Skip to main content
Feedback

User settings

You can modify your personal user settings, change your password, generate API keys, or log out of the platform. The user profile icon shows the customer instance code for the environment you are currently accessing. The Profile Settings page allows you to edit your personal user information.

Changing password

The Change Password page enables you to change your account password.

  1. Go to your account and click the user profile icon.

  2. Select the Change Password option.

  3. In the Current Password field, enter your current password to verify your identity.

  4. In the New Password field, enter your desired new password.

    Make sure your new password meets the specified requirements (For example, length, use of special characters)

  5. In the Confirm Password field, re-enter your new password.

  6. Click Save. A confirmation message appears when the password is changed successfully.

    For security reasons, the MFT portal logs you out and asks you to log in again using your new password.

info

The password must not be found in the breach database for all portal and machine users.

MFT access tokens expire after 10 minutes. The MFT portal logs you out after 20 minutes of inactivity.

Password requirements

For MFT Portal and Machine User Passwords:

  • With Multi-Factor Authentication (MFA):

    • Password Requirements: A minimum of 8 characters is required.
    • Password Integrity: Any password that has not been reported as breached is permitted.
    • Recommended at least 64 characters, more is better

  • To enhance security without the use of MFA, consider the following guidelines:

    • Password Requirements: Ensure that passwords have a minimum length of 12 characters. This is particularly relevant for Machine users, as they are unable to enable MFA.
    • Password Integrity: Allow any password that is not known to have been compromised in previous breaches.
    • Recommended at least 64 characters, more is better
info

Breach DB Check : Password must not be found in breach DB applies to all portal and machine users.

By adhering to the following standards, you can maintain a higher level of security even in the absence of MFA.

  • You can create passwords up to 256 characters in length.
  • All ASCII/Unicode characters are allowed, including emojis and spaces.
  • Stored passwords are hashed and salted, and never truncated.
  • Prospective passwords are compared against password breach databases and rejected if there’s a match.
  • Passwords do not expire.
  • You are allowed 10 failed password attempts before being locked out of the service.
  • Passwords do not have hints.
  • Complexity requirements — like requiring special characters, numbers or uppercase letters — are not required.
  • Sequential passwords are permitted in MFT as long as they do not fail the requirements above.

Password security tips

  • Choose a strong, unique password
  • Use a combination of uppercase and lowercase letters, numbers, and special characters
  • Avoid using easily guessable information (For example, birthdays, names)
  • Don't reuse passwords across multiple accounts

Lock out and bans

If portal users enter incorrect credentials, they will be locked out and may ultimately face a banning.

After the first two failed attempts, there is an increasing lock out time with each additional failed attempt:

  • 3 attempts, 1 minute lockout
  • 4 attempts, 2 minute lockout
  • 5 attempts, 3 minute lockout
  • 6 attempts, 4 minute lockout
  • 7 attempts, 5 minute lockout
  • 8 attempts, 6 minute lockout
  • 9 attempts, 7 minute lockout

After 10 failed attempts, the user receives the error message “Too many failed login attempts. Account Disabled”.

The user is then banned from access, an instance administrator can unban the user or let the ban time run out.

To unban a user, click the Actions menu and select Unban User.

info

You must be an instance admin to unban users.

API Keys

You can create API keys under your user profile for API authentication to the MFT service.

  1. Click your user profile icon and then click API Keys.

  2. Click Create API Key and configure the following fields:

    • API Key Name - Enter a descriptive name for the key.

    • Expiration - (Optional) Set an expiration date for the key.

      warning

      Integrations that include API keys will break when the key expires.

    • Allowed Organizations - Keys can be associated with Organizations.

    • Allowed APIs - Choose the APIs to which the key has access.

  3. Click Save at the top of the page.

The new key is listed on the API Keys page.

info

When you use an API key from any external application, you must call the header ApiKey.

Vanity URLs

A vanity URL lets you use a custom domain name (For example, transfer.yourcompany.com) for your Automated File Transfer instance instead of the default URL. You can set up and configure vanity URLs using customer-provided SSL certificates. A vanity URL provides:

  • Brand consistency across your digital properties
  • Enhanced user trust and recognition
  • Simplified access for your users

Prerequisites

To implement a vanity URL, you must provide an SSL certificate in either .PFX or .PEM format with the following specifications:

  • Your certificate file should follow this order:

    1. Domain Certificate
    2. Intermediate Certificate 1
    3. Intermediate Certificate 2
    4. Root Certificate

  • The private key must be included in the .PFX or .PEM file

  • Key must be encrypted with a password

  • Supported key types: RSA (2048-bit or higher) or ECC (P-256 or P-384)

Implementation

  1. Prepare your Certificate

    • Combine all certificates and private key into a single .PFX or .PEM file
    • Verify the correct order of certificates
    • Ensure there are no extra spaces or characters between certificates

  2. DNS configuration

    • Create a CNAME record pointing your vanity domain to your Automated File Transfer instance
    • Allow 24-48 hours for DNS propagation

  3. Certificate submission

    • Submit your .PFX or .PEM file through the support ticketing portal
    • Support team validates the certificate chain and private key
    • You will receive a confirmation once the certificate is successfully installed

Before submitting your certificate, verify the following:

  • Certificate chain is complete and properly ordered
  • Domain name matches your intended vanity URL
  • Certificate is currently valid and not expired
  • Private key matches the domain certificate
  • Certificate is in the proper format, either .PFX or .PEM.

Maintenance and Renewal

  • Monitor certificate expiration dates
  • Plan to submit renewed certificates at least 30 days before expiration
  • Maintain consistent certificate chain order when submitting renewals

For assistance with vanity URL configuration or certificate issues, contact our support team.

Security notes

  • Keep your private key secure and never share it with unauthorized parties
  • Use strong encryption for your certificates (minimum 2048-bit RSA)
  • Follow industry best practices for certificate management
  • Regularly audit your SSL configuration for security vulnerabilities
On this Page