User Accounts

User accounts represent people and systems that access files, folders, and services within Files.com. They are the foundation for controlling access, enforcing security policies, and maintaining visibility across all activity on a site. Each user account defines identity, authentication methods, permissions, and protocol access, allowing Site Administrators to grant, limit, and revoke access in a consistent and auditable way.

User accounts are created and managed throughout their lifecycle. This includes provisioning users, defining how they authenticate, assigning access and roles, updating settings as requirements change, and de-provisioning access when it is no longer needed. Files.com supports both manual and automated approaches to user management, allowing access to scale without sacrificing control or security.

Organizational Context for Users

User accounts are created within a defined scope that determines what they can access and manage. Depending on how an environment is structured, users belong to a Parent Site, a Child Site, or a Partner.

Child Sites provide full separation of users, data, and settings across environments. Each Child Site operates as an independent site with its own users, policies, authentication configuration, and logs. This model is used when environments must remain isolated for operational, regional, or compliance reasons.

Partners represent external organizations that collaborate with your site. Each Partner contains its own users and automated accounts, all confined to a dedicated area of the site. This allows external organizations to manage their own users and credentials within strict boundaries, without exposing internal users, data, or settings.

Groups and Access Control

Groups provide a logical access layer for managing permissions across users. Instead of assigning permissions to individual users, Site Administrators define access at the group level and apply it to multiple users at once.

Groups reflect the access structure defined in your identity provider, based on departments, teams, or roles. When groups are synchronized from an IdP, membership changes automatically update group membership in Files.com.

When configured, groups can be used to manage folder permissions, protocol access, IP restrictions, and related access controls, allowing access to be applied consistently across users.

Provisioning, Authentication, and Lifecycle Management

User provisioning can be performed individually, in bulk, or through automation. Files.com supports creating users manually, through bulk imports, cloning, APIs, SDKs, and CLI tools, as well as through directory integrations such as LDAP and SCIM. Just-in-time provisioning can also be used to create users automatically when they authenticate through an identity provider.

When users are provisioned, administrators define how they authenticate, including passwords, single sign-on, API keys, and SFTP or SSH keys. Two-factor authentication can be enforced to strengthen account security, and protocol access can be restricted based on user role or purpose.

Over time, access requirements change. Files.com supports managing those changes through group membership updates, configurable permissions, and automated lifecycle policies. User Lifecycle Rules allow inactive or disabled users to be automatically disabled or deleted based on authentication method, inactivity duration, group membership, tags, or partner association. These controls help keep access time-bound and aligned with security and compliance requirements.

Auditing, Logging, and Compliance

All changes to user accounts are logged, including user creation, updates, and deletion. These events are recorded in the Settings Changes logs regardless of whether changes are made through the web interface, APIs, or SDKs. User activity is tracked separately in history logs, providing visibility into actions performed by each user.

This logging model supports audits, investigations, and compliance reviews by preserving a complete record of account lifecycle events and user activity. Automated lifecycle controls, scoped access through Sites, Child Sites, Partners, and Group-based permissions all contribute to reducing the risk of orphaned, inactive, or over-privileged accounts.

By managing users within clear organizational boundaries, using groups for access control, and applying lifecycle automation where appropriate, Site Administrators can scale access safely while maintaining strong governance across Files.com.