Manage account templates

Use the Account Templates page to manage account templates.

The following topics provide example and how-to instructions for managing account templates:

Related topics:

Add an account template

Use the following procedure to add an account template.

  1. Select Accounts > Account Templates.
  2. The Account Templates page is displayed.
  3. Click New Account Template to open a new account template.
  4. The New Account Template page is displayed.
  5. Note The Address Book Settings are only displayed if the Address Book feature is enabled (the value of the AddressBook.Enabled configuration option is set to true). For Address Book account level configuration instructions, refer to Address Book account level configuration.
  6. Use hardcoded values, expressions in the supported expression language, or a combination of both to complete the fields for the account settings. Required fields are marked by an asterisk. Fields that accept either hardcoded values or expressions are indicated by a vertical yellow bar.
  7. Enter a name for the template in the Account Template Name field.
  8. Enter a pattern that uses question mark (?) to match one character and asterisk (*) to match any string of characters in the User Class field. This account template is associated with users in all classes whose names are matched by the pattern. For example, to associate the template with all users, enter *.
  9. To place users in a Business Unit, select a business unit from the list. Leave the setting as No Business Unit if users are not part of a business unit.
  10. To specify an HTML template to be used when users log in using the web client, select a value from the HTML template drop down.
  11. Select Encrypt Mode.
  12. This field can enable repository encryption for users associated with this template.
    • Unspecified (default) – Repository encryption is enabled based on the EncryptClass user class evaluation.
    • Enabled – Repository encryption is enabled for users associated with this template.
  13. Select File archiving policy.
  14. This field determines the file archiving policy.
    • When Default is selected, then the following apply:
      1. If the account is assigned to a business unit, it will inherit its policy.
      2. Otherwise, the global archiving policy applies.
    • When Enabled is selected, file archiving will be enabled for this account.
    • When Disabled is selected, file archiving will be disabled for this account.
  15. Note If the global file archiving policy is disabled, or if this account is assigned to a business unit with Allow File Archiving Policy modifying unchecked, then this option cannot be modified.
  16. The Delivery Method value controls the options that ST Web Client displays in the User Access window.
    • Disabled – The user cannot send files using ad hoc file transfers.
    • Default – Use the delivery method specified in the account template, if any, or in the Default Package Delivery Method field of the AdHoc Setting page.
    • Anonymous – The sender can choose Anonymous or Challenge.
    • Account Without Enrollment – The sender can choose Anonymous, Challenge, or Existing Account.
    • Account With Enrollment – The sender can choose Anonymous, Challenge, Existing Account, Enroll Unlicensed, or Enroll Licensed.
    • Custom – Select the allowed enrollment types in the Enrollment Types field. The sender can chose any of the selected enrollment types.
  17. For a custom delivery method, select one or more allowed enrollment types in the Enrollment Types field:
    • Anonymous – The ad hoc file recipient receives a link to retrieve the files and is not enrolled as a user. The ST Web Client option is Send attachment link only.
    • Challenge – The ad hoc file recipient receives a link and must answer correctly a challenge question specified by the sender to retrieve the files. The recipient is not enrolled as a user. The ST Web Client option is Protect attachment link with security question.
    • Existing Account – Do not enroll ad hoc file recipients. Only existing users can receive files. The ST Web Client option is Send to existing users only.
    • Enroll Unlicensed – If the ad hoc file recipient does not have a user account, the recipient must enroll and create an account before retrieving the files. The ad hoc file recipient becomes an unlicensed user who can only reply once to the email and retrieve the files. Other user attributes are defined by the enrollment template. The ST Web Client option is Allow recipients to enroll as new Unlicensed Users.
    • Enroll Licensed – If the ad hoc file recipient does not have a user account, the recipient must enroll and create an account before retrieving the files. The ad hoc file recipient becomes a SecureTransport user with all the attributes specified in the default enrollment template. The ST Web Client option is Allow recipients to enroll as new Full Licensed Users.
  18. The Implicit Enrollment Type value controls which option ST Web Client selects initially in the User Access window and which enrollment type is used by the Axway Email Plug-ins. The choices depend on the enrollment types enabled by the Delivery Methods and Enrollment Types fields.
  19. Select Allow reply to packages in Unlicensed Accounts to allow an unlicensed user associated with this template to reply to emails.
  20. Specify Login Settings.
    1. Select Allow this account to login by email to allow the user to log in using with the value of the Email Contact field as well as the Login Name. A user of one of the Axway Email Plug-ins must have Allow this account to login by email selected.
    2. Select Allow this account to submit transfers using the ST RESTful API to enable calls from the SecureTransport REST file transfer API authenticated with the credentials from this account. When this option is selected, the account will be allowed to trigger server initiated transfers using the Transfers RESTful API resource and retrieve the tracking information for these transfers.
