is an evolving platform built with power and flexibility in mind. Customers tell us all the time that they are amazed at how easily the options built into allow them to customize the platform to fit their use case. Our longer-term customers also comment on how far we've come in over a decade of expanding and improving the platform.

Yes, that means there are a large number of options and settings with which to become familiar. Use this page as a quick tour of the settings and where to find them, or come back to it as needed and use the table of contents to go straight to what you need.

Settings Overview Page

Click on the Settings icon in the left vertical navigation panel (or along the bottom if you are using a mobile browser) to see the Settings Overview page. Here you will find a quick scan of the summary state of your site's settings.

To manage your site's settings, click the button at the bottom of one of the settings boxes, or use the tabs in the main settings navigation menu above.

Site Identity

The Site Identity tab is where you customize the look and identity of your site. As is the case with all of the settings you find in the platform, you click a setting to open it, and context help text will appear with the setting to help orient you to its use.

In addition to basic visual customization, if your plan supports custom domain name and custom SMTP, you will find these settings here.

Custom Domain with SSL and Dedicated IP Addresses

People use the custom domain feature for two main reasons:

  • to further brand their site using their own domain name
  • to use a custom SSL certificate and dedicated IP addresses

When you activate a custom domain, you can supply your own SSL certificate, or you can have us provision and maintain one for you. You also receive two dedicated IP addresses, making any whitelisting your IT department or customers need to do in their firewalls much easier to manage.

To learn more about setting up a custom domain, please see this article.

Custom SMTP

With the appropriate plan you can further brand your site by using your own outgoing email server. To learn about configuring your site to use your SMTP server, please see this feature.


The Files tab is where you review and configure your site's behavior managing files. While a number of behaviors are set at the folder level, most of the settings that you access here affect behavior on a site-wide basis. Folder settings that appear in this group provide a consolidated view listing the folders affected by the setting.

File expiration

This is a folder-level setting consolidated here for clarity and convenience. Folders using this setting automatically delete their files after the number of days you set have elapsed for each file. Folder structure is maintained.

File "last modified date" semantics

Use this setting to determine if the modified date of your files will be set by your site, or if you will allow the FTP/SFTP/WebDAV/Web clients your users use to set the modification dates.

Keep deleted files for (backup)

This setting determines how many days files are recoverable, able to be restored, after they are deleted from your site. By default this is set for 30 days, but you can set any number you need. Files deleted within the number of days you set can be restored by our Customer Success department. Files that were deleted before the timeframe you set are not recoverable.

Overwrite behavior

This setting determines what happens when, using the web interface, one of your users attempts to upload a file to a location where one of the same name already exists. One of two things can happen:

  • prompt the user to overwrite the file or cancel the upload
  • automatically append a number to the name of the conflicting file

This setting only affects the web. When not using the web interface, the software client in use determines how overwrites are handled.

Folder encryption

Your files are encrypted by default both in transit and at rest on, but you can use this folder behavior to take file encryption even farther. This setting allows you to turn on additional encryption on a per-folder basis using encryption keys that you control. To learn more, visit this feature to learn how to turn on folder encryption, and this tutorial to learn about generating encryption keys. Safety first!

Region for storage

You choose where, around the globe, your files are stored. Depending on your plan, you might have one storage region, two regions, or you might be able to have all of our storage regions active at once! You might use this feature for compliance, performance, or just to get parts of your file tree closer to geographic locations where your users are concentrated. Visit this feature for more detail and to review a use case example.

You can select the region for any folder in its folder settings area, but you can also view your list of selected regions on the Files setting page here and can edit and add to your selections.

Restricted file extensions

This setting whitelists the allowed file extensions for files your users upload to your site.

Using this setting means that your users site-wide will only be able to upload files that are named with allowed extensions. Files of an allowed type that do not have the appropriate extension in the file name will be denied upload.


"Inboxes" is a popular folder setting that allows you to accept and manage web uploads from people who do not have user credentials for your site.

While you generally set these up in the folder where you would like the files to land, we provide this list here to give you a consolidated view of all of your site's inboxes.

For your convenience, you can also Add and Edit them from this view.

Learn more about using Inboxes here.

As a site administrator, you might want to set a policy for how long any share created for your site lasts until it expires. Use this setting to set the upper limit of what your site-wide policy allows.

