Understanding user management is one of the first essential steps in designing a secure and productive work environment on Files.com. When you combine a well-designed user schema with a thoughtful folder hierarchy, the result is a powerful and secure digital organization ready to scale to meet any enterprise needs.

To get started, log into the web interface as an administrator and navigate to Settings > Users.

Here you will see three main tabs:

Manage Users - where you add and update users and view the user list.

Groups Matrix - where you see a grid showing your groups and users cross-referenced to show which users belong to which groups.

User Settings - where you set general, site-wide, user configurations. These settings are designed to work in their default values right out of the box, but for admins who need to adjust these, we provide detail later in this document.

Before you can begin managing users, you need to add one or more.

Adding Users

Only administrators and group admins can create users. As an administrator, you can add new users from Settings > Users.

Adding via the New User form

Username

This is the username that the user will use to log in via the web interface, desktop app, or FTP client. Usernames are limited to 50 characters. You may choose to use an email address as the username to ensure uniqueness.

Avatar

Choose an image file to serve as this user's avatar. The avatar will appear in place of the default user image in the administrator's user list. The avatar will also appear to the user in the web interface with their user name and in the My account area.

Account enabled

When this setting is toggled to the inactive position, the user is not able to log in. When enabled, the user can log in barring any other conditions, such as brute force policy, that would otherwise prevent successful login.

Prevent this user from being disabled due to inactivity

This setting overrides the site-wide setting at Settings > Users > User Settings > Disable inactive users. When the site-wide setting is configured to deactivate users when they have not logged in for a specified number of days, this setting will override that setting for this user only.

Authentication method

This is the authentication method that this user can use to log in to their account. The default method is 'Email signup' where the user will set up their own password via an emailed link. You also have the option of choosing 'password' and entering the password in the form. You can additionally require password change on first login and/or set password expiration conditions. Other available methods may include single sign-on (SSO) integrations that you have added to your site.

Email

Providing the user's email address allows us to contact them via email with important account information. This may include forgotten password recovery and notifications for file uploads.

Full name

This setting is optional and is for your records only.

Groups

Choose the Groups that this user will belong to.

Access level

Choose whether this user will be a standard user or a site-wide administrator. Site-wide administrators have total authority and access to the site.

Folder permissions

Grant permissions on the folders you want this user to have access to. See Permissions for more information.

Outbound sharing

This setting controls whether the user is able to use the sharing features to generate Share Links.

Shared/bot user

Users flagged as a bot or a shared user are not able to change their own password, email address or time zone, and are exempted from 2FA requirements (if any).

Billing administrator

Choosing Yes for this setting will grant a non-administrative user the ability to see billing and payment information including past invoices.

Header Text

Text that you enter here will appear in the header of every page of the web interface for this user.

Notes

Here you can enter notes that are for your records only.

Advanced settings

Time zone

All times in the web interface will be displayed in this time zone for the user.

FTP/SFTP client root folder

The user will see this folder as the 'home' or root' when logging in via an FTP/SFTP client. The user will not be able to see folders which are parents of this one, even if they have permissions there. This setting only affects FTP/SFTP clients, NOT the web interface, and you still need to give the user permissions to the folder. This is mainly used for providing compatibility with existing FTP/SFTP deployments.

IP whitelist

This setting allows you to limit which IP addresses the user is allowed to connect from. List allowed IPs, one per line. You may specify a range in CIDR format, such as 192.168.1.0/27.

If you are also using a site-wide IP whitelist, users connecting from an IP address matching in either whitelist will be allowed to log in.

Bypass site IP whitelist

If your site uses a site-wide IP whitelist, this setting allows this user to log in from IP addresses not contained in that list. However, this user's IP whitelist will still be enforced (if set).

Plain/unencrypted FTP Support

If changed, this setting will override the site-wide default, which can be set at Settings > Security > Plain/unencrypted FTP Support.

