Site Settings

The following settings you can define for each external site that connects to a Hub:

Account Settings

The following table describes the File Exchange settings for each external web application.

Parameter

Description

Site Name

Defines a logical name of the site that can include multiple Hubs and Gateways and has its own users, folders, groups, rules, and settings.

Company Name

Defines your company name that appears in the MFT Enterprise File Exchange web application and email notification signature.

Company Support Email

Defines your company's email address that is available for external users from the File Exchange web application and as the sender address for email notifications.

This field can be overwritten by the Sender Name field in the Mail Server Settings .

Policy Settings

The following table describes the policy settings for managing existing files and user and password rules.

Parameter

Description

Manage Existing File

Determines which of the following methods is used to upload an external file that already exists:

  • Overwrite File: Overwrites the existing file.

  • Decline Upload: Prevents the file from uploading.

  • Rename (Add Counter): Adds a counter to the filename (<file>-<counter>.<ext>).

  • Rename (Add Timestamp): Adds a timestamp to the filename (<file><timestamp>.<ext>).

Default: Overwrite file.

Enable External Users to Edit Their Profile

Determines whether external users can edit their profile, such as changing their own password.

Enable External Users to Change Password

Determines whether external users can change their own password.

If your authentication method is LDAP, this option is available for the external users only if your LDAP connection is secured (URL must start with ldaps://).

Enable External Users to Delete Outgoing Files

Determines whether to allow external users to delete files from the outgoing subdirectory.

This option is only relevant for Virtual Folders that have limited access to Incoming/Outgoing subdirectories.

Enable Simultaneous Logins of the Same User

Determines whether the same user can be logged in to File Exchange from multiple access points simultaneously.

Enforce Account Lockout Policy

Determines the account lockout policy is enables which activates the settings defined in the parameters below.

Maximum Inactivity Period

Determines the maximum number of days that a user didn not log in to the Hub before the user is locked out.

Valid Values: 0, 30-180. If set to 0, this parameter is disabled.

Default: 90

Maximum Failed Login Attempts

Determines the maximum number of login attempts before a user is locked out.

Valid Values: 3-5

Default: 3

Failed Login Attempts Period

Determines the time period that the user is locked out if the user has exceeded the maximum number of failed login attempts. If the login attempts are outside of this range, the login attempt counter is reset to 1.

Valid Values: 1–24

Default: 5

Password Expiration

Determines the number of days before the password expires and the user is locked out.

Valid Values: 30–365

Default: 90

Generated Password Expiration

Determines the number of hours before the generated password expires and the user is locked out.

Valid Values: 1–24

Default: 24

Expiration Warning Notification

Determines the number of days before the password expires that the user receives notifications about the expiration

Valid Values: 1–14

Default: 7

Minimum Password Length

Determines the minimum number of characters required for the password.

Enforce Complexity Rules

Determines whether the password must contain at least one uppercase letter, one lowercase letter, one digit, and symbol.

Enforce User Details Rules

Determines whether the password cannot contain the username, company name, or email address.

Enforce History Rules

Determines whether the user cannot reuse the last 5 passwords.

Authentication Settings

The following table describes the Hub authentication parameters.

Parameter

Description

Gateway Authentication Password

Determines the authentication password between the MFT Enterprise Gateway and the Hub. This is the same password set during the MFT Enterprise Gateway installation.

If you change the password, you must the also define the new password in proxyConfig.properties file on the host where the Gateway is installed and restart the Gateway.

Internal Users Authentication Method

Determines one of the following authentication methods for internal users:

  • Windows Local Users (Windows only)

  • PAM (UNIX only)

  • LDAP

(PAM) You can only authenticate the Control-M/Agent user in non-root mode. To authenticate other users, you must run as root.

PAM Service Name

Defines the PAM service name (default password).

In non-root mode, you can only authenticate the Control-M/Agent user. To authenticate other users, you must run as root.

Allowed Internal Users

Determines the list of allowed internal usernames that can access the Hub, separated by commas. Wildcards are supported.

Blocked Internal Users

Determines the list of blocked internal usernames that cannot access the Hub, separated by commas. Wildcards are supported.

External Users Authentication Method

Determines one of the following authentication methods for external users:

  • Authenticate LDAP users

  • Authenticate Control-M MFTE users

  • Both: The user is authenticated first in the MFT Enterprise users list. If the authentication fails, another attempt occurs in the LDAP list.

LDAP Settings for Internal Users

The following table describes the LDAP or PAM settings for the Hub, which are for internal users only.

Parameter

Description

LDAP Search User

Defines the LDAP Browse user.

LDAP Search Password

Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password.

LDAP Server URL

Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server.

ldap(s)://<server>:<port>

Base DN

Defines the starting domain name for the user search in the directory tree structure.

sales.company.us.com,dc=sales, dc=company,dc=us,dc=com.