Individual users granted sharing permission can still set a lower value on their shares should they want one to have a shorter shelf life.

Similar to share link expiration above, you may want to set a site-wide policy that all share links created for your site must include password protection. When you enable this setting, all shares must be created with a password.

Apply password rules to shares and inboxes

This setting allows you to determine if the complexity rules that you set up for your user accounts will also apply to share links and inboxes. Since share links and inboxes offer strictly limited access and functionality and are intended for a more general, non-credentialed audience, many use cases call for simpler passwords for these features. When your use case is more demanding, and these features need to be locked down tighter, enable this feature to ensure that only secure passwords will be created for them.

HIPAA Business Associate Agreement

If your plan supports HIPAA compliance, this setting area is where you can see if you have a current BAA with us. If you need HIPAA but aren't sure if you're on the right plan, contact your account manager for assistance.

Archive-only mode

This setting turns your account into a mode under which files will never be able to be modified or deleted. This setting can never be turned off once enabled. This mode is typically used by regulated customers who are seeking to use this account as a storage archive for compliance or regulatory purposes.


The Users tab is where you create and manage your user accounts and where you will find options relating to user restrictions, permissions, authentication, and group membership.

Manage Users

Use this area to create new users, individually or using our handy "bulk" feature. Here is where you can also edit users, clone them, or remove them from your site.

Individual user configuration can be quite granular, giving your site administrators a lot of control. Learn more here.

Manage LDAP

Use this setting to manage your LDAP/AD configuration. will connect directly to your server via LDAP or LDAPS for both syncing and authenticating your Active Directory or OpenLDAP users (syncing occurs hourly).

Learn more here.

Groups Matrix

This location provides a handy visual to show you which of your users belong to which of your groups. Click the group names at the top of the columns to sort the user list by group membership!

You can also use this area as a source of quick links to your user detail.

User settings

Globally unique usernames

By default, your site's usernames must be unique to at-large. If you set up a custom domain and enable a custom SSL certificate, you can use this setting to bypass this requirement, allowing any properly-formed user name as long as it's unique within your own site.

Default new user time zone

This setting allows your administrators to determine which time zone appears by default on your new user form.

Disable inactive users

This setting helps you save on our per-seat plans, allowing you to set a number of days of inactivity after which a user account will automatically be disabled. You will not be billed for users who are disabled for the entirety of a billing cycle.

Manage all permissions via groups

Use this setting to manage how folder permissions will be assigned to users. Users with existing permissions can have theirs removed, but all new permissions must be set by their group when you enable this setting.


The Groups tab is where you can create new groups, edit your existing groups, and manage group membership.

For each of your groups, you may add notes for your administrators to see, set up email notifiers, and manage the groups folder permissions.


The Authentication tab is where you manage how your site responds to your users when logging in. The settings available here are part of your primary tool set in establishing a secure environment for your users and data.

SSO Providers

This setting allows your users to authenticate using external single sign-on providers when connecting with their browser. To learn more and to see the list of currently supported SSO providers, visit our feature document here.

Session IP address pinning

With this setting enabled, users will be asked to log in again if their IP Address changes. This could occur when they change networks, such as moving their laptop from the office to their home network. Disabling this setting is required at some office networks which rotate public IP addresses. This setting does not apply to the Desktop app, which uses longer-lived session tokens.

Session Expiration

Use this setting to customize the default 6 hour user session idle timeout lifespan.

Two-factor authentication

If enabled, this setting requires users to log in using a Yubikey hardware security device or an authenticator app (Google Authenticator, Authy, Duo, TOTP) in addition to their password.

Learn about one of every experienced site administrator's favorite security tools by reading more here.

Two-factor authentication methods

Site administrators use this setting to determine which 2FA methods are allowed on your site.

Brute force protection

This setting offers an extra layer of protection for organizations that desire an aggressive level of security, as general brute force protection is already provided by It will lock users out after a given number of failed login attempts, further protecting you from brute force password guessing attempts.

Password recovery via email

This setting controls the ability for users to recover and reset their passwords by email. If enabled, a link to reset passwords will be displayed on the login page.

Password restrictions

You can restrict the length and content of passwords that users may create, as well as disallow a specified number of previously used passwords. Set the number of passwords that can be reused to zero (0) to allow any and all previously used passwords, except in cases where an administrator forces a password change.

