Temporary Users ("Temp Users") can be limited to a minimal level of access to MOVEit Automation resources. Temporary users (like other users) can be configured to expire after a certain amount of time has passed. (See the Expiration Policy Feature Focus page for more information about expiration policies)

Temp Users are available to an organization when you configured it for either or both of the following licensed feature sets:

• Ad Hoc Transfer. Person-to-person secure package sharing.
• Secure Folder Sharing. Secure Folder Sharing can enable Temp User to contribute content (uploads), deletion of content, and access to entire folders shared by regular users.

Client/API Access

Temp User are allowed to sign in to MOVEit Transfer through the web and API interfaces, they are not integrated for FTP or SSH interfaces.

File and Folder Rights

Temp Users can view packages sent to them, download files included in the package, and may send packages to users who they are authorized to send to. Temporary users can be granted access to shared folders.

Administrative Rights

Temporary users can change their password.

If the organization administrator configures Ad Hoc Transfer to create 'Temporary Users', when a registered user sends a package, the temporary-user recipients will receive a password for that package only. The temporary-user recipients will log on with that password, and can view a package, download files in it, and reply to the package. The Temporary User will have an account on the MOVEit Transfer system; the Temporary User suits limited-time use scenarios.

If the administrator enables Unregistered Senders along with 'Temporary Users', an unregistered user can self-register as a temporary-user sender. The temporary-user senders will either be automatically logged on after self-registering with a "Captcha" or they will manually log on with password using either a password or "password link" sent by email after they self-register. Then they can create a package, upload files to it, and send it.

Example Scenario 1: Ad Hoc

Erin is a registered Ad Hoc Transfer user. Sending packages to Temp Users was enabled by her MOVEit Transfer Admin. She has the option of sending a MOVEit Transfer package to an email address rather than an exclusive list of registered users in her Contacts list. When composing her new package to a user outside of her org, Rodger, Erin is prompted for his email address, full name, and a password; Erin delivers the password over the phone.

Rodger, a new Temp User has limited access to Ad Hoc Transfer (he can only communicate with Erin) and his account automatically expires after 7 days of inactivity (or according to the temporary user expiration settings established by Erin the administrator).

Example Scenario 2: Ad Hoc Self-Registration

David is an unregistered user, but he has access to a MOVEit Transfer sign on page (or equivalent API) that was configured to enable self-registration for temporary users. He needs to send a package and/or files to Erin, a registered Ad Hoc Transfer user. Normally, Erin would need to get her administrator to add David to the system, but because self-registration as a temporary user was enabled, David can self-register and then send Mary a package to her email address. After David self-registers, enters Mary's email address, his email address, and the letters in the "Captcha" question (to prove he is not a robot). David is then prompted for a password.

David has now been set up as a temporary user. For this package, he has limited access to Ad Hoc Transfer (he can only communicate with Erin) but he has been set up to have wider access (the ability to send to other users) until his account expires. His account will automatically expire after 7 days of inactivity (or according to the temporary user expiration settings established by Erin's administrator).

In a few seconds Mary receives an email that contains a link to the new package David sent to her. She can use her email or MOVEit Transfer account to view the package, download files, and reply and send files to David.

Notes

A Guest User has capabilities similar to a Temporary User, except that the Guest User is further restricted to viewing or sending a single package. If the administrator configures Ad Hoc Transfer to use 'Package Passwords', when a registered user sends a package, the guest-user recipients receive a password for that package only. The guest user recipients log on with that password, and can view a package, download files in it, and reply to the package. The Guest User does not have an account on the MOVEit Transfer system. The Guest User suits one-time use scenarios.

If the administrator enables Unregistered Senders along with 'Package Passwords', an unregistered user can self-register as a guest-user sender. The guest-user senders are either be automatically logged on after self-registering with a "Captcha", or they manually log on using a password sent by email after they self-register. Then they can create a package, upload files to it, and send it.

User accounts provide a basic level of access to the clients, customers and partners of an organization. Each user account has a home directory into which users can upload files for the organization and into which the organization copies files for the user. Through the use of secure sockets, an encrypted channel is used to transport files between a user's home folder and the user's local computer across the Internet.

