External Users Pane

Getting there


Note: To be able to use this feature you must be running Reflection for Secure IT Web Edition.

You can configure external users to create login accounts that are not associated with the local machine or the domain that the local machine is joined to. External user accounts are managed by the Reflection for Secure IT Web Edition User Manager. Reflection for Secure IT Server for Windows queries the User Manager to authenticate external users, get external user attributes and groups, and update user passwords. All external users run under the privileges of the external user access account you specify when you enable external user access.

Allow access to external users

Enable this setting to provide access to users you have provisioned using Reflection for Secure IT Web Edition User Manager.

You must enable this setting to be able to configure the other items on this pane.

Restrict external users to file transfer sessions

Enabling this setting (the default) disables the following Permissions settings for all external users:

Allow Terminal shell
Allow exec requests
Allow client to server (local) port forwarding
Allow server to client (remote) port forwarding

Caution: Disabling this setting is not recommended. Allowing users access to terminal shells and port forwarding provides knowledgeable external users with greater access to your server. For example, the directory settings you configure from the SFTP Directories pane do not affect which directories are accessible from a terminal session.

User Manager web service


The Reflection for Secure IT server contacts the User Manager web service to authenticate external users. The User Manager is installed and runs on the same host as the Reflection for Secure IT server. This host is specified here as localhost, and is not configurable.


The port used to contact the User Manager web service, which is configured to use 9190 by default. Change this value only if the User Manager has been configured to use a different port.

Verify Connection

Click to confirm that a connection can be established with the User Manager web service.

Account for external user access

External user access account

Specifies a valid local or domain account on Reflection for Secure IT server to act as the "run as" account for external users. External users will run under this account name.

Caution: To limit the access provided to external users, you should select a user who is not a member of the Administrators group on this computer.



Clears the External user access account setting.

Select account

Opens the Select Account dialog box, which you can use to add an account to the credential cache, or select an existing account, to use as the External user access account.


Launch User Manager

Launches the Reflection for Secure IT Web Edition User Manager, which you can use to manage external user accounts.