In this settings section the administrator specifies various settings affecting users, specifically:
Default settings for new users
Newly created user’s account will have the following default settings:
User permissions
Default permissions, that will be granted to newly created users. For descriptions of the permissions, see User permissions.
Disable inactive users
Sets the automatic inactive user account disable function. The action is performed once a day. Disabling an account means revoking user’s login permission. The administrator can enable the user’s account again by granting him the login permission back. But if such user will not log in and therefore will stay inactive, his account will likely be automatically locked again.
Automatically disable inactive users
One of the following options can be set:
Off - the function is off, no accounts are automatically disabled
Local - only local accounts (created manually inside the application) are automatically disabled
Remote - only remote accounts (created automatically after login using an account from AD or ADFS) are automatically disabled
All - all accounts are automatically disabled after the inactivity period (set below)
(default: Off)
Inactivity period before account is disabled
The number of days, after which a user account is considered inactive and will have login permission revoked.
(1-36500, default: 180)
Simulation
The SIMULATION button allows for a dry run of the operation without executing the actual action, displaying a preview of the list of accounts that would be affected by the actual execution of the operation.
Below the list displayed in the simulation, there is also a button available that allows for the immediate execution of the actual action, thus locking the accounts mentioned.
Delete inactive users
Sets the automatic inactive user account delete function. The action is performed once a day. Deleted accounts cannot be restored, but can be created as new again.
Automatic users deletion
One of the following options can be set:
Off - the function is off, no accounts are automatically deleted
Local - only local accounts (created manually inside the application) are automatically deleted
Remote - only remote accounts (created automatically after login using an account from AD or ADFS) are automatically deleted
All - all accounts are automatically deleted after the inactivity period (set below)
(default: Off)
Inactivity period before account is deleted
The number of days, after which a user account is considered inactive and will be deleted.
(1-36500, default: 365)
Simulation
The SIMULATION button allows for a dry run of the operation without executing the actual action, displaying a preview of the list of accounts that would be affected by the actual execution of the operation.
Below the list displayed in the simulation, there is also a button available that allows for the immediate execution of the actual action, thus deleting the accounts mentioned.
Multifactor authentication
Require multifactor authentication for local users
Turn on if you want a multifactor authentication to be mandatory for local users. Users without a multi-factor authentication will be forced to activate it after logging in.
(default: disabled)
Require multifactor authentication for AD users
Turn on if you want a multifactor authentication to be mandatory for Active Directory users. Users without a multi-factor authentication will be forced to activate it after logging in.
(default: disabled)
Require multifactor authentication for ADFS users
Turn on if you want a multifactor authentication to be mandatory for ADFS users. Users without a multi-factor authentication will be forced to activate it after logging in.
(default: disabled)
User restrictions by IP ranges
User IP address ranges
Ranges of IP addresses (comma separated) from which registered users access the application. To the common ranges defined here are further added the individual ranges defined for each user. Restrictions on user behaviour behavior can be then applied according to these ranges, see below.
(default: empty)
Restrict users login
If enabled, users will be allowed to log in only from the specified IP address ranges.
(default: disabled)
Restrict anonymous package uploads
If enabled, it will be forbidden to send a package without login (anonymously) from the the specified IP address ranges.
Settings for sent packages
Users can send packages to themselves
Determines whether logged in registered users can send packages to themselves. In the case when "only selected" is set, the permission of each user comes into account.
Users can download files from their own sent packages
Determines whether logged in registered users can download contents from their own sent packages. In the case when "only selected" is set, the permission of each user comes into account.
Users can send packages without approval
Determines whether logged in registered users can send packages without additional approval (by the auditor). (default: disabled)
Access detailed results of file checks
Logged in users
Specifies whether logged-in registered users have access to detailed file check results, including sandbox reports. (just like the administrator)
In the case when "only selected" is set, the permission of each user comes into account.
Allow access to packages being approved without requiring their password
If enabled, the auditor (user with permission to approve packages to be sent) does not need to know and enter the download password for the package being approved to access the package's detail and contents. Does not apply to packages encrypted with the package password, because these cannot be decrypted without it.(default: NO)
Anonymous users
Specifies whether anonymous users have access to detailed file check results, including sandbox reports. (just like the administrator)
(default: disabled)