Service Integration - Web Integration

Several features enable you to provide integration of MOVEit Transfer with your existing web applications:

External Authentication. Use LDAP, Active Directory, RADIUS, and so on for MOVEit Transfer user authentication.
Single Sign-on. Accept SAML in place of credentials.
Custom Logos and Theme. Apply custom UI themes, logos, and branding.
Session Transfer. Enables opening MOVEit Transfer session from/within another application (without additional sign-on).
Direct Download/Upload. Leverage direct uploads and downloads in your site for performance win (especially with large files).

External Authentication

To keep the user from having to remember multiple login accounts, and to ease maintenance of account databases, use the MOVEit Transfer external authentication feature to tie MOVEit Transfer into your existing user authentication mechanism. MOVEit Transfer supports authenticating against both RADIUS and LDAP servers, along with its own internal user database. If you are using a SAML Identity Provider for authentication, MOVEit Transfer can be configured to use the Identity Provider. See the External Authentication section of the User Policy Settings page for more information.

	Credentials encrypted with SSL (HTTPS or FTPS) or SSH (SFTP).
	Credentials encrypted with shared secret (RADIUS or SSL (LDAP).

Single Sign-on

To allow an existing web application to transfer a verified or already signed-in user seamlessly to MOVEit Transfer, MOVEit Transfer accepts username and password information via HTML form fields. Optimally, the existing web application should provide a secure page with a button the user can click to transfer to the MOVEit Transfer application. For more information, see the Simple Single Signon Support section of the URL Crafting.

MOVEit Transfer also supports SAML Single Signon via a third-party Identity Provider. For more information, see User Authentication - Security Policies- Single Signon.

Custom Logos and Color Schemes

The custom logo and color scheme features of MOVEit Transfer can be used to make the MOVEit Transfer Web UI blend into a company's existing web application or intranet framework as necessary. You can add corporate logos and bullet images, and use the custom HTML header feature to add more advanced header code, such as flash logos or JavaScript menus. Select one of the included stock color schemes, or add a custom color scheme to match it exactly. For more information, see Brand Settings and Custom Schemes.

Example of MOVEit Transfer Rebranded with Custom Styles

Seamless Session Transfer

Some customers use MOVEit Transfer API to provide some MOVEit information and services inside their own web applications. Instead of logging on directly to MOVEit Transfer, visitors of these sites can leverage a web application that uses its own local MOVEit Transfer API client that in turn signs-on to MOVEit Transfer. This model enables companies to provide data and information from their MOVEit Transfer server to visitors without requiring them to leave or be redirected from the company website. However, for more advanced features, such as the MOVEit Wizard, it may be necessary to have the user move to the MOVEit server itself. Normally, the existing session that the MOVEit Transfer API object has with MOVEit cannot be transferred across servers, meaning the user would have to sign-on again to access MOVEit directly.

To promote ease of use, MOVEit provides a mechanism for transferring an existing client session from the API-enabled server to the MOVEit server. First, the host that the MOVEit Transfer API application resides on must be marked as Trusted (see the Trusted Hosts section of the System Remote Access Policy page for more information). Next, the API application must send the user to a special ASPX page provided by MOVEit Transfer, called apilink.aspx, and provide the current session ID using an HTML form. This page takes the session ID argument and sets the appropriate cookie information on the client's browser, then forwards the client to MOVEit Transfer. The following example shows a URL and session ID sent via the HTTP POST method.

Note: Previous versions of MOVEit Transfer documentation suggested using the HTTP GET method to send the session ID. Security best practices calls for leveraging the POST instead of the GET. If your web integration uses HTTP GET, and you want to continue to use the GET method, you must set the the registry object AllowInsecureQueryStrings to a value of "1". This enables GET requests for sensitive transactions, and allows GET requests to include session IDs in apilink.aspx. For more information, see the Registry Settings section in the Technical Reference topic.

The original GET example suggested this:

https://moveit.yourcompany.com/apilink.aspx?sessionid?=<sessionID>

You can use a POST example like the following:

<BODY onload="document.forms[0].submit();">

<FORM action="https://moveit.yourcompany.com" method="POST">

    <INPUT type="hidden" name="transaction" value="signon"/>

    <INPUT type="hidden" name="username" value="{myusername}"/>

    <INPUT type="hidden" name="password" value="{mypassword}"/>

    <NOSCRIPT>

      <P>Press this button to continue:</P>

      <INPUT type="submit" value="Continue"/>

      </NOSCRIPT>

</FORM>

</BODY>

The session ID can be accessed from the MOVEit Transfer API object. See the MOVEit Transfer API documentation for more information.

Provide a Unified, MOVEit Transfer User Experience from Your Custom Web Application

User signs-on to your custom web portal.

After sign-on, their browser session gains access to a valid MOVEit Transfer session ID.

User can access MOVEit Transfer features without experiencing confusing redirects from your custom page, portal, or digital ecosystem.

Using session IDs, you can tailor the workflow to continue the user's session as appropriate, for example:

From pre-established MOVEit Transfer controls in the same window.
Launched in a new frame.
Launched in new browser tab or window.

Direct Upload/Download

MOVEit Transfer supports direct, secure uploads and downloads initiated by other web applications.

Using the direct upload model, you can pass uploads and receive downloads directly via an application that leverages the MOVEit Transfer API Library.

Use the MOVEit Transfer API Library for Direct Uploads

User interacts exclusively with your custom portal, except...

After sign-on, their browser session gains access to a valid MOVEit Transfer session ID.

User benefits from the performance win of direct uploads and downloads using the MOVEit Transfer API.

You can tailor the workflow to continue the session as needed, for example:

From pre-established MOVEit Transfer controls in the same window.
Launched in a new frame.
Launched in new browser tab or window.

Using MOVEit Transfer in this manner allows customers to use MOVEit Transfer for secure storage of all their portal's sensitive files. It also allows customers to take advantage of MOVEit Transfer buffered transfers; otherwise handling of large files is an issue with many portal applications because they attempt to work with files on disk or all at once in memory. Typically, MOVEit Transfer API is used to initiate a secure upload and download by performing a session transfer at the same time. Complete documentation about this procedure (and a sample application) is available in the MOVEit Transfer API Windows documentation set.

See also Direct Download in Advanced Topics - URL Crafting.