Site Settings

You can define the following settings for each external site that connects to a Hub:

Account Settings
Web Interface Settings
Policy Settings
Authentication Settings
LDAP Settings for Internal Users
LDAP Settings for External Users
Mail Server Settings

Account Settings

The following table describes the File Exchange settings for each external web application.

Parameter	Description
Site Name	Defines a logical name of the site that can include multiple Hubs and Gateways and has its own users, folders, groups, rules, and settings.
Company Name	Defines your company name that appears in the MFT Enterprise File Exchange web application and email notification signature.
Company Support Email	Defines your company's email address that is available for external users from the File Exchange web application and as the sender address for email notifications. This field can be overwritten by the Sender Name field in the Mail Server Settings .

Web Interface Settings

The following table describes site customization settings that you can apply for your File Exchange site.

Parameter	Description
Login Page Title for External Users	Defines the title of the login page for external users.
Login Box Alignment	Determines whether the login box is on the left, right, or center of the page.
Login Box Theme	Determines whether the login box shading is light or dark.
Login Button Style	Determines whether the login box button shading is light, dark or a custom color.
Button Background Color	Determines the color of the Log In button. This option is only available if you select Custom for the Login Button Style.
Button Text Color	Determines whether the text in the Log In button is light or dark. This option is only available if you select Custom for the Login Button Style.
Footer Message for Internal User	Defines a specific message at the footer of the login box for internal users.
Footer Message for External User	Defines a specific message at the footer of the login box for external users.
File Exchange Site Top Bar Theme	Determines whether the Top Bar of the File Exchange site is light or dark.
Show a notification message to internal users after login	Determines whether to show a notification message that you define to internal users after they log in.
Show a notification message to external users after login	Determines whether to show a notification message that you define to external users after they log in.

Policy Settings

The following table describes the policy settings for managing existing files and user and password rules.

Parameter	Description
Manage Existing File	Determines which of the following methods is used to upload an external file that already exists: Overwrite File: Overwrites the existing file. Decline Upload: Prevents the file from uploading. Rename (Add Counter): Adds a counter to the filename—<file>-<counter>.<ext>. Rename (Add Timestamp): Adds a timestamp to the filename—<file><timestamp>.<ext>. Default: Overwrite file.
Enable External Users to Edit Their Profile	Determines whether external users can edit their profile, such as changing their own password.
Enable External Users to Change Password	Determines whether external users can change their own password. If your authentication method is LDAP, this option is available for the external users only if your LDAP connection is secured (URL must start with ldaps://).
Enable External Users to Delete Outgoing Files	Determines whether to allow external users to delete files from the outgoing subdirectory. This option is only relevant for Virtual Folders that have limited access to Incoming/Outgoing subdirectories.
Enforce Account Lockout Policy	Determines the account lockout policy is enables which activates the settings defined in the parameters below.
Maximum Inactivity Period	Determines the maximum number of days that a user did not log in to the Hub before the user is locked out. Valid Values: 0, 30–180. If set to 0, this parameter is disabled. Default: 90
Maximum Failed Login Attempts	Determines the maximum number of login attempts before a user is locked out. Valid Values: 3–5 Default: 3
Failed Login Attempts Period	Determines the time period that the user is locked out if the user has exceeded the maximum number of failed login attempts. If the login attempts are outside of this range, the login attempt counter is reset to 1. Valid Values: 1–24 Default: 5
Password Expiration	Determines the number of days before the password expires and the user is locked out. Valid Values: 30–365 Default: 90
Generated Password Expiration	Determines the number of hours before the generated password expires and the user is locked out. Valid Values: 1–24 Default: 24
Expiration Warning Notification	Determines the number of days before the password expires that the user receives notifications about the expiration Valid Values: 1–14 Default: 7
Minimum Password Length	Determines the minimum number of characters required for the password.
Enforce Complexity Rules	Determines whether the password must contain at least one uppercase letter, one lowercase letter, one digit, and symbol. This option is only available for new passwords.
Enforce User Details Rules	Determines whether the password cannot contain the username, company name, or email address.
Enforce History Rules	Determines whether the user cannot reuse the last 5 passwords.
Blocked File Pattern	Determines the global file pattern to block users from uploading to any virtual folder. This field affects all folders, instead of the individual virtual folder definition that affects only files uploaded to that specific folder. You can use wildcards (,?) and comma separators between patterns, such as .exe,*.dll.
Block Uploading Executable Files	Determines whether executable files (based on the file MIME type) must be blocked. The following file formats are blocked: application/x-msdownload application/x-sharedlib application/x-elf application/x-object application/x-executable application/x-coredump application/x-dosexec For more information, see the Apache Tika Documentation.
Block Uploading Archive Files	Determines whether archive files (based on the file MIME type) must be blocked. The following file formats are blocked: application/x-tar application/java-archive application/x-arj application/x-archive application/zip application/gzip application/zlib application/x-cpio application/x-tika-unix-dump application/x-7z-compressed application/x-rar-compressed For more information and the full list of blocked files, see the Apache Tika Documentation.

Authentication Settings

The following table describes the Hub authentication parameters.

