Managing Users and Templates

Users

webMethods.io MFT users can connect to listeners exposed in webMethods.io MFT to do file operations in the Virtual Folders. Once you create a user, the user needs to be added to the Virtual Folder with the right access privileges.

Features for Partner Users

This topic provides information about specific features that you can use to configure advanced settings for the user and templates in webMethods.io MFT.

Restrictions for a Partner User

You can define the following restrictions for a user:

• Restrict server availability to specified times and days of the week.
• Restrict particular actions for files that match a specified pattern, and restrict access to subfolders in a folder structure that match a specified pattern.
• Restrict login volume and duration, and specify authentication settings.

Restrictions for Authentication and Login

You can set authentication and login restrictions that specify the maximum number of users who can log in simultaneously, the maximum login and idle times per session, public key and password requirements, and the paths to trusted public SSH key files.

Restrictions for Files

You can restrict particular actions for files that match a specified pattern. For example, you can restrict users from uploading files that end with .exe. You can also restrict access to subfolders in the file system that match a specified pattern.

Restrictions for Connections

You can specify the default character encoding for the connection between the user and webMethods.io MFT.

Active Time Window

You can specify the days of the week and the time during which users can connect to webMethods.io MFT.

Note: The days and times are represented in the time zone of the webMethods.io MFT.

Encryption and Decryption

You can define specific file-based encryption and decryption PGP keys for users. These settings will override any encryption assignments set in the template associated with the user.

When encrypted, files are stored on the user’s drive. Encrypted files are decrypted only if they are transferred back through webMethods.io MFT using the same key that was used to encrypt them. When encryption and decryption keys are configured at multiple levels (user, server, and folder), webMethods.io MFT enforces the following order of preference:

1. Users

2. Folders

3. Servers

For example, if user A accesses port 10 and uploads a file in a VFS MN, then webMethods.io MFT checks if the encryption or decryption key is available for user A. If no key is available at the user level, then webMethods.io MFT checks for the folder settings for a key. If no key is present at the VFS level, then webMethods.io MFT checks the server level settings for the key.

File-based Encryption for Templates

You can define specific file-based encryption and decryption PGP keys for users assigned to a template. When files are encrypted, they are stored on a user’s drive in a format that cannot be read outside of webMethods.io MFT. Encrypted files are decrypted only if they are transferred back through webMethods.io MFT using the same key that was used to encrypt them.

You can override the template-level encryption and decryption options for a specific user.

Note: You must obtain the appropriate keystores and ensure that these keystore files reside on the machines that host the webMethods.io MFT on which you perform these configuration tasks.

​

Creating a New Partner User

If a user is not already defined as a My webMethods Server user and does not have an webMethods.io MFT profile, then you can create the user in the My webMethods Server system directory and define a webMethods.io MFT profile for the user.

To create a new user

1. On the navigation pane, select Users > Users.

2. On the Users page, click .

3. In the Create new user dialog box, type the User ID, First name, Last name, and Email address in the respective boxes.

   Note: Ensure that the partner user names are not identical to your Software AG Cloud user names.

4. If you want to change the user’s password, do one of the following:

   • Select Generate random password if you want webMethods.io MFT to create a password.

   • Select Create new password if you want to create a specific password.

5. Click Add to User List.

   Note: This button is enabled only when you provide the user information. You can continue to add more users to the selected users’ list.

6. Click Create.

   webMethods.io MFT adds a webMethods.io MFT profile for the user that appears in the users list.

