Site Settings
The following settings you can define for each external site that connects to a Hub:
Account Settings
The following table describes the File Exchange settings for each external web application.
Parameter |
Description |
---|---|
Site Name |
Defines a logical name of the site that can include multiple Hubs and Gateways and has its own users, folders, groups, rules, and settings. |
Company Name |
Defines your company name that appears in the MFT Enterprise File Exchange web application and email notification signature. |
Company Support Email |
Defines your company's email address that is available for external users from the File Exchange web application and as the sender address for email notifications. This field can be overwritten by the Sender Name field in the Mail Server Settings . |
Policies Settings
The following table describes the policy settings for managing existing files and user and password rules.
Parameter |
Description |
---|---|
Manage Existing File |
Determines which of the following methods is used to upload an external file that already exists:
|
Enable external users to edit their profile |
Determines whether external users can edit their profile, such as changing their own password. |
Enable external users to change password |
Determines whether external users can change their own password. |
Enable external users to delete outgoing files |
Determines whether to allow external users to delete files from the outgoing sub-directory. This option is only relevant for Virtual Folders that have limited access to Incoming/Outgoing sub-directories. |
Enable simultaneous logins of the same user | Determines whether the same user can be logged in to File Exchange from multiple access points simultaneously. |
Enforce account lockout policy |
Determines the account lockout policy is enables which activates the settings defined in the parameters below. |
Maximum Inactivity Period |
Determines the maximum number of days that a user didn not log in to the Hub before the user is locked out. Valid Values: 0, 30-180. If set to 0, this parameter is disabled. Default: 90 |
Maximum Failed Login Attempts |
Determines the maximum number of login attempts before a user is locked out. Valid Values: 3-5 Default: 3 |
Failed Login Attempts Period |
Determines the time period that the user is locked out if the user has exceeded the maximum number of failed login attempts. If the login attempts are outside of this range, the login attempt counter is reset to 1. Valid Values: 1-24 Default: 5 |
Password Expiration |
Determines the number of days before the password expires and the user is locked out. Valid Values: 30-365 Default: 90 |
Generated Password Expiration |
Determines the number of hours before the generated password expires and the user is locked out. Valid Values: 1-24 Default: 24 |
Expiration Warning Notification |
Determines the number of days before the password expires that the user receives notifications about the expiration Valid Values: 1-14 Default: 7 |
Minimum Password Length |
Determines the minimum number of characters required for the password |
Enforce complexity rules |
Determines whether the password must contain at least one uppercase letter, one lowercase letter, and one digit or symbol. |
Enforce user details rules |
Determines whether the password cannot contain the username, company name, or email address. |
Enforce history rules |
Determines whether the user cannot reuse the last 5 passwords. |
Authentication Settings
The following table describes the Hub authentication parameters.
Parameter |
Description |
---|---|
Gateway Authentication Password |
Determines the authentication password between the MFT Enterprise Gateway and the Hub. This is the same password set during the MFT Enterprise Gateway installation. If you change the password, you must the also define the new password in proxyConfig.properties file on the host where the Gateway is installed and restart the Gateway. |
Internal users authentication method (SFTP/FTP) |
Determines one of the following authentication methods for internal users for both SFTP and FTP:
(PAM) You can only authenticate the Control-M/Agent user in non-root mode. To authenticate other users, you must run as root. |
External users authentication method |
Determines one of the following authentication methods for external users:
|
LDAP Settings for Internal Users
The following table describes the LDAP or PAM settings for the Hub. These parameters are for internal users only.
Parameter |
Description |
---|---|
LDAP Search User |
Defines the LDAP Browse user. |
LDAP Search Password |
Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password. |
LDAP Server URL |
Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server. ldap(s)://<server>:<port> |
Base DN |
Defines the starting domain name for the user search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located. |
Username Attribute |
Defines the LDAP vendor column attribute for the LDAP username. |
SSH Public Key Attribute |
Defines the name of the LDAP attribute that contains the SSH public key. If you want to retrieve this key from the authorized_keys file instead of LDAP, leave this field empty. |
Home Directory |
Defines the LDAP Home Directory. |
Timeout |
Determines the number of milliseconds to wait before a timeout. |
The following table describes the PAM authentication parameters:
Parameter |
Description |
---|---|
Service name |
Defines the PAM service name (default passwd). In non-root mode, you can only authenticate the Control-M/Agent user. To authenticate other users, you must run as root. |
LDAP Settings for External Users
The following table describes the LDAP settings for external users.
Parameter |
Description |
---|---|
LDAP Search User |
Defines the LDAP Browse user that is used to connect to LDAP and search for users. |
LDAP Search Password |
Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password. |
LDAP Admin User |
Determines the LDAP administrator DN. This field is required only if you want to allow external users to change their user profile details. |
LDAP Admin Password |
Defines the LDAP administrator password. |
LDAP Server URL |
Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server. ldap(s)://<server>:<port> |
Base DN |
Defines the starting domain name for the user search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located. You can use multiple Base DNs separated by a semicolon. |
Group Search Base DN |
Defines the starting domain name for the group search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. |
Username Attribute |
Defines the LDAP vendor column attribute for the LDAP username. |
Password Attribute |
Defines the LDAP vendor column attribute for the LDAP password. |
DN Attribute |
Defines the LDAP vendor column attribute for the distinguished name. |
Default Folder Attribute |
Defines the LDAP vendor column attribute for the default virtual folder that the external user lands on after login. To land in the B2B Home folder (authorized virtual folders appear under the home folder), leave this field empty. |
First Name Attribute |
Defines the LDAP vendor column attribute for the first name of the LDAP user. |
Last Name Attribute |
Defines the LDAP vendor column attribute for the last name of the LDAP user. |
Company Name Attribute |
Defines the LDAP vendor column attribute for the company name. |
Email Attribute |
Defines the LDAP vendor column attribute for the email. |
Phone Attribute |
Determines the LDAP vendor column attribute for the phone number of the external user. |
Group Name Attribute |
Defines the LDAP vendor column attribute for the LDAP group name. |
Member Attribute |
Defines the LDAP vendor column attribute for the member. |
Member Of Attribute |
Defines the LDAP vendor column attribute for the LDAP groups that the user belongs to. |
Description Attribute |
Defines the LDAP vendor column attribute for the description |
SSH Public Key Attribute |
Defines the LDAP vendor column attribute for the SSH Public key. |
AS2 ID Attribute |
Defines the LDAP vendor column attribute for the AS2 ID. |
AS2 Certificate Alias Attribute |
Defines the LDAP vendor column attribute for the AS2 Certificate Alias. |
AS2 Target Folder |
Defines the LDAP vendor column attribute for the AS2 Target. |
Timeout |
Determines the number of milliseconds to wait before a timeout. |
Mail Server Settings
The following table describes notification settings that enables MFT Enterprise B2B to send email notifications to external users that files have arrived. Notifications are sent when a file is uploaded with SFTP to the Hub as an internal user. The SMTP settings must be valid.
Parameter |
Description |
---|---|
SMTP Host |
Defines the hostname that sends the email notifications. |
SMTP Port |
Defines the SMTP port number. |
SMTP Username |
Defines the username that is used to send the notifications. |
SMTP Password |
Defines the SMTP password. |
SMTP Security Method |
Determines one of the following SMTP security methods:
|
Sender Address |
Defines the email address that is used to send the email notification. |
Sender Name |
Defines the name of the sender that appears on the notification mail signature. If this field is left empty, then the Company Name defined in Account Settings is used. |