Authentication Methods
The Authentication Type setting on a user controls exactly how that user can login and authenticate to their Files.com account. Files.com offers a variety of authentication methods to ensure flexibility, security, migration, and compliance. These authentication methods can be configured during user creation and can be modified at any time by site administrators.
Managing User Authentication
User authentication and permissions can be managed by site administrators using our Web UI, APIs, or SDKs.
Email Signup
When you create a new user and choose Email Signup for the authentication type, an email will be sent to the new user with a link for them to create their password.
Once the user has created their password, their authentication type will change to Password. Users listed with Email Signup in the users table indicate those who haven't configured their password yet.
With email signup as an authentication method, users typically set their own passwords by following your site's password requirements during the signup process. This helps enhance security by avoiding the communication of passwords in plain text to your users and adhering to compliance regulations regarding the storage and management of user passwords.
Password
With Password as an authentication method, site administrators will specify the password. Users can change their password anytime by following your site's password requirements.
Along with the password, users can use API keys, or an SFTP/SSH key to log in via SFTP.
When creating a new user with password as an authentication method, you can optionally force the user to change their password when signing up for their Files.com account. With this option, users cannot login using their password until they have updated it.
Password and SFTP/SSH Key (SFTP only)
Using Password and SFTP/SSH key (SFTP only) as an authentication method, both password and an SFTP/SSH key are required to access your site's resources using a SFTP client. Users with this authentication method can access their account using SFTP only.
This dual authentication method enhances security and serves as a distinct form of two-factor authentication, especially when users have specific security requirements to establish SFTP connections using both the SFTP/SSH Key and a Password.
Import Hashed Password from Another System
This method is typically used for importing or migrating users from a legacy or on-premise system. With this method, you provide a hash of the password rather than the password itself when initially adding or importing the user.
Supported hashes are MD5, SHA1, and SHA256. There is no need to specify the hash function used, as it will be auto-detected.
Imported hashes will be converted into Files.com's internal password storage format (based on PKCS5 / PBKDF2) upon first use by the user.
None (Use SSH or API Keys)
Users with an authentication type of None cannot authenticate using a password. Authentication using an API key, or an SFTP/SSH key via SFTP, is allowed. If you have selected None as an authentication method, the site administrator must create API keys or SFTP/SSH keys for that user or system to log in. Typically, this authentication method is used for unattended systems to access your site's resources.
When a user is created with the None authentication method, they will not be sent a new user welcome email because there is nothing that user can configure for their account. A site administrator must follow up with API Keys or SFTP/SSH keys.
Single Sign On (SSO)
Users will log in using SSO and integrate with your existing SSO provider. Additionally, they may use API keys, or an SFTP/SSH key to log in via SFTP.
The only SSO providers that are supported using a direct password via FTP, SFTP, and WebDAV are Active Directory and LDAP. All other SSO providers require the user to set up an API or SFTP key in order to use one of these protocols.
Authentication Using API Keys or SFTP/SSH Keys
Users whose accounts are not disabled can use API keys, or SFTP/SSH keys, to connect to their Files.com account.
API Keys
Users can connect to your site using API keys if their authentication method is Password (set by the site administrator, user, or imported hash), None (using SSH or API keys), or SSO. If your site settings allow it, users who are not site administrators can create and revoke their own API Keys.
API keys are independent from each other and can be easily discarded. Generating unique API keys for each of your applications or systems allows you to revoke them if necessary without disrupting your other integrations.
Using API Key as the Password
You can also use an API key as the password to sign in to FTP, SFTP, and WebDAV. This is useful for scripts or applications that need to authenticate using these protocols. In this case, the user login name will be @api-[key-id or API key name]
, and the password will be the API key. Using an API key as the password is beneficial when you want to implement two-factor authentication (2FA) for FTP, SFTP, and WebDAV users, but still allow your scripts or applications to sign in securely without 2FA.
SFTP/SSH Keys
SFTP authentication relies on cryptographic keys rather than a traditional username and password. When SFTP/SSH keys are added to users, these keys grant access through SFTP and do not provide access via APIs, SDKs, or the web interface.
Users with any authentication method can use SFTP/SSH keys to connect to Files.com. If your site settings allow it, users who are not site administrators can create or revoke their own SFTP/SSH Keys.
Disabling API Keys or SFTP/SSH Keys for a User
To fully prevent a user from being able to perform any actions, even via an API or SFTP/SSH key, you can disable the user using the Web UI, or using our API/SDK.