Note: Allowing unencrypted connections is dangerous because it will cause passwords and file contents to be transmitted across networks in clear text.

Access expiration date

You can grant the user temporary access to your site by entering a date here. Access for this user will be blocked after this date occurs (midnight of the selected date).

Protocol access

Use this setting to control which protocols this user will have access to.

You can selectively allow access to:

  • FTP

  • SFTP

  • WebDAV

  • Web, Desktop app, and API

    SFTP keys

    Add SFTP public keys here to allow the user to connect via SFTP without having to type a password. Review the SFTP documentation for more details.

Cloning Users

Administrators can save time when creating a new user by cloning an existing user. This speeds up the user creation process by pre-populating most of the user's settings from the user being cloned, including group membership and permissions.

To clone a user, click the Clone button in the rightmost column of the user list.

You will then be presented with the New User form with the cloned user's settings pre-populated.

Bulk Create

Administrators who manage many users can also save time by using the user Bulk Create tool. This option allows you to pre-populate a CSV template with your user data, then upload the file to create the users.

A CSV example template is provided for you right through the web interface. You can alter the field contents of the template to fit your use case according to the Supported columns grid provided and then populate the template with your data.

The import tool will analyze your uploaded CSV file for any aberrations that need to be corrected.

Updating Users

To update an existing user, navigate to Settings > Users and click on the username in the list or click the Edit button associated with that user.

To update the avatar image, Username, Full name or Email, click the Edit button. Alter the values as needed and then click Save.

To update other aspects of the user, navigate through the tabs and settings listed below, and open or toggle each setting using the Edit button if present, or the activation toggle if present.

General Settings

Account enabled

When this setting is toggled to the inactive position, the user is not able to log in. When enabled, the user can log in barring any other conditions, such as brute force policy, that would otherwise prevent successful login.

Prevent this user from being disabled due to inactivity

This setting overrides the site-wide setting at Settings > Users > User Settings > Disable inactive users. When the site-wide setting is configured to deactivate users when they have not logged in for a specified number of days, this setting will override that setting for this user only.

Language

Set a specific interface language for this user, or leave it set to the site default language.

Time zone

All times in the web interface will be displayed in this time zone for the user.

Groups

This section will list any groups to which this user belongs and will allow you to remove this user from any listed groups and assign the user to additional groups.

Header text

Text that you enter here will appear in the header of every page of the web interface for this user.

Notes

Here you can enter notes that are for your records only.

Email notifications

This section will list any email notification folder behaviors associated with this user. You can also add and delete notifications for this user.

Daily email notification send time

This setting will appear if the user is a site administrator. This setting allows you to specify the time of day that site-generated emails, such as billing notices and other system messages, are sent.

Authentication

Authentication method

This is the authentication method that this user can use to log in to their account. The default method is 'Email signup' where the user will set up their own password via an emailed link. You also have the option of choosing 'password' and entering the password in the form. You can additionally require password change on first login and/or set password expiration conditions. Other available methods may include single sign-on (SSO) integrations that you have added to your site.

Set new password

Open this setting to change this user's password. Note that this action requires re-authentication for security. That means that you enter the new password in the field provided, then confirm the new password in the second field, and for the final step enter your administrator's password (the one you logged in with) in the third field to authorize the change.

Password expiration

Leave the default to use the site-wide setting at Settings > Authentication > Password expiration or set an expiration interval in days for this user requiring the user to change their password each time that interval elapses.

Require password change on next login

Toggle this setting to the active position to require the user to change their password upon next login before they can perform any file operations or any other account actions.

SFTP keys

This section lists any SFTP keys saved for this user. You can add and delete keys from this location.

API keys

This section lists any API keys saved for this user and includes the type of permission belonging to the keys as well as any expiration dates. You can add and delete keys from this location.

Computers with active desktop app connections

This section lists any active desktop app sessions that this user has open. You can close any open session by using the Revoke permission button inline for any session.

