Create a user account

Note In order for login by email to function properly, all user accounts must be assigned unique email addresses. Additionally, the client password reset feature will not work if emails assigned to users accounts are not unique.

You can create new user accounts using the Administration Tool.

  1. Select Accounts > User Accounts. The User Accounts page is displayed.
  2. Click New Account.
  3. The Settings pane of the New User Account page is displayed.
  4. Note The Address Book Settings are only displayed if the Address Book feature is enabled (the value of the AddressBook.Enabled configuration option is set to true).
    Note When you create a user account, all the tabs except Settings are disabled.
  5. Type the Account Name. The name of the account must be unique for the system. If an account already exists with the name you specify, SecureTransport prompts you to enter another name. This field is mandatory. Account Names cannot contain more than 80 characters. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
  6. Enter a valid Email Contact.
  7. When this email address is the recipient of an ad hoc file transfer email sent from ST Web Client or one of the Axway Email Plug-ins, SecureTransport determines that this user is the recipient. If the user is allowed to log in by email, this is the value used in the User Name field of the login page.
  8. Enter a valid Phone Contact.
  9. Select an Account Type. Use this parameter to differentiate between accounts that transfer files internally and those that transfer files between partners. Choose from the following:
    • Unspecified – Default value. All accounts created using versions of SecureTransport that do not have this option have this value.
    • Internal – Transfers for this account occur within a single organization.
    • Partner – Transfers for this account occur between organizations
  10. Select a Business Unit. The default setting is No Business Unit.
  11. Select the HTML Template that SecureTransport displays when the user logs in to the SecureTransport web client.
  12. Note If you select the default HTML template, the SecureTransport web client uses whatever template is specified on Miscellaneous Options page.