​

Configuring Advanced Settings for Users

To configure advanced settings

1. On the navigation pane, select Users > Users.

2. In the Users page, select the user to configure additional settings.

3. You can specify the following details:

   Field	Description
   Basic	You can update the user’s First name, Last name, Email address, and the default Template associated with the user.
   Disable login	Select this option if you want to disable a user’s ID and prevent the user from logging on to the server.
   Associated partner
   No partner	Select this option if you do not want to associate the user with either a partner or your enterprise.
   Enterprise	Select this option if you want to associate the user with your enterprise.
   Partner	Select this option if you want to associate the user with a partner, and either select a partner from the list or type a new partner name and click Create.
   Upload preferences: These settings will override any throttling options set in the template associated with the user.
   Maximum speed (Kb/sec)	Type the maximum permissible speed in kilobytes per second for an upload operation.
   Maximum individual file size (MB)	Type the maximum permissible size in megabytes for an uploaded file.
   Maximum amount per session (MB)	Type the maximum amount of data in megabytes that can be uploaded per session.
   Maximum amount per day (MB)	Type the maximum amount of data in megabytes that can be uploaded per day.
   Maximum amount per month (MB)	Type the maximum amount of data in megabytes that can be uploaded per month.
   Download preferences
   Maximum speed (Kb/sec)	Type the maximum permissible speed in kilobytes per second for n download operation.
   Maximum amount per session (MB)	Type the maximum amount of data in megabytes that can be downloaded per session.
   Maximum amount per day (MB)	Type the maximum amount of data in megabytes that can be downloaded per day.
   Maximum amount per month (MB)	Type the maximum amount of data in megabytes that can be downloaded per month.
   Active time window	Days - Select the days you want the server to be available to the user. Time selector - Click to specify the time interval for the user to access the server.
   File name filters	You can configure the file name filters to allow or deny commands (Upload, Download, List, Rename) for files that match a specified pattern. For example, you can restrict a user from uploading files that end with “.exe”. When you configure the file name filters for Listener Preferences and Users, the User file name filer configuration overrides the Listener Preferences configuration. The file name filter is applied on the filename received by the server. For example, if a .pdf file is uploaded after changing the file extension to .txt, then webMethods.io MFT considers it as a .txt file when applying the filters.
   Patterns	Click to add one or more patterns to restrict actions to particular files, and specify the following details: Command: Select a command ( List, Download, Upload or Rename) from the list. Filter type: Select a filter type (Starts with, Ends with, or Contains) from the list. File name: Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”). Note: Any characters except wildcard characters and regular expressions are permitted. webMethods.io MFT treats those characters as part of the file name.
   Block paths matching these patterns	Click to restrict a user’s access to specific folders in the file system, and specify the following details: Pattern and Actions: Type the folder path you want to block. Tip: You can use simple pattern matching by preceding the pattern with the tilde (~) character. For example, to deny user access to the folder /system/bin, you must type: ~/system/bin/*
   Authentication and login
   Maximum simultaneous logins	Type the maximum number of simultaneous logins allowed for the same user.
   Require public key and password (For SFTP listeners)	Select this option if you want webMethods.io MFT to require the user to provide a public key and password.
   Maximum login time per session (min)	Type the maximum number of minutes a user can remain logged in per session.
   Maximum idle time per session (min)	Type the maximum number of minutes a user session can remain idle.
   Trusted Public SSH key alias
   Public SSH key alias	Click and specify certificate alias for the trusted public SSH key files.
   Connection
   Allowed protocols	Select the protocols for which you want to allow connections for from the list.
   Default character encoding	Select the appropriate default character encoding from the list. The default is UTF-8.
   File-based encryption
   Public PGP key alias	Type or browse the certificate alias for the public PGP key.
   File-based decryption
   Private PGP key alias	Type or browse the certificate alias for the private PGP key.

4. Click Save or Save & Close.
   The user is updated with the additional settings.

Modifying a Partner User

To modify a user

1. On the navigation pane, select Users > Users.

2. In the Users tab, select the user that you want to edit.

3. Modify the required configuration settings for the user respectively.

4. Click Save or Save & Close.
   The user is updated with the modified settings.

Password Settings

Password Change (By Administrators)

Administrators of webMethods.io MFT can change or set new passwords.

To set or change a password

1. On the navigation pane, select Users > Users.

2. In the Users page, select the user to configure additional settings.

3. If you want to change the user’s password, click Change Password.

4. In the Change Password dialog box, do one of the following:

   • Select Generate random password. The user receives a password reset link on the configured email ID.
   • Select Create new password, if you want to create a specific password. Select Would you like to inform the changed password to user? to inform the user about the password change, and click Ok.

Password Complexity for Partner Users

webMethods.io MFT allows users to configure the complexity of passwords for their partner users.
The configuration is available at Settings > General settings > Password settings tab, where following aspects can be set:

• Minimum number of lower-case letters
• Minimum number of upper-case letters
• Minimum number of special characters
• Minimum number of numeric characters
• Minimum length of the password

These aspects are applied to all the instances and the restrictions apply to the following scenarios:

• The password restrictions are honored while creating new partner users with Generate random password and Create new password options.
• The password restrictions do not impact the already existing partner users passwords.

Password Change (By Partner Users)

webMethods.io MFT partner users can now set or change their password from the login page of webMethods.io MFT Webclient.

To set or change a password (By webMethods.io MFT partner users)

1. Click Forgot password on the login page.

2. Enter the username and click Get an email with instructions. A password reset link will be sent to the user’s linked email ID.

3. Click the password reset link in your email. You will be redirected to the Change password page after clicking on the link.
   Note: This password reset link can be used once to reset your password. The reset link expires based on the time set in the property “mft.password.change.token.expiry” by the administrator. By default, password reset link expires in 24 hours.

4. Enter a password that matches the minimum requirements in both the Password and Confirm Password boxes.
   Note: The default password complexity requirement is at least one uppercase letter, one lowercase letter, one number and one character among “@$!%*?&”. The minimum length of the password is 8 characters. If users want to change the password complexity then they will have to contact the administrator.

5. Click Proceed. You will receive a password reset confirmation on both email and also on your current screen.

6. Proceed to login by providing your username and the recently reset password. Click Login.

Searching for Users

To search for users

1. On the navigation pane, select Users.

2. On the Users page, specify all or one of the following search criteria:

   Field	Description
   User ID	Type the user ID associated with the user.
   First name	Type the first name of the user.
   Last name	Type the last name of the user.

3. Click Reset to reset the values and Apply for the changes to take effect.
   The user list is populated with the users matching your search criteria.

