User Provisioning and Management

User provisioning, also referred to as onboarding, is a core administrative function for managing access for both internal users and external collaborators. It involves creating user accounts, defining how users authenticate, assigning roles and group memberships, and granting permissions so users can access the appropriate files, folders, and services. Files.com also provides user management features to update user information, security settings, and permissions as access needs evolve over time.

User creation, provisioning, and de-provisioning can be performed individually, in bulk, or automated through integrations with existing directory or identity systems. Automation options support consistent onboarding and off-boarding while reducing manual effort and the risk of configuration errors. Bulk and automated provisioning are especially useful when managing large user populations or frequent access changes.

User creation can also be delegated based on administrative scope. Group Admins can create users within their groups, Partner Admins can create and manage users for their own Partner organization, and users can be created directly within Child Sites, where they inherit that site’s settings, authentication configuration, and access boundaries.

Provisioning Users

Once you've set up your site and established folders for users, whether manually or through automated processes, there are various methods available for user provisioning:

While provisioning users, a critical step is to decide the method which will be used to authenticate the provisioned users. Files.com supports a wide range of authentication methods including the most stringent of enterprise security requirements. Please refer to the authentication methods supported in Files.com. You also have the option to implement Two-Factor Authentication (2FA) for your users, adding an extra layer of security to their Files.com accounts. This requires the use of two different factors for access, enhancing the protection of their account.

Managing Users

Managing users is an ongoing administrative function, ensuring that each user's settings align with their respective roles and responsibilities as well as securing access to the accounts. To manage users, simply type "Users" in the search box at the top of the screen, select the matching result, and click on the preferred Username.

Site Administrators can update user details including name, email address, company name, tags, and internal notes.

They can also manage a user's security settings, including authentication methods and Two-Factor Authentication (2FA). Administrative actions may include resetting passwords, setting password expiration dates, updating protocol access, adding or removing SFTP/SSH keys or API keys, managing IP whitelists, and revoking active desktop connections.

Site administrators can also fine-tune folder or group permissions or modify the permission levels. They can establish access expiration dates, modify user roles or disable the user. Site administrators have the capability to adjust user language, timezone, header text, or notification preferences, as well as review user activity.

Site administrators can also impersonate a user to view the web app exactly as that user sees it. This feature is especially useful after onboarding to confirm that access, permissions, and configurations are correctly applied. The impersonation session is read-only, allowing administrators to review settings without making any changes.

When using LDAP or SCIM integrations with external directory or identity providers, Files.com can automatically apply changes to user attributes, including name and email address. It can also manage group attributes like group names and memberships.

De-provisioning Users

In the context of user lifecycle management, Site Administrators have the ability to de-provision or off-board users. This process acts as a vital security measure, preventing unauthorized access and optimizing resource allocation. Files.com provides Site Administrators with various methods to disable user accounts.

Site Administrators can manually enable or disable individual user accounts as needed. In addition, you can configure your site to automatically manage inactive users through the User Lifecycle Rules.

User Lifecycle Rules allow you to define automated policies based on inactivity duration, authentication method, and user role. These rules can be set to either disable or delete users who have not logged in for a specified number of days. Each rule can include a list of groups, and only users who are in one of those groups will be affected by the rule. You can also configure whether Site Administrators and Folder Admins are included in the scope of these rules.

Site Administrators can configure the site to automatically delete disabled users after they have remained disabled for a specified number of days, helping to clean up disabled accounts.

When a Site Administrator deletes a user manually, they can choose how to handle resources owned by the deleted user, including Share Links, Automations, GPG Keys, Remote Servers, Custom Forms, and folder settings. These resources can be reassigned to another user to maintain visibility and control, or left without an owner if reassignment is not required.

When creating new users, you can set a date for automatic account disabling if the user hasn't logged in by a particular time after their creation. You can also set an access expiration date, after which the account will be disabled. There is also the option to permanently delete user accounts.

When Partners are used, de-provisioning can also occur at the Partner level. Removing a Partner automatically deletes all users associated with that Partner. This ensures that access for the entire external organization is removed cleanly and prevents orphaned user accounts when a partnership ends.

Users provisioned through LDAP or SCIM can be de-provisioned from the same LDAP or SCIM system used for provisioning. This allows for a seamless and automated process, ensuring that user accounts are managed efficiently throughout their lifecycle.