Site Settings

The following settings you can define for each external site that connects to a Hub:

Account Settings
Policies Settings
Authentication Settings
LDAP Settings for Internal Users
LDAP Settings for External Users
Mail Server Settings

Account Settings

The following table describes the File Exchange settings for each external web application.

Parameter	Description
Site Name	Defines a logical name of the site that can include multiple Hubs and Gateways and has its own users, folders, groups, rules, and settings.
Company Name	Defines your company name that appears in the MFT Enterprise File Exchange web application and email notification signature.
Company Support Email	Defines your company's email address that is available for external users from the File Exchange web application and as the sender address for email notifications. This field can be overwritten by the Sender Name field in the Mail Server Settings .

Policies Settings

The following table describes the policy settings for managing existing files and user and password rules.

Parameter	Description
Manage Existing File	Determines which of the following methods is used to upload an external file that already exists: Overwrite file: Overwrites the existing file (Default) Decline upload: Prevents the file from uploading Rename (add counter): Adds a counter to the filename (<file>-<counter>.<ext>) Rename (add timestamp): Adds a timestamp to the filename (<file><timestamp>.<ext>)
Enable external users to edit their profile	Determines whether external users can edit their profile, such as changing their own password.
Enable external users to delete outgoing files	Determines whether to allow external users to delete files from the outgoing sub-directory. This option is only relevant for Virtual Folders that have limited access to Incoming/Outgoing sub-directories.
Enable simultaneous logins of the same user	Determines whether the same user can be logged in to File Exchange from multiple access points simultaneously.
Enforce account lockout policy	Determines the account lockout policy is enables which activates the settings defined in the parameters below.
Maximum Inactivity Period	Determines the maximum number of days that a user didn not log in to the Hub before the user is locked out. Valid Values: 0, 30-180. If set to 0, this parameter is disabled. Default: 90
Maximum Failed Login Attempts	Determines the maximum number of login attempts before a user is locked out. Valid Values: 3-5 Default: 3
Failed Login Attempts Period	Determines the time period that the user is locked out if the user has exceeded the maximum number of failed login attempts. If the login attempts are outside of this range, the login attempt counter is reset to 1. Valid Values: 1-24 Default: 5
Password Expiration	Determines the number of days before the password expires and the user is locked out. Valid Values: 30-365 Default: 90
Generated Password Expiration	Determines the number of hours before the generated password expires and the user is locked out. Valid Values: 1-24 Default: 24
Expiration Warning Notification	Determines the number of days before the password expires that the user receives notifications about the expiration Valid Values: 1-14 Default: 7
Minimum Password Length	Determines the minimum number of characters required for the password
Enforce complexity rules	Determines whether the password must contain at least one uppercase letter, one lowercase letter, and one digit or symbol.
Enforce user details rules	Determines whether the password cannot contain the username, company name, or email address.
Enforce history rules	Determines whether the user cannot reuse the last 5 passwords.

Authentication Settings

The following table describes the Hub authentication parameters.

Parameter	Description
Gateway Authentication Password	Determines the authentication password between the MFT Enterprise Gateway and the Hub. This is the same password set during the MFT Enterprise Gateway installation. If you change the password, you must the also define the new password in proxyConfig.properties file on the host where the Gateway is installed and restart the Gateway.
Internal users authentication method (SFTP/FTP)	Determines one of the following authentication methods for internal users for both SFTP and FTP: Windows Local Users (Windows only) PAM (UNIX only) LDAP (PAM) You can only authenticate the Control-M/Agent user in non-root mode. To authenticate other users, you must run as root.
External users authentication method	Determines one of the following authentication methods for external users: Authenticate LDAP users Authenticate Control-M MFTE users Both: The user is authenticated first in the MFT Enterprise users list. If the authentication fails, another attempt occurs in the LDAP list.

Parameter

Description

Gateway Authentication Password

Determines the authentication password between the MFT Enterprise Gateway and the Hub. This is the same password set during the MFT Enterprise Gateway installation.

If you change the password, you must the also define the new password in proxyConfig.properties file on the host where the Gateway is installed and restart the Gateway.

Internal users authentication method (SFTP/FTP)

Determines one of the following authentication methods for internal users for both SFTP and FTP:

Windows Local Users (Windows only)
PAM (UNIX only)
LDAP

(PAM) You can only authenticate the Control-M/Agent user in non-root mode. To authenticate other users, you must run as root.