  21. Enter a value or expression for the Email Contact.
  22. When this email address is the recipient of an ad hoc file transfer email sent from ST Web Client or one of the Axway Email Plug-ins, SecureTransport determines that this user is the recipient. If the user is allowed to log in by email, this is the value used in the User Name field of the login page.
  23. Note You can access the SSO email attribute that was previously mapped to fdxEmail with the expression ${sess.STSESSION_SSO.email}.
    Note Accessing Single Sign-On (SSO) attributes is not possible when using SSO with Kerberos authentication protocol. It is only possible with SAML.
  24. Enter a value or expression for the Phone Contact.
  25. Enter a value or expression for the numeric user ID of the user in the UID field.
  26. On Windows platforms, this field is named Real User and is optional.
  27. Note You can access the SSO UID attribute that was previously mapped to fdxUid with the expression ${sess.STSESSION_SSO.uid}.
    Note Accessing Single Sign-On (SSO) attributes is not possible when using SSO with Kerberos authentication protocol. It is only possible with SAML.
  28. Enter a value or expression for the numeric group ID for the user account in the GID field. The account uses the system access rights and privileges valid for this user group on the system.
  29. Note You can access the SSO GID attribute that was previously mapped to fdxGid with the expression ${sess.STSESSION_SSO.gid}.
    Note Accessing Single Sign-On (SSO) attributes is not possible when using SSO with Kerberos authentication protocol. It is only possible with SAML.
  30. Enter values or expressions for the home folder in the Change Home To fields for the account as an absolute path.
  31. Note You can access the SSO username attribute with the expression ${sess.STSESSION_SSO.userName}.
    Note Accessing Single Sign-On (SSO) attributes is not possible when using SSO with Kerberos authentication protocol. It is only possible with SAML.
  32. Select Access Level. The home folder access level determines whether and which other accounts are able to publish to the home folder of the current account.
    • Private – The access level is private. Only the current account is able to publish files to its home folder.
    • Business Unit – Account home folder access is limited to the account’s business unit. The current account and all accounts in the current account’s business unit can publish to this account’s home folder.
    • Public – Access to the account is public. All accounts are able to publish to this account’s home folder.
  33. Note Access level is applicable only when Advanced Routing feature is used. For more information see Advanced Routing.
  34. Select Password for enrolled accounts is stored internally in AdHoc Settings to generate the account's password during enrollment. If Password for enrolled accounts is stored internally is not selected, no password will be generated and stored in the SecureTransport database. When a new account with external password is enrolled, SecureTransport will send out an email notification; but will not send a temporary password.
  35. Note For SSO end-users you need to uncheck this option.
  36. Enter a value or expression for the text description of the user account in the Notes field.
  37. Select the Login Restriction Policy. The Login Restriction Policy defines rules for allow or deny login to users based on the client IP or host and other conditions. For additional information, refer to Login restrictions.
  38. If a Login Restriction Policy is selected as the global default policy, it will be the inherited default selection for the user account.
  39. If a Login Restriction Policy is not selected as the global default policy and the Business Unit has a Login Restriction Policy selected, it will be the inherited default selection for the user account.
  40. If neither a global default Login Restriction Policy or a Business Unit Login Restriction Policy is selected, then the policy selected for the users account will be in effect.
  41. Note The default inherited Login Restriction Policy can be overridden by selecting a Login Restriction Policy from On Account Template.
  42. To add an attribute, click Add Attribute. For additional information on Additional Attributes, refer to Additional attributes.
    1. Enter the attribute and value in the Attribute and Value fields.
    2. Add Attribute enables the administrator to add custom properties (Key=Value). Also the administrator will be able to access the custom properties (named Attributes) using in any fields in Advanced Routing.
    3. Some examples of Attributes are:
    4. AttributeValue
      userVars.1internalEmail@axway.com
      userVars.2ReportsMonitor
    5. To access attributes, see the following examples:
    6. ${account.attributes['userVars.1']}
    7. ${account.attributes['userVars.2']}
    8. For example, the account.attributes is the selector for attributes of the account used to execute the current route - it has to be written exactly as shown.
    9. The userVars. prefix must be prepended to attribute name.
    10. All this should be written as an EL expression: ${...}
    11. Click the attribute Save () icon.
  43. Once you have completed the information in the Settings pane, click Save to create the account template.
  44. To enable the account template, click Enable Account Template.
  45. Select the Certificates,Transfer Sites, Transfer Profiles, or Subscriptions tabs to add additional information to the template. Those pages are similar to the pages for an account, but permit expressions in some fields.
  46. To return to the Account Templates page, click Close or select Accounts > Account Templates.