Users can be granted additional privileges to read files from organizational distribution folder.

A user cannot view the files or activities of other users.

Each user has online access to an audit of every activity that took place against their files or account. In any active organization most MOVEit Transfer accounts are user accounts.

File Rights: Users can transfer files between their local computer and their home folder. If granted permission, a user can read files from one or more distribution folders.

Administrative Rights: Users can track their own files and see when changes were made to their account details. Users can change their own password, contact information, and email address.

Examples:

• Max is an employee in the human resources department of Argyle Industries. Argyle Industries uses Woodstock First Bank to process its payroll. Max wants to securely send his highly sensitive payroll file to Woodstock First Bank. Max should not be allowed to see the payroll files sent in by other companies. Max is an ideal candidate for a user account.
• Fred is a customer of Plaid Software who purchased Kilt software and related support. Plaid Software wants to make the latest version of Kilt available to its customers at all times so it sets up a "Kilt" distribution folder and allows Kilt licensees to download files from this folders. Fred is an ideal candidate for a user account with additional rights to read from the Kilt distribution folder.

GroupAdmin permission is granted to Users on specific Groups. This class of permission does not appear in the "Permission" field of a user's record, but is indicated in the list of groups this user belongs to. Specific permissions of GroupAdmin depend on the specific group settings, but typically a GroupAdmin has a limited ability to add/remove/modify other users in the GroupAdmin's group.

GroupAdmins are typically promoted to their position to allow remote administrators access control over a group of related users. For example, an insurance company might delegate GroupAdmin control to an IT staffer at a partner provider with twenty separate users on the insurance company's MOVEit Transfer. This would allow the IT staffer to control access by employees of his own company.

See Web Interface - Groups - GroupAdmins for more information.

To allow your help desk to change passwords, but not access the MOVEit file system, add all users to an "All Users" group and make the help desk Users GroupAdmins of the "All Users" group.

As of version 19.1, GroupAdmin role is more secure. Admins must grant GroupAdmins parent folder access when GroupAdmins need to assign home folders to users and the home folder path varies from the default user home path (for example: /home/myusername/).

FileAdmin accounts allow selected people in the offices of a single MOVEit Transfer Organization to work with ALL files received from multiple Users and multiple anonymous web form submissions. Because of its relative power, FileAdmin is an optional access level designed as a convenience for small organizations who want to give a small number of individuals access to any file that passes through their organization. Larger organizations will find it useful to divide sections of file authority by assigning privileges to user groups. One exception to this rule are accounts set up to allow MOVEit Automation to connect —MOVEit Automation accounts are commonly FileAdmin accounts.

Tip: Use a FileAdmin account to connect MOVEit Automation to MOVEit Transfer.

File Rights: A FileAdmin can view, edit, move, delete and download files from any folder in their Organization, create new folders, delete folders, upload files from their local computer into the MOVEit Transfer system.

Administrative Rights: A FileAdmin can track any files in his or her Organization including all files uploaded by the Organization's Users. FileAdmins can see when changes were made to their own account details, and change their own password, contact information, or email address

Examples:

• Erik is a corporate accounts specialist with Woodstock First Bank. Erik wants to pick the payroll files from Argyle Industries and several other customers off the MOVEit Transfer system. Erik should not have the power to change the corporate color scheme or add new users. Erik is an ideal candidate for a FileAdmin account.
• A corporation wants to set up MOVEit Automation inside their private network to automatically download and process files received from various customers. IT staff would like MOVEit Automation to browse and pull files from any folder on the MOVEit Transfer system. MOVEit Automation will most likely require a FileAdmin account.

Admin users control the appearance, users, groups and security settings of their Organization. An Administrator can add and delete other users, change colors and specify who users should contact with problems or questions. There will normally be only one or two Administrators for each MOVEit Transfer organization.

File Rights: (same as FileAdmin) An Administrator can view, edit, move, delete and download files from any folder in the Organization. Administrators can create and delete folders, and upload files from their local computer into the MOVEit Transfer system.

