User Authentication

Configuring and managing user authentication.

• To configure user authentication policies

  SETTINGS > Security Policies > User Auth

Lockouts

A username lockout policy specifies the number of incorrect password a user can enter within a specified time period, after which the user account is locked. Lockouts can be set to expire after a configurable amount of time has elapsed.

Make your selections and click Change Lockout Policy

Options:

• Enable Username Lockouts.
• Lock Out Users After. Number of tries within number of minutes, after which the account is locked
• Expire Lockout after. Number of minutes that must pass after the lockout takes effect before the user can attempt to sign on again. Value of 0 means the lockout period does not expire, and the Admin must reactivate the user

Auth Method (Authentication Method)

By changing the authentication method to an external server, you place the responsibility of user security on that server. If your authentication server is compromised, the data contained within MOVEit Automation might also be compromised. If you switch authentication methods to External Only, users must be configured on the external server in order to be able to sign on to MOVEit Transfer.

Options:

• MOVEit Transfer. The built-in table of usernames and passwords.

  Note: This is the only mode in which the Change password on next signon checks are enforced.

• EXTERNAL Then MOVEit. Use the configured external authentication sources first. If the user fails to authenticate to these sources, fall back on the built-in table of usernames and passwords.
• EXTERNAL Only. Use only the configured external authentication sources.

Authentication Sources

When a user signs on to the organization for the first time, each active authentication source is tried, in the order listed. If a user successfully authenticates to a source, that source is recorded in the user's profile, so that the user is authenticated against it at the next sign-on. (See the Authentication Source Affinity section of the User Profile page for more details).

The Add/Edit External Authentication Sources list is available when the Auth Method is set to EXTERNAL, Then MOVEit or EXTERNAL Only.

Use the up and down arrows in the Actions column to change the order in which the authentication sources are queried. For more information, see External Authentication.

Use the up and down arrows in the Actions column to change the order in which the authentication sources are queried.

For more information about adding and configuring external authentication sources, see External Authentication..

Multi Signons (Multiple Signons)

This section lets an administrator edit the default Deny Multiple Signons setting for the organization. New users will be created with the default setting, and when changed, an option is provided to set all current users with the new setting value.

• Allowed: Users will be allowed to sign on to the MOVEit Transfer server multiple times using the same interface (web, FTP, SSH, etc.) from different IP addresses. For example, a user will be allowed to sign on to the web interface from two different machines.
• Prohibited: Users will not be allowed to sign on to the MOVEit Transfer server multiple times using the same interface (web, FTP, SSH, etc.) from different IP addresses. For example, a user WILL be allowed to sign on to the web interface from one machine, and the FTP interface from another, but will NOT be allowed to sign on to the web interface from two different machines. If there are no existing sessions using the same interface from different IP addresses, the user will be allowed to sign on, and additionally any existing sessions using the same interface from the same IP address will be forcibly terminated.

Expiration

This section is where administrators may list, add, edit, delete, and assign Expiration Policies. These policies govern how accounts that are assigned the policy will be considered expired and removed from the system. For more information about creating and assigning expiration policies, see the Expiration Policies Feature Focus page.

Single Signon

The Single Signon feature allows MOVEit Server to authenticate a user without requiring sign on, provided that user is already signed on to a third-party user directory (such as Microsoft Active Directory) using their network or corporate account. This section is where administrators can set up MOVEit as a service provider and configure one or more identity providers. For information on configuring Single Signon, see the User Authentication - Single Signon page. For information on general requirements, supported functionality, and how to deploy single signon to users, see the Single Signon Feature Focus page.