  13. Select a Routing Mode.
  14. This field controls how SecureTransport behaves when it is the intermediate partner in a PeSIT transfer directed to this account and the transfer cannot be completed because no transfer site matches the routing destination and the account has no PeSIT default site.
    • Reject (default) – A PeSIT transfer that cannot be routed is rejected before it starts.
    • Accept – A PeSIT transfer that cannot be routed is performed and the file is retained locally.
    • Ignore – A PeSIT transfer that cannot be routed is ignored.
  15. Select Encrypt Mode.
  16. This field can enable repository encryption for this user.
    • Unspecified (default) – Repository encryption is enabled based on the EncryptClass user class evaluation.
    • Enabled – Repository encryption is enabled for this user account.
  17. Select File archiving policy.
  18. This field determines the file archiving policy.
    • When Default is selected, then the following apply:
      1. If the account is assigned to a business unit, it will inherit its policy.
      2. Otherwise, the global archiving policy applies.
    • When Enabled is selected, file archiving will be enabled for this account.
    • When Disabled is selected, file archiving will be disabled for this account.
  19. Note If the global file archiving policy is disabled, or if this account is assigned to a business unit with Allow File Archiving Policy modifying unchecked, then this option cannot be modified.
  20. Type the numeric user ID of the user in the UID field. This field is mandatory on UNIX and Linux platforms. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
  21. On Windows platforms, this field is named Real User and is optional.
  22. Type the numeric group ID for the user account in the GID field. The account uses the system access rights and privileges valid for this user group on the system. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
  23. Enter a valid home folder in the Change Home To field for the account as an absolute path. SecureTransport validates the directory path you specify and prompts you for a new path if necessary. This field is mandatory. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
  24. Add a base folder path in the field to the left of the forward slash (/) and add the home folder in the field to the right of it. You can add multiple levels, such as /home/dev3/test, but the parent directories must be typed in the field to the left of the slash. Only the final child directory should be in the field to the right of the slash. When you select a business unit, a base folder for the business unit is automatically added. The base folder must be the business unit base folder. You cannot change the base folder for a user account if a business unit is selected unless the business unit has the option Allow Base Folder modifying selected.
  25. Although you can use the / when adding parent directories to a home folder, you cannot use the following characters in the home folder name: * < > ? " / \ | :
  26. Note If you change the home folder when editing a user account, any subscription folders the account has are reinitialized. In other words, the subscription folders are created again under the new home folder of the account. None of the other folders created by the user will be moved and the user will no longer have access to them. This also happens if the user is moved from one Business Unit to another.
    Note For SecureTransport on Windows, you can create a home folder for an account in a UNC format, pointing to a local or a remotely shared folder over the network.
    Note On Windows, when a network share is used as a home folder for an account, you must manually create a directory with proper access settings. SecureTransport cannot create the home folder because the SecureTransport services run on Windows as service accounts with a local system user as its owner. You must either use SecureTransport impersonation functionality or use permissions sufficient for the network share to be accessed by local system users. For more information, refer to Real users on Windows.
    Note Transaction Manager agents must use the Windows impersonation functionality (mapping virtual users to real users) as needed to access directories on a network share (that is, directories in UNC format or on mapped drives. paths.
  27. Select Access Level. The home folder access level determines whether and which other accounts are able to publish to the home folder of the current account.
    • Private – The access level is private. Only the current account is able to publish files to its home folder.
    • Business Unit – Account home folder access is limited to the account’s business unit. The current account and all accounts in the current account’s business unit can publish to this account’s home folder.
    • Public – Access to the account is public. All accounts are able to publish to this account’s home folder.
  28. Note Access level is applicable only when Advanced Routing feature is used. For more information see Advanced Routing.
  29. Enter a text description of the user account in the Notes field.
  30. The Delivery Method value controls the options that ST Web Client displays in the User Access window.
    • Disabled – The user cannot send files using ad hoc file transfers.
    • Default – Use the delivery method specified in the account template, if any, or in the Default Package Delivery Method field of the AdHoc Setting page.
    • Anonymous – The sender can choose Send attachment link only or Protect attachment link with security question.
    • Account Without Enrollment – The sender can choose Send attachment link only, Protect attachment link with security question, or Send to existing users only.
    • Account With Enrollment – The sender can choose Send attachment link only, Protect attachment link with security question, Send to existing users only, Allow recipients to enroll as restricted users (receive and reply to messages only), or Allow recipients to enroll as unrestricted users. (Elsewhere the Administration Tool refers to restricted users as unlicensed users and unrestricted users as licensed users.)
    • Custom – Select the allowed enrollment types in the Enrollment Types field. The sender can chose any of the selected enrollment types.
  31. For a custom delivery method, select one or more allowed enrollment types in the Enrollment Types field:
    • Anonymous – The ad hoc file recipient receives a link to retrieve the files and is not enrolled as a user. The ST Web Client option is Send attachment link only.
    • Challenge – The ad hoc file recipient receives a link and must answer correctly a challenge question specified by the sender to retrieve the files. The recipient is not enrolled as a user. The ST Web Client option is Protect attachment link with security question.
    • Existing Account – Do not enroll ad hoc file recipients. Only existing users can receive files. The ST Web Client option is Send to existing users only.
    • Enroll Unlicensed – If the ad hoc file recipient does not have a user account, the recipient must enroll and create an account before retrieving the files. The ad hoc file recipient becomes a restricted user who can only reply once to the email and retrieve the files. Other user attributes are defined by the enrollment template. The ST Web Client option is Allow recipients to enroll as restricted users (receive and reply to messages only).
    • Enroll Licensed – If the ad hoc file recipient does not have a user account, the recipient must enroll and create an account before retrieving the files. The ad hoc file recipient becomes a SecureTransport user with all the attributes specified in the default enrollment template. The ST Web Client option is Allow recipients to enroll as unrestricted users.
  32. In the Ad-Hoc settings area: when the value of the Delivery Method field is not Default, the Implicit Enrollment Type value controls which option ST Web Client selects initially in the User Access window and which enrollment type is used by the Axway Email Plug-ins. The choices depend on the enrollment types enabled by the Delivery Methods and Enrollment Types fields. Challenge is not an option because the Axway Email Plug-in do not include the challenge question and answer function.
  33. (Optional) When the Address Book feature is enabled, the Address Book Settings are displayed. To configure the user account Address Book settings:
    1. Select the Address Book source.
      • Default - The account inherits either its business unit Address Book policy or the global Address Book policy.
      • Custom - A custom Address Book policy configuration will be set for this account only and the following will be configurable:
        1. Enable or disable Address Book sources for the account.
        2. Specify the parent groups for Address Book sources.
        3. Specify the domain for LDAP Address Book sources.
        4. Specify All Business Units or User's own business unit for local and custom Address Book sources.
      • Disabled - The Address Book policy is set to disabled for this account.
    2. Specify whether or not to allow collaboration with non-Address Book recipients. If Address Book functionality is disabled, this setting does not affect user collaboration.
      • When checked, the account will be allowed to send email packages and share folders with users that do not exist in the defined Address Book.
      • When unchecked, the account will be allowed to send email packages and share folders only with users that exist in the defined Address Book.
    3. This account setting overrides the business unit or global Address Book Policy setting for collaboration.
  34. For additional Address Book account level configuration information, refer to Address Book account level configuration.
  35. In the Bandwidth limits pane select a Bandwidth Limits Policy to apply:
    • Default – the current user account inherits their bandwidth limits from the parent business unit or the global bandwidth
    • Custom – the panel expands with two additional options for you to configure: Inbound limit and Outbound limit (both values in kb/s per user)
    • Disabled – no bandwidth limits are applied to the users assigned to the current business unit
  36. In the Login Settings area: select Allow this account to log in to SecureTransport Server to allow the new account to log in to SecureTransport. This setting is enabled by default. Disabling the option restricts access of this account to the SecureTransport Server. If you enable this option, the following options are enabled.
    1. Enter a Login Name for the account. This is the unique name with which the account is identified by the SecureTransport Server. Login names cannot contain the following characters: +, :, or [. Login Names cannot start with the following character: *.
    2. Select the Login Restriction Policy. The Login Restriction Policy defines rules for allow or deny login to users based on the client IP or host and other conditions. For additional information, refer to Login restrictions.
    3. If a Login Restriction Policy is selected as the global default policy, it will be the inherited default selection for the user account.
    4. If a Login Restriction Policy is not selected as the global default policy and the Business Unit has a Login Restriction Policy selected, it will be the inherited default selection for the user account.
    5. If neither a global default Login Restriction Policy or a Business Unit Login Restriction Policy is selected, then the policy selected for the users account will be in effect.
    6. NoteThe default inherited Login Restriction Policy can be overridden by selecting a Login Restriction Policy from On Account.
    7. Select Allow this account to login by email to allow the user to log in using with the value of the Email Contact field as well as the Login Name.
    8. NoteA user of one of the Axway Email Plug-ins must either have Allow this account to login by email selected or have the identical values in the Email Contact field and the Login Name field.

