Site Settings
The following settings you can define for each external site that connects to a Hub:
Account Settings
The following table describes the File Exchange settings for each external web application.
Parameter |
Description |
---|---|
Site Name |
Defines a logical name of the site that can include multiple Hubs and Gateways and has its own users, folders, groups, rules, and settings. |
Company Name |
Defines your company name that appears in the MFT Enterprise File Exchange web application and email notification signature. |
Company Support Email |
Defines your company's email address that is available for external users from the File Exchange web application and as the sender address for email notifications. This field can be overwritten by the Sender Name field in the Mail Server Settings . |
Policy Settings
The following table describes the policy settings for managing existing files and user and password rules.
Parameter |
Description |
---|---|
Manage Existing File |
Determines which of the following methods is used to upload an external file that already exists:
Default: Overwrite file. |
Enable External Users to Edit Their Profile |
Determines whether external users can edit their profile, such as changing their own password. |
Enable External Users to Change Password |
Determines whether external users can change their own password. If your authentication method is LDAP, this option is available for the external users only if your LDAP connection is secured (URL must start with ldaps://). |
Enable External Users to Delete Outgoing Files |
Determines whether to allow external users to delete files from the outgoing subdirectory. This option is only relevant for Virtual Folders that have limited access to Incoming/Outgoing subdirectories. |
Enable Simultaneous Logins of the Same User |
Determines whether the same user can be logged in to File Exchange from multiple access points simultaneously. |
Enforce Account Lockout Policy |
Determines the account lockout policy is enables which activates the settings defined in the parameters below. |
Maximum Inactivity Period |
Determines the maximum number of days that a user didn not log in to the Hub before the user is locked out. Valid Values: 0, 30-180. If set to 0, this parameter is disabled. Default: 90 |
Maximum Failed Login Attempts |
Determines the maximum number of login attempts before a user is locked out. Valid Values: 3-5 Default: 3 |
Failed Login Attempts Period |
Determines the time period that the user is locked out if the user has exceeded the maximum number of failed login attempts. If the login attempts are outside of this range, the login attempt counter is reset to 1. Valid Values: 1–24 Default: 5 |
Password Expiration |
Determines the number of days before the password expires and the user is locked out. Valid Values: 30–365 Default: 90 |
Generated Password Expiration |
Determines the number of hours before the generated password expires and the user is locked out. Valid Values: 1–24 Default: 24 |
Expiration Warning Notification |
Determines the number of days before the password expires that the user receives notifications about the expiration Valid Values: 1–14 Default: 7 |
Minimum Password Length |
Determines the minimum number of characters required for the password. |
Enforce Complexity Rules |
Determines whether the password must contain at least one uppercase letter, one lowercase letter, one digit, and symbol. |
Enforce User Details Rules |
Determines whether the password cannot contain the username, company name, or email address. |
Enforce History Rules |
Determines whether the user cannot reuse the last 5 passwords. |
Authentication Settings
The following table describes the Hub authentication parameters.
Parameter |
Description |
---|---|
Gateway Authentication Password |
Determines the authentication password between the MFT Enterprise Gateway and the Hub. This is the same password set during the MFT Enterprise Gateway installation. If you change the password, you must the also define the new password in proxyConfig.properties file on the host where the Gateway is installed and restart the Gateway. |
Internal Users Authentication Method |
Determines one of the following authentication methods for internal users:
(PAM) You can only authenticate the Control-M/Agent user in non-root mode. To authenticate other users, you must run as root. |
PAM Service Name |
Defines the PAM service name (default password). In non-root mode, you can only authenticate the Control-M/Agent user. To authenticate other users, you must run as root. |
Allowed Internal Users |
Determines the list of allowed internal usernames that can access the Hub, separated by commas. Wildcards are supported. |
Blocked Internal Users |
Determines the list of blocked internal usernames that cannot access the Hub, separated by commas. Wildcards are supported. |
External Users Authentication Method |
Determines one of the following authentication methods for external users:
|
LDAP Settings for Internal Users
The following table describes the LDAP or PAM settings for the Hub, which are for internal users only.
