Authentication Methods

The Authentication Type setting on a user controls exactly how that user can login and authenticate to their Files.com account. Files.com offers a variety of authentication methods to ensure flexibility, security, migration, and compliance. These authentication methods can be configured during user creation and can be modified at any time by site administrators.

When you create a new user and choose Email Signup for the authentication type, an email will be sent to the new user with a link for them to create their password.

Once the user has created their password, their authentication type will change to Password. Users listed with Email Signup in the users table indicate those who haven't configured their password yet.

With email signup as an authentication method, users typically set their own passwords by following your site's password requirements during the signup process. This helps enhance security by avoiding the communication of passwords in plain text to your users and adhering to compliance regulations regarding the storage and management of user passwords.

With Password as an authentication method, site administrators will specify the password. Users can change their password anytime by following your site's password requirements.

Along with the password, users can use API keys, or an SFTP/SSH key to log in via SFTP.

When creating a new user with password as an authentication method, you can optionally enforce the user to change their password when signing up for their Files.com account. With this option, users cannot login using their password until they have updated it.

With Password and SFTP/SSH key (SFTP only) as an authentication method, both password and an SFTP/SSH key are required to access your site's resources using a SFTP client. Users with this authentication method can access their account using SFTP only.

This dual authentication method enhances security and serves as a distinct form of two-factor authentication, especially when users have specific security requirements to establish SFTP connections using both the SFTP/SSH Key and a Password.

This method is typically used for importing or migrating users from a legacy or on-premise system. With this method, you provide a hash of the password rather than the password itself when initially adding or importing the user.

Supported hashes are MD5, SHA1, and SHA256. There is no need to specify the hash function used, as it will be auto-detected.

Imported hashes will be converted into Files.com's internal password storage format (based on PKCS5 / PBKDF2) upon first use by the user.

Users with an authentication type of None cannot authenticate using a password. Authentication using an API key, or an SFTP/SSH key via SFTP, is allowed. If you have selected None as an authentication method, the site administrator must create API keys or SFTP/SSH keys for that user or system to log in. Typically, this authentication method is used for unattended systems to access your site's resources.

Users will log in using SSO and integrate with your existing SSO provider. Additionally, they may use API keys, or an SFTP/SSH key to log in via SFTP. The only SSO providers that are supported using a direct password via FTP, SFTP, and WebDAV are Active Directory and LDAP. All other SSO providers require the user to set up an API or SFTP key in order to use one of these protocols.

Users can connect to your site using API keys if their authentication method is Password (set by the site administrator, user, or imported hash), None (using SSH or API keys), or SSO. If your site settings allow it, users who are not site administrators can create and revoke their own API Keys.

API keys are independent from each other and can be easily discarded. Generating unique API keys for each of your applications or systems allows you to revoke them if necessary without disrupting your other integrations.

SFTP authentication relies on cryptographic keys rather than a traditional username and password. When SFTP/SSH keys are added to users, these keys grant access through SFTP and do not provide access via APIs, SDKs, or the web interface.

Users with any authentication method can use SFTP/SSH keys to connect to Files.com. If your site settings allow it, users who are not site administrators can create or revoke their own SFTP/SSH Keys.

User authentication and permissions can be managed by site administrators using Web UI, APIs, or SDKs.

Users whose accounts are not disabled can use API keys, or SFTP/SSH keys, to connect to their Files.com account.

To fully prevent a user from being able to perform any actions, even via an API or SFTP/SSH key, you can disable the user using the Web UI, or using our API/SDK, as a site administrator .