This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located.

Username Attribute

Defines the LDAP vendor column attribute for the LDAP username.

DN Attribute

Defines the LDAP vendor column attribute for the distinguished name.

SSH Public Key Attribute

Defines the name of the LDAP attribute that contains the SSH public key.

If you want to retrieve this key from the authorized_keys file instead of LDAP, leave this field empty.

Home Directory

Defines the LDAP Home Directory.

Timeout

Determines the number of milliseconds to wait before a timeout.

LDAP Settings for External Users

The following table describes the LDAP settings for external users.

Parameter

Description

LDAP Search User

Defines the LDAP Browse user that is used to connect to LDAP and search for users.

LDAP Search Password

Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password.

LDAP Admin User

Determines the LDAP administrator DN.

This field is required only if you want to allow external users to change their user profile details.

LDAP Admin Password

Defines the LDAP administrator password.

LDAP Server URL

Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server.

ldap(s)://<server>:<port>

Base DN

Defines the starting domain name for the user search in the directory tree structure.

sales.company.us.com,dc=sales, dc=company,dc=us,dc=com.

This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located.

You can use multiple Base DNs separated by a semicolon.

Group Search Base DN

Defines the starting domain name for the group search in the directory tree structure.

sales.company.us.com,dc=sales, dc=company,dc=us,dc=com.

Username Attribute

Defines the LDAP vendor column attribute for the LDAP username.

Password Attribute

Defines the LDAP vendor column attribute for the LDAP password.

DN Attribute

Defines the LDAP vendor column attribute for the distinguished name.

Default Folder Attribute

Defines the LDAP vendor column attribute for the default virtual folder that the external user lands on after login.

To land in the B2B Home folder (authorized virtual folders appear under the home folder), leave this field empty.

First Name Attribute

Defines the LDAP vendor column attribute for the first name of the LDAP user.

Last Name Attribute

Defines the LDAP vendor column attribute for the last name of the LDAP user.

Company Name Attribute

Defines the LDAP vendor column attribute for the company name.

Email Attribute

Defines the LDAP vendor column attribute for the email.

Phone Attribute

Determines the LDAP vendor column attribute for the phone number of the external user.

Group Name Attribute

Defines the LDAP vendor column attribute for the LDAP group name.

Member Attribute

Defines the LDAP vendor column attribute for the member.

Member Of Attribute

Defines the LDAP vendor column attribute for the LDAP groups that the user belongs to.

Description Attribute

Defines the LDAP vendor column attribute for the description

SSH Public Key Attribute

Defines the LDAP vendor column attribute for the SSH Public key.

AS2 ID Attribute

Defines the LDAP vendor column attribute for the AS2 ID.

AS2 Certificate Alias Attribute

Defines the LDAP vendor column attribute for the AS2 Certificate Alias.

AS2 Target Folder

Defines the LDAP vendor column attribute for the AS2 Target.

Preferred Language Attribute

Defines the LDAP vendor column attribute for the preferred language.

Timeout

Determines the number of milliseconds to wait before a timeout.

Mail Server Settings

The following table describes notification settings that enables MFT Enterprise to send email notifications to external users that files have arrived. Notifications are sent when a file is uploaded with SFTP to the Hub as an internal user. The SMTP settings must be valid.

Parameter

Description

SMTP Host

Defines the hostname that sends the email notifications.

SMTP Port

Defines the SMTP port number.

SMTP Username

Defines the username that is used to send the notifications.

SMTP Password

Defines the SMTP password.

SMTP Security Method

Determines one of the following SMTP security methods:

  • SMTP without TLS

  • SMTP with STARTTLS

  • SMTPS (SMTP over TLS)

Sender Address

Defines the email address that is used to send the email notification.

Sender Name

Defines the name of the sender that appears on the notification mail signature.

If this field is left empty, then the Company Name defined in Account Settings is used.

Rules Settings

The following table describes timeouts and retention periods for MFT Enterprise Processing rules.

Parameter

Description

Post-transfer Actions Timeout

Determines the number of seconds to wait before a timeout occurs for post-transfer actions to complete before the rule action fails.

Default: 300 seconds (5 minutes)

Pre-transfer Actions Timeout

Determines the number of seconds to wait before a timeout occurs for pre-transfer actions to complete before the rule action fails.

Default: 30 seconds.

Actions that run before transfer delays the download. It is not recommended to define a pre-transfer action that runs for a long time.

External Process Execution Timeout

Determines the maximum number of seconds to wait before a timeout occurs for the Run Script/Command single action

Default: 120 seconds.

Rules Output Retention

Determines the number of days to keep rule output files in the <Agent>/cm/AFT/rules_output directory.

Default: 5 days