Parameter |
Description |
---|---|
LDAP Search User |
Defines the LDAP Browse user. |
LDAP Search Password |
Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password. |
LDAP Server URL |
Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server. ldap(s)://<server>:<port> |
Base DN |
Defines the starting domain name for the user search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located. |
Username Attribute |
Defines the LDAP vendor column attribute for the LDAP username. |
DN Attribute |
Defines the LDAP vendor column attribute for the distinguished name. |
SSH Public Key Attribute |
Defines the name of the LDAP attribute that contains the SSH public key. If you want to retrieve this key from the authorized_keys file instead of LDAP, leave this field empty. |
Home Directory |
Defines the LDAP Home Directory. |
Timeout |
Determines the number of milliseconds to wait before a timeout. |
LDAP Settings for External Users
The following table describes the LDAP settings for external users.
Parameter |
Description |
---|---|
LDAP Search User |
Defines the LDAP Browse user that is used to connect to LDAP and search for users. |
LDAP Search Password |
Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password. |
LDAP Admin User |
Determines the LDAP administrator DN. This field is required only if you want to allow external users to change their user profile details. |
LDAP Admin Password |
Defines the LDAP administrator password. |
LDAP Server URL |
Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server. ldap(s)://<server>:<port> |
Base DN |
Defines the starting domain name for the user search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located. You can use multiple Base DNs separated by a semicolon. |
Group Search Base DN |
Defines the starting domain name for the group search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. |
Username Attribute |
Defines the LDAP vendor column attribute for the LDAP username. |
Password Attribute |
Defines the LDAP vendor column attribute for the LDAP password. |
DN Attribute |
Defines the LDAP vendor column attribute for the distinguished name. |
Default Folder Attribute |
Defines the LDAP vendor column attribute for the default virtual folder that the external user lands on after login. To land in the B2B Home folder (authorized virtual folders appear under the home folder), leave this field empty. |
First Name Attribute |
Defines the LDAP vendor column attribute for the first name of the LDAP user. |
Last Name Attribute |
Defines the LDAP vendor column attribute for the last name of the LDAP user. |
Company Name Attribute |
Defines the LDAP vendor column attribute for the company name. |
Email Attribute |
Defines the LDAP vendor column attribute for the email. |
Phone Attribute |
Determines the LDAP vendor column attribute for the phone number of the external user. |
Group Name Attribute |
Defines the LDAP vendor column attribute for the LDAP group name. |
Member Attribute |
Defines the LDAP vendor column attribute for the member. |
Member Of Attribute |
Defines the LDAP vendor column attribute for the LDAP groups that the user belongs to. |
Description Attribute |
Defines the LDAP vendor column attribute for the description |
SSH Public Key Attribute |
Defines the LDAP vendor column attribute for the SSH Public key. |
AS2 ID Attribute |
Defines the LDAP vendor column attribute for the AS2 ID. |
AS2 Certificate Alias Attribute |
Defines the LDAP vendor column attribute for the AS2 Certificate Alias. |
AS2 Target Folder |
Defines the LDAP vendor column attribute for the AS2 Target. |
Preferred Language Attribute |
Defines the LDAP vendor column attribute for the preferred language. |
Timeout |
Determines the number of milliseconds to wait before a timeout. |
Mail Server Settings
The following table describes notification settings that enables MFT Enterprise to send email notifications to external users that files have arrived. Notifications are sent when a file is uploaded with SFTP to the Hub as an internal user. The SMTP settings must be valid.
Parameter |
Description |
---|---|
SMTP Host |
Defines the hostname that sends the email notifications. |
SMTP Port |
Defines the SMTP port number. |
SMTP Username |
Defines the username that is used to send the notifications. |
SMTP Password |
Defines the SMTP password. |
SMTP Security Method |
Determines one of the following SMTP security methods:
|
Sender Address |
Defines the email address that is used to send the email notification. |
Sender Name |
Defines the name of the sender that appears on the notification mail signature. If this field is left empty, then the Company Name defined in Account Settings is used. |
Rules Settings
The following table describes timeouts and retention periods for MFT Enterprise Processing rules.
Parameter |
Description |
---|---|
Post-transfer Actions Timeout |
Determines the number of seconds to wait before a timeout occurs for post-transfer actions to complete before the rule action fails. Default: 300 seconds (5 minutes) |
Pre-transfer Actions Timeout |
Determines the number of seconds to wait before a timeout occurs for pre-transfer actions to complete before the rule action fails. Default: 30 seconds. Actions that run before transfer delays the download. It is not recommended to define a pre-transfer action that runs for a long time. |
External Process Execution Timeout |
Determines the maximum number of seconds to wait before a timeout occurs for the Run Script/Command single action Default: 120 seconds. |
Rules Output Retention |
Determines the number of days to keep rule output files in the <Agent>/cm/AFT/rules_output directory. Default: 5 days |