Authentication Methods

The Authentication Type setting on a user controls exactly how that user can login and authenticate to their account. offers a variety of authentication methods to ensure flexibility, security, migration, and compliance. These authentication methods can be configured during user creation and can be modified at any time by site administrators.

Email Signup

When you create a new user and choose Email Signup for the authentication type, an email will be sent to the new user with a link for them to create their password.

Once the user has created their password, their authentication type will change to Password. Users listed with Email Signup in the users table indicate those who haven't configured their password yet.

With email signup as an authentication method, users typically set their own passwords by following your site's password requirements during the signup process. This helps enhance security by avoiding the communication of passwords in plain text to your users and adhering to compliance regulations regarding the storage and management of user passwords.


With Password as an authentication method, site administrators will specify the password. Users can change their password anytime by following your site's password requirements.

Along with the password, users can use API keys, or an SFTP/SSH key to log in via SFTP.

When creating a new user with password as an authentication method, you can optionally enforce the user to change their password when signing up for their account. With this option, users cannot login using their password until they have updated it.

Password and SFTP/SSH Key (SFTP only)

With Password and SFTP/SSH key (SFTP only) as an authentication method, both password and an SFTP/SSH key are required to access your site's resources using a SFTP client. Users with this authentication method can access their account using SFTP only.

This dual authentication method enhances security and serves as a distinct form of two-factor authentication, especially when users have specific security requirements to establish SFTP connections using both the SFTP/SSH Key and a Password.

Import Hashed Password from Another System

This method is typically used for importing or migrating users from a legacy or on-premise system. With this method, you provide a hash of the password rather than the password itself when initially adding or importing the user.

Supported hashes are MD5, SHA1, and SHA256. There is no need to specify the hash function used, as it will be auto-detected.

Imported hashes will be converted into's internal password storage format (based on PKCS5 / PBKDF2) upon first use by the user.

None (Use SSH or API Keys)

Users with an authentication type of None cannot authenticate using a password. Authentication using an API key, or an SFTP/SSH key via SFTP, is allowed. If you have selected None as an authentication method, the site administrator must create API keys or SFTP/SSH keys for that user or system to log in. Typically, this authentication method is used for unattended systems to access your site's resources.

Single Sign On (SSO)

Users will log in using SSO and integrate with your existing SSO provider. Additionally, they may use API keys, or an SFTP/SSH key to log in via SFTP. The only SSO providers that are supported using a direct password via FTP, SFTP, and WebDAV are Active Directory and LDAP. All other SSO providers require the user to set up an API or SFTP key in order to use one of these protocols.

Authentication Using API Keys or SFTP/SSH Keys

API Keys

Users can connect to your site using API keys if their authentication method is Password (set by the site administrator, user, or imported hash), None (using SSH or API keys), or SSO. If your site settings allow it, users who are not site administrators can create and revoke their own API Keys.

API keys are independent from each other and can be easily discarded. Generating unique API keys for each of your applications or systems allows you to revoke them if necessary without disrupting your other integrations.


SFTP authentication relies on cryptographic keys rather than a traditional username and password. When SFTP/SSH keys are added to users, these keys grant access through SFTP and do not provide access via APIs, SDKs, or the web interface.

Users with any authentication method can use SFTP/SSH keys to connect to If your site settings allow it, users who are not site administrators can create or revoke their own SFTP/SSH Keys.

Managing User Authentication

User authentication and permissions can be managed by site administrators using Web UI, APIs, or SDKs.

Users whose accounts are not disabled can use API keys, or SFTP/SSH keys, to connect to their account.

To fully prevent a user from being able to perform any actions, even via an API or SFTP/SSH key, you can disable the user using the Web UI, or using our API/SDK, as a site administrator .

Get Instant Access to

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2024 All right reserved


  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact


(800) 286-8372


9am–8pm Eastern