Enable an account template

Once you have created the template, you must enable it to use it.

  1. Select Accounts > Account Templates.
  2. The Account Templates page is displayed.
  3. Click the name of the template you want to enable to view the template settings.
  4. Click Enable Template to make the template active.
  5. To return to the Account Templates page, click Close.

Disable an account template

You can also disable an already created template.

  1. Select Accounts > Account Templates.
  2. The Account Templates page is displayed.
  3. Click the name of the template you want to enable to view the template settings.
  4. Click Disable Template to make the template active.
  5. To return to the Account Templates page, click Close or select Accounts > Account Templates.

Certificates for an account template

Like a user account, an account template can have partner certificates and private certificates. It cannot have login certificates.

For more information, see Manage certificates.

Configure transfer sites for an account template

Use the following procedure to configure transfer sites for an account template.

  1. With the account template open, select Transfer Sites and click Add New.
  2. You must define the transfer site completely. Transfer sites in an account template do not support site templates.
  3. Type a Site Name.
  4. Select a Site Type.
  5. In the Add Transfer Site box, select the Transfer Protocol.
  6. To comply with AS2 protocols, it is not available.
  7. Type values or expressions for the required fields and the optional fields needed to define the transfer site.
  8. Transfer sites in an account template do not support server-initiated downloads, so the fields used for them are not displayed.
  9. You can use expressions in the fields indicated by a vertical yellow bar.
  10. To use expressions for the check boxes, select Advanced Expressions, and, in each field that replaced a check box, type 1 for selected (true) or 0 for cleared (false) or an expression that evaluates to 0 or 1.
  11. Note The custom Pluggable Transfer Site feature does not support the use of the SecureTransport Expression Language (EL).
  12. Click Add to save the transfer site.

For example, to select Use FTPS for the transfer site depending on the whether the target variable contains the string class, type the following in the Use FTPS field:

${stenv['target'].matches('.*class.*') ? '1' : '0'}

This expression tests the value of target and returns 1 if it contains the string class, 0 if not.

Note If an account template and its transfer site are defined using expressions, you cannot restart failed transfers for that account template using the Resubmit button on the File Tracking page.

Configure transfer profiles for an account template

An account template can have transfer profiles. You can use expressions in the Files To Send and Receive Files As fields.

For more information, see Transfer profiles.

Configure routes for an account template

Prior to configuring a route for an account template, the account template should have an Advanced Routing application instance subscription. For account template subscription information, refer to Configure subscriptions for an account template and to Subscribe to Advanced Routing application. Additionally, route package templates must be available for assignment. For information on creating and managing route package templates, refer to Manage Route Package Templates.