Administrative Rights: An Administrator can track any files in the Organization, including all files uploaded by the Organization's Users. An Administrator can see when changes were made to any account in the Organization, add or delete Users, FileAdmins, and Administrators, and can change the password, contact information and email address of any user in the Organization. Administrators can change Organizational settings such as colors, corporate logo, contact information and the "Message of the Day" displayed to everyone who signs in to the Organization.

Example(s):

Linda is a division IT manager responsible for adding and removing user accounts, matching the appearance of the MOVEit Transfer system with her division's web portal, and she oversees file transfer operations (sometimes she needs to use logs or reports to track transfer history). Linda is an ideal candidate for an Administrator account.

SysAdmin accounts have the highest access level. SysAdmin accounts allow people from the organization(s) hosting and/or sponsoring the MOVEit Transfer server to create, configure and remove Organizations. A SysAdmin can also act as an Administrator of any Organization on the MOVEit Transfer system with one important exception: SysAdmins cannot read or write files to or from any particular organization. This restriction enforces the privacy and confidentially of each organization and ensures that the administrators of each system remain in control over those users who work with the local filesystem.

SysAdmin accounts must be protected carefully and used only to establish, configure, or remove organizations, or to change global settings that cannot be changed by any other account. (By default SysAdmins are allowed onto the system only if they are seated at the MOVEit Transfer console.)

Tip: Unless you run a data center with multiple MOVEit Transfer organizations, it is generally easier to do most of your administrative tasks (such as add/delete users) as an Admin in your default organization instead of as a SysAdmin.

File Rights: A SysAdmin can view, download and delete system-wide audit files. SysAdmins cannot view, upload or download files to or from institutions, although SysAdmins can perform these tasks within their own restricted "Org #0".

Administrative Rights: A SysAdmin can track any significant errors which occurred on the system as well as any activities he or she or any other SysAdmin performed. A SysAdmin may enable or disable any file processing service and may add, modify or delete entire Organizations. (More power is available after assuming the role of Administrator for a particular Organization.)

Special Abilities: A SysAdmin can assume the role of an Administrator for any Organization. When a SysAdmin "drills down" into an Organization, a SysAdmin temporarily loses the abilities of a SysAdmin and gains those of that Organization's Administrator, minus the ability to work with files. A SysAdmin can return to full SysAdmin mode by leaving that Organization.

Example(s):

Standard Bank Services purchased MOVEit Transfer to provide secure data transport and collection services to three member banks. Jason is an employee of Standard Bank Services and has been given the task of setting up and maintaining Organizational accounts. As part of his duties Jason also provides help over the phone and he occasionally finds it useful to view Organizational settings. Jason is an ideal candidate for a SysAdmin account.

Anyone who has not signed onto the system is an anonymous user. A user who has signed onto the system becomes an authenticated user.

File Rights: An anonymous user can submit web forms into specific MOVEit Transfer "webpost" folders. Anonymous users cannot upload/download files or send/receive packages.

Administrative Rights: An anonymous user can view the login screen of any Organization. Users who sign in with a valid username and password are granted additional rights. Anonymous users are prohibited from viewing the current version number of product.

Example(s):

• Nancy notices an advertisement on Woodstock First Bank's web site for a CD with a great rate. She clicks on a "sign me up" link which displays a form the bank created. Nancy fills out the form and submits it. The form opens a secure connection across the internet into the MOVEit Transfer system and deposits the information Nancy provided into an encrypted file on the MOVEit Transfer system. Nancy never needed to sign onto the MOVEit Transfer system but she nonetheless took advantage of a MOVEit Transfer feature. Therefore, Nancy is an anonymous user.
• Melissa is an IS employee of Woodstock First Bank and has an account on the MOVEit Transfer system. She opens a browser bookmark on her local system which pops up the MOVEit Transfer system login page. As long as Melissa sees the login page, Melissa is an anonymous user. After she successfully logs in through this page Melissa will be an authenticated user.