Web Edition Users Pane

Getting there

 

Note: To be able to use this feature you must be running Reflection for Secure IT Web Edition.

Use the Web Edition Users pane to provide file access to users who are not members of your Windows domain and to Windows domain users who are working outside your network. These user accounts are managed by the Reflection for Secure IT Web Edition User Manager. Reflection for Secure IT Server for Windows queries the User Manager to authenticate these users. For detailed information provisioning Web Edition users, see the Web Edition Administrator's Guide.

All Web Edition users run under the privileges of the Web Edition user access account that you specify when you enable Web Edition user access.

Allow access to Web Edition users

Enable this setting to provide access to users you have provisioned using Reflection for Secure IT Web Edition User Manager.

You must enable this setting to be able to configure the other items on this pane.

Restrict Web Edition users to file transfer sessions

Enabling this setting (the default) disables the following Permissions settings for all Web Edition users:

Allow Terminal shell
Allow exec requests
Allow client to server (local) port forwarding
Allow server to client (remote) port forwarding

Caution: Disabling this setting is not recommended. Allowing users access to terminal shells and port forwarding provides knowledgeable Web Edition users with greater access to your server. The directory settings you configure from the SFTP Directories pane do not limit which directories are accessible from a terminal session.

User Manager host

The Reflection for Secure IT server contacts the User Manager web service to authenticate Web Edition users. Specify the name or IP address of the computer running the Reflection for Secure IT User Manger service. If all Web Edition services are installed on the same computer, you can leave the default (localhost).

User Manager port

The port used to contact the User Manager web service. User Manger is configured to listen on 9190 by default. Change this value only if the User Manager has been configured to use a different port.

 

Web Edition user access account

Specifies a valid local or domain account on the Reflection for Secure IT server to act as the "run as" account for Web Edition users. Web Edition users will run using the privileges provided by this account.

Choose an account with a password that doesn't expire, or remember to update the credentials for this account as needed.

Caution: To limit the access provided to Web Edition users, you should select a user who is not a member of the Administrators group on this computer. This is particularly important if you cleared Restrict Web Edition users to file transfer sessions.

 

Select account

Opens the Select Account dialog box, which you can use to add an account to the credential cache, or select an existing account, to use as the Web Edition user access account.

 

Activate and verify

You must click this button to complete the Web Edition Users pane configuration. It triggers actions that ensure that the Reflection for Secure IT server can establish a secure connection with the User Manger server. A dialog box display provides information about these steps. You will be prompted to accept the certificate presented by the User Manager server and to restart the Web Transfer service.

Launch User Manager

Launches the Reflection for Secure IT Web Edition User Manager, which you can use to manage Web Edition user accounts.