User provisioning (or onboarding) is a critical administrative function for managing both internal employees and external users like partners, vendors or customers to ensure they are able to access your Files.com account. It involves creating user accounts, controlling how they authenticate, defining roles, group memberships and granting specific permissions to ensure users have the appropriate access to resources. Additionally, the platform provides user management features for managing user information, security settings, and permissions as this information can change over time.

User creation and provisioning as well as de-provisioning can be automated or performed in bulk, it can even be achieved by integrating with your existing User Directory system.

Provisioning Users

Once you've set up your site and established folders for users, whether manually or through automated processes, there are various methods available for user provisioning:

While provisioning users, a critical step is to decide the method which will be used to authenticate the provisioned users. Files.com supports a wide range of authentication methods including the most stringent of enterprise security requirements. Please refer to the authentication methods supported in Files.com. You also have the option to implement Two-Factor Authentication (2FA) for your users, adding an extra layer of security to their Files.com accounts. This requires the use of two different factors for access, enhancing the protection of their account.

Managing Users

Managing users is an ongoing administrative function, ensuring that each user's settings align with their respective roles and responsibilities as well as securing access to the accounts. To manage users, simply type "Users" in the search box at the top of the screen, select the matching result, and click on the preferred Username.

Site administrators can modify user details like Name, Email address, and Company name or manage security settings, including authentication method or Two-Factor Authentication (2FA), password resets or setting password expiration dates, protocol access updates, adding or removing of SFTP/SSH keys or API keys, IP whitelist management, and revoking active desktop connections.

Site administrators can also fine-tune folder or group permissions or modify the permission levels. They can establish access expiration dates, modify user roles or disable the user. Site administrators have the capability to adjust user language, timezone, header text, or notification preferences, as well as review user activity.

When using LDAP and SCIM integrations with external Directory or Identity Providers, Files.com can automatically apply changes to user attributes, such as name and email address. Additionally, it can manage group attributes like group names and memberships.

Deprovisioning Users

In the context of user lifecycle management, Site Administrators have the ability to de-provision or off-board users. This process acts as a vital security measure, preventing unauthorized access and optimizing resource allocation. Files.com provides various methods to disable user accounts by site administrators.

Site Administrators can manually enable or disable user accounts or the system can automatically disable inactive users, and you can also specify exceptions to this rule.

When creating new users, you can set a date for automatic account disabling if the user hasn't logged in by a particular time after their creation. You can also set an access expiration date, after which the account will be disabled. There is also the option to permanently delete user accounts.

Users provisioned through LDAP or SCIM can be de-provisioned from the same LDAP or SCIM system used for provisioning. This allows for a seamless and automated process, ensuring that user accounts are managed efficiently throughout their lifecycle within the organization.