  1. With the account template open, select Routes, select a route package template, and click Assign Route.
  2. The Create Route Package page is displayed. You can navigate to the Edit Route Package Template page for the selected route package template by clicking the Created From link.
  3. In the Route Name field, type the desired name of the route. The route name can contain 254 characters or less.
  4. Note You cannot use the following characters in the route name: * < > ? " / \ | :
  5. (Optional) Enter a Description.
  6. In the Subscriptions pane:
    1. Click Assign to assign an available Advanced Routing application folder to the route.
    2. The Available Subscriptions page is displayed.
    3. On the Available Subscriptions page, select the checkbox for a folder from the Subscriptions Folder list and click OK to assign a folder to the route.
    4. The assigned folder is now listed in the Subscriptions List.
    5. To unassign an application folder, select the checkbox for the folder and click Unassign.
  7. In the Inherited Settings pane:
    1. Select the check box for a Template Route and click Disable to disable an enabled inherited route.
    2. Select the check box for a Template Route and click Enable to enable a disabled inherited route.
    3. NoteThe inherited Execution Rule cannot be changed.
  8. In the Specific Settings pane:
    1. Determine the Execution Rule. Select either All Matching Routes (default) or First Matching Route.
    2. When All Matching Routes is selected, all matching Routes are executed. When First Matching Route is selected, only the first matching Route is executed.
    3. Click New Route.
    4. The New Route Entry page is displayed. For Route configuration information, refer to Manage Routes.
    5. You can also enable, disable, reorder, and delete Routes in the Specific Settings pane. For information on enabling, disabling, reordering, or deleting Routes, refer to Manage Route Package Templates.
  9. In the Notifications pane:
    1. Select Notify following e-mails on route failure to be notified on route failure and enter a notification email address, a list of mail addresses, or an expression. For additional email configuration information, refer to SMTP configuration.
    2. Select the Mail Template from the menu to be used for route failure notifications. For email template configuration information, refer to Mail templates.
    3. Select Notify following e-mails on route success to be notified on route success and enter a notification email address, a list of mail addresses, or an expression. For additional email configuration information, refer to SMTP configuration.
    4. Select the Mail Template from the menu to be used for route success notifications. For email template configuration information, refer to Mail templates.
    5. Select Notify following e-mails on route triggering to be notified on route triggering and enter a notification email address, a list of mail addresses, or an expression. For additional email configuration information, refer to SMTP configuration.
    6. Select the Mail Template from the menu to be used for route triggering notifications. For email template configuration information, refer to Mail templates.
  10. Click Save.

Configure subscriptions for an account template

  1. With the account template open, select Subscriptions, select an application, and click Subscribe.
  2. Subscriptions in an account template do not support applications of type Standard Router, so they are not include in the drop-down list.
  3. In the Flow Settings pane, select the Existing flow attributes.
  4. If Preserve is selected, the attributes defined in the Flow Attributes pane will be applied only for newly received files which do not have associated flow attributes.
  5. If Overwrite is selected, the attributes defined in the Flow Attributes pane will overwrite any existing attributes for incoming files (for example, files published to this folder from another subscription folder).
  6. When Append is selected, only the attributes which are not defined for incoming files will be applied. Existing attributes will be preserved.
  7. In the Flow Attributes pane:
    1. To add an attribute, click Add Attribute. For additional information on Flow Attributes, refer to Flow attributes.
    2. Add Attribute enables the administrator to add custom properties (Key=Value). Also the administrator will be able to access the custom properties (named Attributes) using in any fields in Advanced Routing.
    3. Some examples of Attributes are:
    4. AttributeValue
      userVars.1internalEmail@axway.com
      userVars.2ReportsMonitor
    5. To access attributes, see the following examples:
    6. ${account.attributes['userVars.1']}
    7. ${account.attributes['userVars.2']}
    8. For example, the account.attributes is the selector for attributes of the account used to execute the current route - it has to be written exactly as shown.
    9. The userVars. prefix must be prepended to attribute name.
    10. All this should be written as an EL expression: ${...}
    11. Click the attribute Save () icon.
  8. Type values or expressions for the required fields and the optional fields needed to define the subscription.
  9. Subscriptions in an account template do not support server-initiated downloads, so the fields used for them do not appear.
  10. You can use expressions in the fields indicated by a vertical yellow bar.
  11. To use expressions for additional fields including the check boxes, select Advanced Expressions.
  12. The fields and check boxes are replaced by fields with a vertical yellow bar.
    • In each field that replaces a check box, type 1 for selected (true) or 0 for deselected (false) or an expression that evaluates to 0 or 1.
    • In the other fields, type a value or an expression that evaluates to the value required.
    • In the Compression Type field for applications that have the Encrypt File option such as application of type Basic Application and Site Mailbox, type one of the following values that represent available compression algorithms or an expression that evaluates to one them:
      TypeValue
      Use preferred (algorithm obtained from PGP key)-1
      Uncompressed0
      ZIP1
      ZLIB2
      BZIP23
    • In the Compression Level field, type an integer between 1 and 9, where 1 represents the least compressed but fastest level and 9 represents the most compressed but slowest level or an expression that evaluates to an integer between 1 and 9. The values that correspond to the levels available when Advanced Expressions is not selected are:
      LevelValue
      Fast2
      Normal5
      Good7
      Best9
  13. Click Add to add the subscription to the account template.

Examples of expressions in an account template

You can use expressions on the Settings pane, Transfer Sites pane, and Subscriptions pane when creating an account template. The following examples show some of the expressions you can use.