External users authentication method

Determines one of the following authentication methods for external users:

Authenticate LDAP users
Authenticate Control-M MFTE users
Both: The user is authenticated first in the MFT Enterprise users list. If the authentication fails, another attempt occurs in the LDAP list.

LDAP Settings for Internal Users

The following table describes the LDAP or PAM settings for the Hub. These parameters are for internal users only.

Parameter	Description
LDAP Search User	Defines the LDAP Browse user.
LDAP Search Password	Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password.
LDAP Server URL	Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server. ldap(s)://<server>:<port>
Base DN	Defines the starting domain name for the user search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located.
Username Attribute	Defines the LDAP vendor column attribute for the LDAP username.
SSH Public Key Attribute	Defines the name of the LDAP attribute that contains the SSH public key. If you want to retrieve this key from the authorized_keys file instead of LDAP, leave this field empty.
Home Directory	Defines the LDAP Home Directory.
Timeout	Determines the number of milliseconds to wait before a timeout.

The following table describes the PAM authentication parameters:

Parameter	Description
Service name	Defines the PAM service name (default passwd). In non-root mode, you can only authenticate the Control-M/Agent user. To authenticate other users, you must run as root.

LDAP Settings for External Users

The following table describes the LDAP settings for external users.

Parameter	Description
LDAP Search User	Defines the LDAP Browse user that is used to connect to LDAP and search for users.
LDAP Search Password	Defines the password of the user defined in the LDAP Search User field. The value of this field can be left blank if the Search user does not have a defined password.
LDAP Admin User	Determines the LDAP administrator DN. This field is required only if you want to allow external users to change their user profile details.
LDAP Admin Password	Defines the LDAP administrator password.
LDAP Server URL	Defines URL address and port of a directory server, the DN of an entry within that server, or the criteria for performing a search within that server. ldap(s)://<server>:<port>
Base DN	Defines the starting domain name for the user search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com. This field must have a value if the LDAP Search User field is left blank. Otherwise the default value is the domain where the search user is located. You can use multiple Base DNs separated by a semicolon.
Group Search Base DN	Defines the starting domain name for the group search in the directory tree structure. sales.company.us.com,dc=sales, dc=company,dc=us,dc=com.
Username Attribute	Defines the LDAP vendor column attribute for the LDAP username.
Password Attribute	Defines the LDAP vendor column attribute for the LDAP password.
DN Attribute	Defines the LDAP vendor column attribute for the distinguished name.
Default Folder Attribute	Defines the LDAP vendor column attribute for the default virtual folder that the external user lands on after login. To land in the B2B Home folder (authorized virtual folders appear under the home folder), leave this field empty.
First Name Attribute	Defines the LDAP vendor column attribute for the first name of the LDAP user.
Last Name Attribute	Defines the LDAP vendor column attribute for the last name of the LDAP user.
Company Name Attribute	Defines the LDAP vendor column attribute for the company name.
Email Attribute	Defines the LDAP vendor column attribute for the email.
Phone Attribute	Determines the LDAP vendor column attribute for the phone number of the external user.
Group Name Attribute	Defines the LDAP vendor column attribute for the LDAP group name.
Member Attribute	Defines the LDAP vendor column attribute for the member.
Member Of Attribute	Defines the LDAP vendor column attribute for the LDAP groups that the user belongs to.
Description Attribute	Defines the LDAP vendor column attribute for the description
SSH Public Key Attribute	Defines the LDAP vendor column attribute for the SSH Public key.
AS2 ID Attribute	Defines the LDAP vendor column attribute for the AS2 ID.
AS2 Certificate Alias Attribute	Defines the LDAP vendor column attribute for the AS2 Certificate Alias.
AS2 Target Folder	Defines the LDAP vendor column attribute for the AS2 Target.
Timeout	Determines the number of milliseconds to wait before a timeout.

Mail Server Settings

The following table describes notification settings that enables MFT Enterprise B2B to send email notifications to external users that files have arrived. Notifications are sent when a file is uploaded with SFTP to the Hub as an internal user. The SMTP settings must be valid.

Parameter	Description
SMTP Host	Defines the hostname that sends the email notifications.
SMTP Port	Defines the SMTP port number.
SMTP Username	Defines the username that is used to send the notifications.
SMTP Password	Defines the SMTP password.
SMTP Security Method	Determines one of the following SMTP security methods: SMTP without TLS SMTP with STARTTLS SMTPS (SMTP over TLS)
Sender Address	Defines the email address that is used to send the email notification.
Sender Name	Defines the name of the sender that appears on the notification mail signature. If this field is left empty, then the Company Name defined in Account Settings is used.