User Accounts

User accounts represent the people and systems that access files, folders, and services within Files.com. They are the foundation for controlling access, enforcing security policies, and maintaining visibility into activity on a site. Each user account defines identity, authentication methods, permissions, and protocol access, so Site Administrators can grant, limit, and revoke access in an auditable way.

User accounts are managed throughout their lifecycle: provisioning, defining how they authenticate, assigning access and roles, updating settings as requirements change, and de-provisioning when access is no longer needed. Files.com supports both manual and automated approaches to user management, so access can scale without sacrificing control or security.

Organizational Context for Users

User accounts are created within a defined scope that determines what they can access and manage. Depending on how an environment is structured, users belong to a Parent Site, a Child Site, or a Partner.

Child Sites provide full separation of users, data, and settings across environments. Each Child Site operates as an independent site with its own users, policies, authentication configuration, and logs. This model is used when environments must remain isolated for operational, regional, or compliance reasons.

Workspaces provide isolated environments within a Site for departments, business units, teams, and projects. Each Workspace has its own users, groups, partners, folders, automations, integrations, and notifications. Users created within a Workspace can only see and access resources within that Workspace. Workspace Administrators manage their Workspace on a self-service basis without involving the Site Administrator.

Partners represent external organizations that collaborate with your site. Each Partner contains its own users and automated accounts, all confined to a dedicated area of the site. This lets external organizations manage their own users and credentials within strict boundaries, without exposing internal users, data, or settings.

Groups and Access Control

Groups provide a logical access layer for managing permissions across users. Instead of assigning permissions to individual users, Site Administrators define access at the group level and apply it to multiple users at once.

Groups reflect the access structure defined in your identity provider, based on departments, teams, or roles. When groups are synchronized from an IdP, membership changes there automatically update group membership in Files.com.

Groups can be used to manage folder permissions, protocol access, IP restrictions, and related access controls, so access is applied consistently across users.

Provisioning, Authentication, and Lifecycle Management

User provisioning can be performed individually, in bulk, or through automation. Files.com supports creating users manually, through bulk imports, cloning, APIs, SDKs, and CLI tools, as well as through directory integrations such as LDAP and SCIM. Just-in-time provisioning can also create users automatically when they authenticate through an identity provider.

When users are provisioned, administrators define how they authenticate, including passwords, single sign-on, API keys, and SFTP or SSH keys. Two-factor authentication can be enforced to strengthen account security, and protocol access can be restricted based on user role or purpose.

Access requirements change over time. Files.com supports those changes through group membership updates, configurable permissions, and automated lifecycle policies. User Lifecycle Rules automatically disable or delete inactive users based on authentication method, inactivity duration, group membership, tags, or partner association. These controls keep access time-bound and aligned with security and compliance requirements.

Auditing, Logging, and Compliance

All changes to user accounts are logged, including user creation, updates, and deletion. These events are recorded in the Settings Changes logs regardless of whether the change is made through the web interface, APIs, or SDKs. User activity is tracked separately in history logs, providing visibility into actions performed by each user.

This logging model supports audits, investigations, and compliance reviews by preserving a record of account lifecycle events and user activity. Automated lifecycle controls and scoped access through Sites, Child Sites, Partners, and Group-based permissions reduce the risk of orphaned, inactive, or over-privileged accounts.