Authentication, users and admins¶
An authentication method configuration provides the required information to allow SFTPPlus to use a specific method in order to authenticate file transfer accounts and administration account.
Note
Not all authentication method types support authenticating the administrators for the Web Manager service.
The identity configuration defines the users, groups, administrators and roles created as part of the SFTPPlus application.
For these users and administrators the full life-cycle is managed by SFTPPlus.
The sections below will guide you through the available authentication methods and how to configure them.
This section shows you how to create a new authentication method using the Web Manager console or the configuration file.
Learn about the differences between application accounts and operating system accounts and the configuration options available for each.
Learn about the Default Group and how to add and manage new groups in SFTPPlus.
Administrators are users that can manage the SFTPPlus server and its configuration using the Web Manager console. This section covers how to create and manage administrators.
Roles are used to define permissions for administrators. Learn how to create a new role and the available configuration options.
An application authentication method can be used to authenticate users based on accounts defined in the configuration file of SFTPPlus.
Authenticating OS users is possible in SFTPPlus using the os authentication method. This section covers how to configure it and the available options.
A remote HTTP web service can be used to authenticate users in SFTPPlus. This section covers how to configure the HTTP authentication method and the available options.
The local file authentication method allows SFTPPlus to authenticate users defined in a separate configuration file. This section covers the available options for it.
The LDAP authentication method allows SFTPPlus to authenticate users against an LDAP or Active Directory server. This section covers its limitations and available configuration options.
The Entra ID authentication method allows SFTPPlus to authenticate users against Microsoft Entra ID (formerly Azure Active Directory). This section covers the available configuration options and how to set it up.
The google-identity method is used to implement single sign-on authentication using the Google Identity service, allowing Google Workspace accounts to authenticate in SFTPPlus as administrator or file transfer accounts.
The okta-oidc method is used to implement single sign-on authentication using the Okta OpenID Connect service, allowing Okta accounts to authenticate in SFTPPlus as administrators or file transfer accounts.
The radius authentication method can be used to authenticate application type accounts by delegating the authentication to a remote RADIUS UDP server.
This is provided for backward compatibility. Use the security policies to restrict access based on username. This authentication method can be used to block/deny authentication for a configured list of users or administrators.
This is provided for backward compatibility. Use the security policies to restrict access based on source IP. This authentication method can be used to block/deny authentication requests coming from a specific IP address helping to mitigate DDOS attempts to SFTPPlus services.
This is provided for legacy FTP compatibility. This method can be used to authenticate a specific application account by ignoring the provided password or any other credential.