Templates

A template contains predefined settings such as, limits for upload and download file sizes, server connection restrictions, encryption and decryption settings, and settings to help speed up file transfers. webMethods.io MFT Server applies these settings to all the users associated with a template.

webMethods.io MFT provides a Default Template. The default template provides default settings, which you can modify to meet your requirements. You can also create additional templates and specify any template to use as the default for new users.

Note: You can assign a different template to an existing user and override individual settings for the user.

You can add templates in webMethods.io MFT by configuring basic settings, such as name and description using the quick add feature. To configure additional settings for templates, see Configuring Additional Settings for a Template.

Adding a Template

To add a template

1. On the navigation pane, select Users > Templates.

2. On the Templates page, click .

3. In the Add template dialog box, specify the following details:

   Field	Description
   Name	Type a unique name for the template.
   Description	Type a description for the template.

4. Click Add. The new template appears in the templates list.

Configuring Additional Settings for a Template

To configure additional settings

1. On the navigation pane, select Users > Templates.

2. In the Templates page, select the template for which you want to configure additional settings.

3. You can specify the following details:

   Field	Description
   Basic
   Name	Type a unique name for the template.
   Description	Type a description.
   Default template for new user	Select this option if you want to set this template as the default template for new users. Note: Only one template can be set as the default template. To specify a different default template, save your edits to the current template and switch to the template you want to configure as the default.
   Upload preferences
   Maximum speed (Kb/sec)	Type the maximum permissible speed in kilobytes per second for an upload operation.
   Maximum individual file size (MB)	Type the maximum permissible size in megabytes for an uploaded file.
   Maximum amount per session (MB)	Type the maximum amount of data in megabytes that can be uploaded per session
   Maximum amount per day (MB)	Type the maximum amount of data in megabytes that can be uploaded per day.
   Maximum amount per month (MB)	Type the maximum amount of data in megabytes that can be uploaded per month.
   Download preferences
   Maximum speed (Kb/sec)	Type the maximum permissible speed in kilobytes per second for an download operation.
   Maximum amount per session (MB)	Type the maximum amount of data in megabytes that can be downloaded per session.
   Maximum amount per day (MB)	Type the maximum amount of data in megabytes that can be downloaded per day.
   Maximum amount per month (MB)	Type the maximum amount of data in megabytes that can be downloaded per month.
   Active time window	Do one of the following: - If you want to restrict access to particular days of a week, then under Days, select the required days you want the server to be available to the user. - If you want to restrict access to particular time slots, then under Time selector, click . Select the From Time and To Time from the lists, respectively.
   File name filters	You can configure the file name filters to allow or deny commands (Upload, Download, List, Rename) for files that match a specified pattern. For example, you can restrict a user from uploading files that end with “.exe”. - When you configure the file name filters for Listener Preferences and Users, the User file name filer configuration overrides the Listener Preferences configuration. - The file name filter is applied on the filename received by the server. For example, if a .pdf file is uploaded after changing the file extension to .txt, then webMethods.io MFT considers it as a .txt file when applying the filters.
   Patterns	Click to add one or more patterns to restrict particular actions for certain files, and specify the following details: - Command: Select a command ( List, Download, Upload or Rename) from the list. - Filter type: Select a filter type (Starts with, Ends with, or Contains) from the list. - File name: Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”). Note: Any characters except wildcard characters and regular expressions are permitted. webMethods.io MFT Server treats those characters as part of the file name.
   Block paths matching these patterns	Click to restrict access to specific folders in the file system, and specify the following details: - Pattern and Actions: Type the folder path you want to block. Tip: You can use simple pattern matching by preceding the pattern with the tilde (~) character. For example, to deny user access to the folder /system/bin, you must type: ~/system/bin/*
   Authentication and login
   Maximum simultaneous logins	Type the maximum number of simultaneous logins allowed for the same user.
   Require public key and password	Select this option if you want webMethods.io MFT Server to require the user to provide a public key and password.
   Maximum login time per session (min)	Type the maximum number of minutes a user can remain logged in per session.
   Maximum idle time per session (min)	Type the maximum number of minutes a user session can remain idle.
   Trusted Public SSH key alias
   Public SSH key alias	Click and specify certificate alias for the trusted public SSH key files.
   Connection
   Connection protocols	Select the protocols for which you want to allow connections for from the list.
   Default character encoding	Select the appropriate default character encoding from the list. The default is UTF-8.
   File-based encryption
   Public PGP key alias	Type or browse the certificate alias for the public PGP key. Note: You can use the wm.mft.security.pgp:generatePGPKeyFiles service to generate an OpenPGP key pair. For details, see webMethods ActiveTransfer Built-In Services Reference.
   File-based decryption
   Private PGP key alias	Type or browse the certificate alias for the private PGP key.

4. Click Save or Save & Close. The template is updated with the additional settings.

Modifying a Template

To modify a template

1. On the navigation pane, select Users > Templates.
2. On the Templates page, click the template that you want to edit.
3. Modify the required configuration settings for the template.
4. Click Save or Save & Close. The template is updated with the modified settings.