(s) allocated to the group that provides the most privileges are assigned to that user.
An EFT administrator you should not be able to perform the following actions on an AD-configured user or site:
Reset Password
Change Password
Rename
Delete (although available in the EFT admin UI, but it doesn't delete the user)
An EFT administrator should be able to perform the following actions, however, they run the risk of it being overwritten when a "User Database refresh" is performed:
Update any account details such as Name, email, phone, etc. within the "Details" tab
Remove account as part of the inactivity cleanup
An EFT administrator should be able to perform the following user-related actions:
Set protocols values for the user (enable/disable/overwrite/inherit)
Set Connection Limits for the user (enable/disable/overwrite/inherit)
Set Transfer Limits for the user (enable/disable/overwrite/inherit)
Enable/Disable users
Kick users
Unlock users
Expire users
Related Topics
Refer to Local Computer Administrators Group for more information about accessing EFT using the administrator credentials for the local computer.
Refer to Creating
EFT Administrators