Parameter	Description
Gateway Authentication Password	Determines the authentication password between the MFT Enterprise Gateway and the Hub. This is the same password set during the MFT Enterprise Gateway installation. If you change the password, you must the also define the new password in proxyConfig.properties file on the host where the Gateway is installed and restart the Gateway.
Internal Users Authentication Method	Determines one of the following authentication methods for internal users: (Windows only) Windows Local Users (UNIX only) PAM LDAP (PAM) You can only authenticate the Agent user in non-root mode. To authenticate other users, you must run as root.
PAM Service Name	Defines the PAM service name (default password). In non-root mode, you can only authenticate the Agent user. To authenticate other users, you must run as root.
Allowed Internal Users	Determines the list of allowed internal usernames that can access the Hub, separated by commas. Wildcards are supported, as described in Pattern-Matching Strings.
Blocked Internal Users	Determines the list of blocked internal usernames that cannot access the Hub, separated by commas. Wildcards are supported, as described in Pattern-Matching Strings.
External Users Authentication Method	Determines one of the following authentication methods for external users: Authenticate LDAP users Authenticate Control-M MFTE users Both: The user is authenticated first in the MFT Enterprise users list. If the authentication fails, another attempt occurs in the LDAP list.

LDAP Settings for Internal Users

The following table describes the LDAP or PAM settings for the Hub, which are for internal users only.

Parameter	Description
LDAP Search User	Defines the LDAP Browse user.
LDAP Search Password	Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password.
LDAP Server URL	Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server. ldap(s)://<server>:<port>
Base DN	Defines the starting domain name for the user search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located.
Username Attribute	Defines the LDAP vendor column attribute for the LDAP username.
DN Attribute	Defines the LDAP vendor column attribute for the distinguished name.
SSH Public Key Attribute	Defines the name of the LDAP attribute that contains the SSH public key. If you want to retrieve this key from the authorized_keys file instead of LDAP, leave this field empty.
Home Directory	Defines the LDAP Home Directory.
Timeout	Determines the number of milliseconds to wait before a timeout.

LDAP Settings for External Users

The following table describes the LDAP settings for external users.

Parameter	Description
LDAP Search User	Defines the LDAP Browse user that is used to connect to LDAP and search for users.
LDAP Search Password	Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password.
LDAP Admin User	Determines the LDAP administrator DN. This field is required only if you want to allow external users to change their user profile details.
LDAP Admin Password	Defines the LDAP administrator password.
LDAP Server URL	Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server. ldap(s)://<server>:<port>
Base DN	Defines the starting domain name for the user search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located. You can use multiple Base DNs separated by a semicolon.
Group Search Base DN	Defines the starting domain name for the group search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com.
Username Attribute	Defines the LDAP vendor column attribute for the LDAP username.
Password Attribute	Defines the LDAP vendor column attribute for the LDAP password.
DN Attribute	Defines the LDAP vendor column attribute for the distinguished name.
Default Folder Attribute	Defines the LDAP vendor column attribute for the default virtual folder that the external user lands on after login. To land in the B2B Home folder (authorized virtual folders appear under the home folder), leave this field empty.
First Name Attribute	Defines the LDAP vendor column attribute for the first name of the LDAP user.
Last Name Attribute	Defines the LDAP vendor column attribute for the last name of the LDAP user.
Company Name Attribute	Defines the LDAP vendor column attribute for the company name.
Email Attribute	Defines the LDAP vendor column attribute for the email.
Phone Attribute	Determines the LDAP vendor column attribute for the phone number of the external user.
Group Name Attribute	Defines the LDAP vendor column attribute for the LDAP group name.
Member Attribute	Defines the LDAP vendor column attribute for the member.
Member Of Attribute	Defines the LDAP vendor column attribute for the LDAP groups that the user belongs to.
Description Attribute	Defines the LDAP vendor column attribute for the description
SSH Public Key Attribute	Defines the LDAP vendor column attribute for the SSH Public key.
AS2 ID Attribute	Defines the LDAP vendor column attribute for the AS2 ID.
AS2 Certificate Alias Attribute	Defines the LDAP vendor column attribute for the AS2 Certificate Alias.
AS2 Target Folder	Defines the LDAP vendor column attribute for the AS2 Target.
Preferred Language Attribute	Defines the LDAP vendor column attribute for the preferred language.
Timeout	Determines the number of milliseconds to wait before a timeout.

Mail Server Settings

The following table describes notification settings that enables MFT Enterprise to send email notifications to external users that files have arrived.

Notifications are sent when a file is uploaded with SFTP to the Hub as an internal user. The SMTP settings must be valid.

Parameter	Description
SMTP Host	Defines the hostname that sends the email notifications.
SMTP Port	Defines the SMTP port number.
SMTP Username	Defines the username that is used to send the notifications.
SMTP Password	Defines the SMTP password.
SMTP Security Method	Determines one of the following SMTP security methods: SMTP without TLS SMTP with STARTTLS SMTPS (SMTP over TLS)
Sender Address	Defines the email address that is used to send the email notification.
Sender Name	Defines the name of the sender that appears on the notification mail signature. If this field is left empty, then the Company Name defined in Account Settings is used.

Rules Settings

The following table describes timeouts and retention periods for MFT Enterprise Processing rules.

Parameter	Description
Post-transfer Actions Timeout	Determines the number of seconds to wait before a timeout occurs for post-transfer actions to complete before the rule action fails. Default: 300 seconds (5 minutes)
Pre-transfer Actions Timeout	Determines the number of seconds to wait before a timeout occurs for pre-transfer actions to complete before the rule action fails. Default: 30 seconds. Actions that run before transfer delays the download. It is not recommended to define a pre-transfer action that runs for a long time.
External Process Execution Timeout	Determines the maximum number of seconds to wait before a timeout occurs for the Run Script/Command single action Default: 120 seconds.
Rules Output Retention	Determines the number of days to keep rule output files in the <Agent>/cm/AFT/rules_output directory. Default: 5 days