    9. Select Allow this account to submit transfers using the Transfers RESTful API to enable calls from the SecureTransport REST file transfer API authenticated with the credentials from this account. When this option is selected, the account will be allowed to trigger server initiated transfers using the Transfers RESTful API resource and retrieve the tracking information for these transfers.
    10. Select Password is stored locally (not in external directory) to store the password locally in the system. SecureTransport stores the passwords of real, LDAP, SiteMinder, and SSO users in an external directory, and the passwords of virtual users are stored in the SecureTransport database.
    11. NoteThe Password is stored locally (not in external directory) option can only be used for a user account that has a virtual user associated with it. If the user associated with the account is a real, LDAP, SiteMinder, or SSO user, then the password cannot be stored locally in the database and this option is unusable.
    12. Enter a New Password for the account.
    13. Re-enter Password for the account.
    14. Select Require user to change password on next login to require the user to change their password on the next login.
    15. Select Require user to set new secret question on next login to require the user to select and answer a new secret question. When this option is selected, the user must select and answer a new secret question on their next login. For information on configuring the secret question feature, refer to Configure a secret question.
    16. Complete the Require user to change password every X days field to require the user to change their password every specified number of days. If the number of days is unspecified, the user will not be required to change their password every "X" number of days.
    17. Complete the Lock account after X failed login attempts field to lock the account after the specified number of failed login attempts. If the number of login attempts is unspecified, the number of possible failed login attempts is infinite.
    18. Complete the Lock account after X successful logins field to lock the account after the specified number of successful logins. If the number of successful logins is unspecified, the number of successful logins is infinite.
    19. NoteThe GlobalLoginThreshold configuration option is a percentage value that will allow additional successful logins after reaching the threshold specified in the Account page (Lock user after X successful logins).
  37. To add an attribute, click Add Attribute. For additional information on Additional Attributes, refer to Additional attributes.
    1. Enter the attribute and value in the Attribute and Value fields.
    2. Add Attribute enables the administrator to add custom properties (Key=Value). Also the administrator will be able to access the custom properties (named Attributes) using any field in Advanced Routing.
    3. Some examples of Attributes are:
    4. AttributeValue
      userVars.1internalEmail@axway.com
      userVars.2ReportsMonitor
    5. To access attributes, see the following examples:
    6. ${account.attributes['userVars.1']}
    7. ${account.attributes['userVars.2']}
    8. For example, the account.attributes is the selector for attributes of the account used to execute the current route - it has to be written exactly as shown.
    9. The userVars. prefix must be prepended to attribute name.
    10. All this should be written as an EL expression: ${...}
    11. Click the attribute Save () icon.
  38. Click Save.
  39. The user account information is saved and displayed in the Settings pane of the user account.

Once you have saved the account settings, you can select the Subscriptions, Routes, Transfer Sites, or Certificates to further define the new account. For more information, see Manage subscriptions, Manage Routes, Transfer sites, and Manage certificates.

Related topics:

Spaces in required fields

Some fields in SecureTransport require that you enter a value. When you enter a value in such a field, SecureTransport trims any leading or trailing spaces and then determines whether the field is empty. This means you cannot enter space-only values in required fields because those fields are treated as empty.

Maker-Checker user creation

Delegated administrators with Maker and Checker rights have two separate complementing roles:

  • Maker creates the user account and submits it for approval
  • Checker approves or rejects the pending user account

Create and submit user

As a Maker, you can create a user account that will remain in Pending verification status. Your user will not have access until a Checker administrator approves their particular account.

In order to submit the account for approval, go to Accounts > User Accounts and on the Settings tab click Submit for approval.

Approve user

As a Checker administrator, you can only view and approve or reject users in pending Account verification status.

If you reject a pending account, you can type in the reason for rejection.

 

 

 

Related Links