Password expiration

If set, users will be required to change their passwords at the interval you specify.

IP Whitelist

This setting allows site administrators to specify the IP addresses that are allowed to access your site. You may specify a range in CIDR format, such as Leave blank to disable this feature. If you are also restricting IP addresses per user, users matching in either place will be allowed to log in.

Login help text

This setting allows site administrators to control the message copy to be displayed on the login screen. Use this area to inform your users whom to contact if they can't log in or if they need an account created.


The Integrations tab is where your site administrators manage how your site interacts with external and third party platforms and systems.

Manage SSL Certificates

When you use a custom domain with your site, you also use your own SSL/TLS certificate, one either provided and maintained by your, or by Use this area to manage your certificate. Learn more here.

Firewall configuration

This area provides the information your network administrators need if outbound access is restricted for any of your users via a firewall. If you have a custom domain and dedicated IP addresses, those will also appear on this page.

API keys

This setting provides a convenient place to create and manage dedicated API keys with an optional expiration date.


Webhooks allow for notifications about your files and folders to be delivered to an external server for follow-up actions. Webhooks are often the trigger for robust automations that our customers build around our REST API.

Amazon SNS notifications

Amazon SNS (Simple Notification Service) allows you to notify users about file activity for potential follow-up actions. You will need your unique ARNs (Amazon Resource Names) to add a notification.

Remote servers

This setting allows site administrators to configure connections from your site via FTP, SFTP, or direct to your Amazon S3 bucket. This feature means that you do not need an intermediary machine to connect to other platforms or storage and transfer systems. Make the connection direct from!

Sync to/from remote server

Once you have one or more remote servers configured (see above), this area allows you to see the syncs you have setup in various folders. You can also add and remove them from here as well as from the folder settings.

FTP mode behavior

By default, connections to your site via FTP will behave like a UNIX FTP server and convert line endings when ASCII mode is enabled. You can instead have our FTP server emulate the behavior of a Windows FTP Server and treat ASCII and Binary mode transfers the same.

Plain/unencrypted FTP support

If you need to support very old devices or clients of the FTP protocol, you can allow plain and unencrypted FTP connections (port 21 without SSL). Allowing these types of connections is dangerous because it will cause passwords and file contents to be transmitted across networks in clear text.

HTTPS,FTPS, and SFTP ciphers

This setting allows compatibility with old browsers and old SFTP/FTP clients by allowing SSLv3, TLSv1.0, SHA1, and other ciphers that are known to be insecure but required by older versions of clients. Enabling this option is dangerous because an uninformed user of your site might think that they are using secure encryption when they are actually using encryption that is broken. You should treat all connections to your site as if they are fully insecure if you use this option. We caution site administrators to use this setting only when absolutely necessary.

SFTP client root folders

If enabled, the FTP Client Root Folder will also be applied to all SFTP connections for users with a Client Root Folder specified.

Desktop Session IP pinning

This setting will force a re-login if signed in to the Desktop app and the user's IP changes. This is a precaution to increase awareness and security when changing networks.

Desktop session lifetime

This setting is where admins determine how long login sessions persist for the Desktop app.


The Account tab is where administrators manage the account and billing information associated with the site.

Contact email

This is where we will send service-related emails. Please make sure that you or someone from your IT team is monitoring this address. Billing emails will be sent to the address specified in the Billing Contact section. Also, any automated emails sent to your users will include a "Reply-To" address with this email. As a result, when one of your users respond to, for example, a notification email, the reply will be sent to this address by default.


This display helps you keep track of your storage usage. You can expand the display to show the breakdown of your top level folders.

Billable usage

Your total usage is a combination of your storage and download bandwidth. This display shows you a snapshot for the current billing period. This calculation is updated several times per day.

Overage notifications

This setting controls what happens if your usage exceeds the storage amount included in your plan.

Current plan

This setting shows your current plan. Any change you make will take place instantly.

Payment details

This form allows you to manage your credit card data or PayPal account connection.

Billing contact

Administrators may update billing contact information at any time. The billing contact is where automatically generated invoices are sent.

Invoice history

Administrators are able to view and download current and past invoices in this location.

Get Instant Access to and Start Collaborating and Automating

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, fill out the short form on the next page, get your account activated instantly, and start setting up your Files and Workflows immediately.

Start My Free Trial