IP whitelist

This setting allows you to limit which IP addresses the user is allowed to connect from. List allowed IPs, one per line. You may specify a range in CIDR format, such as 192.168.1.0/27.

If you are also using a site-wide IP whitelist, users connecting from an IP address matching in either whitelist will be allowed to log in.

Bypass site IP whitelist

If your site uses a site-wide IP whitelist, this setting allows this user to log in from IP addresses not contained in that list. However, this user's IP whitelist will still be enforced (if set).

Access expiration date

You can grant the user temporary access to your site by entering a date here. Access for this user will be blocked after this date occurs (midnight of the selected date).

Privileges

Administrator access

Toggle this setting to the activated position to grant this user administrative access. Administrators have full control over all aspects of this site, including access to billing, users, and settings. Only apply this to users you trust!

Shared/bot user

Users flagged as a bot or a shared user are not able to change their own password, email address or time zone, and are exempted from 2FA requirements (if any).

Billing administrator

Choosing Yes for this setting will grant a non-administrative user the ability to see billing and payment information including past invoices.

Protocol access

Use this setting to control which protocols this user will have access to.

You can selectively allow access to:

  • FTP

  • SFTP

  • WebDAV

  • Web, Desktop app, and API

    Outbound sharing

    This setting controls whether the user is able to use the sharing features to generate Share Links.

    Folder permissions

    Grant permissions on the folders you want this user to have access to. See Permissions for more information.

    Groups

    Choose the Groups that this user will belong to.

Other connections

Plain/unencrypted FTP support

If changed, this setting will override the site-wide default, which can be set at Settings > Security > Plain/unencrypted FTP Support.

Note: Allowing unencrypted connections is dangerous because it will cause passwords and file contents to be transmitted across networks in clear text.

FTP/SFTP client root folder

The user will see this folder as the 'home' or root' when logging in via an FTP/SFTP client. The user will not be able to see folders which are parents of this one, even if they have permissions there. This setting only affects FTP/SFTP clients, NOT the web interface, and you still need to give the user permissions to the folder. This is mainly used for providing compatibility with existing FTP/SFTP deployments.

Procoals and ciphers

This section lists the ciphers and connection protocols used by this user and includes the first use as well as the most recent use for a given cipher-protocol combination.

History

This tab displays the history log for this user. The inforamtion displayed is similar to folder history but is limited to actions taken by the currently loaded user.

Pagination buttons, as well as an Export button, are provided at the bottom of the log table.

Groups Matrix

This view is the same that you access via the Groups tab. The grid provides a quick, visual reference showing you your user list and their group memberships.

You are able to sort the list by clicking on the group name at the top of any column to see the members of that group sorted at the top.

You can also click on any user name to navigate to that user's update interface.

User Settings

This user settings group affects all of your users site-wide. In some cases these settings can be over-ridded at the user level.

Globally unique usernames

Files.com is a multi-tenant platform that, by default, requires that all user names across all sites be unique.

If you need to use a user naming convention or have other requirements that mean you need to create user names that may exist in other sites on the platform, you can set up a custom user namespace by:

1) setting up a custom domain for your site 2) toggling this setting to No, this site is using a custom namespace.

Default new user time zone

Select the time zone you would like assigned to all new users upon creation. Time zone can also be set for individuals at the user level.

Disable inactive users

Use this setting to automatically put users who do not log in for a specified number of days into a disabled state.

Disabled users are not charged on monthly per-seat plans.

Manage all permissions via groups

Activating this setting means that all folder permissions must be assigned to groups instead of users. For users to operate within the folders they need, they must be a member of the appropriate group(s).

When you activate this setting, users with existing permissions will still function as before, and administrators can remove individual permissions from these users, but all new permissions must be managed via group definitions.

Get Instant Access to Files.com and Start Collaborating and Automating

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, fill out the short form on the next page, get your account activated instantly, and start setting up your Files and Workflows immediately.

Start My Free Trial