The following table gives examples of expressions in account settings:

Field Expression Description
UID ${sess['STSESSION_LDAP_DIR_uidNumber']} Returns the UID from the LDAP session.
GID ${sess['STSESSION_LDAP_DIR_gidNumber']} Returns the GID from the LDAP session.
Home Folder ${sess['STSESSION_LDAP_DIR_homeDirectory']} Returns the home folder specified in the LDAP session.
When you have attribute maps configured, you can use the following named variable expressions instead:
UID ${stenv.useruid} Returns the UID.
GID ${stenv.usergid} Returns the GID.
HomeDir ${stenv.homedir} Returns the home folder.
If the account template is for licensed or unlicensed users enrolled after receiving notification of an ad hoc file transfer: If the account template is for licensed or unlicensed users enrolled after receiving notification of an ad hoc file transfer: If the account template is for licensed or unlicensed users enrolled after receiving notification of an ad hoc file transfer:
Email Contact ${stenv.recipient_email} Returns the email address for recipient of the ad hoc file transfer.
Home Folder ${stenv.recipient_email} Returns the email address for recipient of the ad hoc file transfer to create a unique home folder.

The following table gives examples of expressions in transfer sites:

Field Expression Description
Upload Folder /upload/${stenv.loginname} Returns the subfolder based on the user login name in the upload folder.
User Name ${stenv.loginname} Returns the user login name.
Certificate x509_${stenv.loginname} Returns the user login certificate.
With Advanced Expressions selected, you can use the following complex expressions:
Upload Folder /${stenv['target'].
replace('^(.*)_(.*)_(.*)$','$2')}
or
/upload/${stenv['target'].
matches('.*\\.((jpg)|(gif)|(txt))$') ? stenv['target'].
replace('^.*\\.((txt)|(jpg)|(gif))$','$1') : 'general/'}
Returns the upload folder based on the match and replace expression criteria.
Enable SSL ${stenv['target'].matches('^(ssl).*')} Returns a 0 (false) or 1 (true) based on the match criteria.
Note You can also use regular expressions such as ${stenv.target}only to return the file name or ${filename(stenv.target)}-${random} to change the file name.

The following table gives examples of expressions in subscriptions:

Field Expression Description
Subscription Folder mailbox_el_${stenv.useruid} Returns the folder using the UID.
${flow.attributes['userVars.ATTRIBUTE_NAME']} Returns the folder using the attribute name.
Receive Options
Decrypt PGP File As:
${stenv.loginname}_${embedded} Returns a file name based on the login name and the embedded file name.
Keep Original As: archive/${date('yyyy.MM.dd')}/
${filename(stenv.transformation_input)}
Returns the location and file name based on the date and the PGP file name.
With Advanced Expressions selected, you can use the following complex expressions:
Send Options
Send Files Directly To:
${stenv.loginname}_ftp Returns a location based on the user login name.
Receive Options
Decrypt PGP File:
${stenv['target'].
matches('.*((\\.pgp)|(\\.gpg)|(\\.asc))')}
Returns a 0 (false) or 1 (true) based on the match criteria.
As: ${empty embedded ? filename(stenv.transformation_input).replace('(\\.pgp)|(\\.gpg)|(\\.asc)') : embedded} Returns the file name to which the decrypted file is saved.
Keep Original: 1 The value 1 represents true. SecureTransport recognizes the field as being selected.
As: archive/${date('yyyy.MM.dd')}/
${filename(stenv.transformation_input)}
Returns the file name based on the original PGP file name.
Use Data Compression ${extension(filename(stenv.transformation_input))
.matches('(\\.jpg)|(\\.mov)') ? 0 : 1}
Returns a 0 when the file extension is .jpg or .mov. These file types are already compressed and do not require compression.
Compression Type 2 Compresses the file using ZLIB.
Compression Level 5 Compresses the file using the Normal setting.

Export an account template

You can export an account template to an XML file.

  1. Select Accounts > Account Templates.
  2. The Account Templates page is displayed.
  3. In the first column, select the account template to export.
  4. Click Export an Account Template.
  5. The Export Account page is displayed.
  6. Type a password in the Password field. This password is used to encrypt the sensitive information contained in the template account. You must use this password when you import the template account to decrypt the sensitive information.
  7. Retype the password in the Re-enter Password field.
  8. Click Export.
  9. When the XML file with the exported account template is ready, click Download Exported Accounts and save the file to your local computer.

Related Links