Configure Security Settings

Modify security settings for Faspex user accounts, self-registration, external senders and encryption. Go to Server > Configuration > Security to view or modify your server's security settings for Faspex user accounts, self-registration, external senders, and encryption.

Faspex Accounts

Configuration Option	Description
Session timeout	Sessions will time out after the specified number of minutes of inactivity.
Lock users	Lock the user account when login attempts fail under the specified circumstance or after a specified number of days of inactivity.
Remove users	Remove users after a specified number of days of inactivity.
Prevent concurrent login	If enabled, users can only be logged in from one client at a time.
Use strong passwords	If enabled, requires newly created passwords to contain at least one letter, one number and one symbol. Note that existing passwords will remain valid. Administrators may also change the strong password criteria by editing the faspex.yml file, which is located in the following directory: /opt/aspera/faspex/config/faspex.yml Inside faspex.yml, paste the following code (where `StrongPasswordRegex` is the password criteria as a regular expression and `StrongPasswordRequirements` is the description that appears to the user underneath the field): StrongPasswordRegex: (?=.[A-Z])(?=.(\d\|\W\|_)).{7,} StrongPasswordRequirements: "Password must meet this criteria..." For more information on faspex.yml, see Configuring Faspex with faspex.yml
Require new users to change password on first login	If this feature is enabled, new users must enter a new password when they first log in.
Allow locked out users to unlock themselves	If this feature is enabled, locked out users can select the Forgot my password button to have a password reset email sent to them. Using the link, they can reset their email and log in.
Keep user directory private	When set to Yes, prevents a Faspex user (even if they have permissions to send to all Faspex users) from being able to see the entire user directory. You can override this setting on a user-by-user basis by editing their permissions. Important: When the privacy setting is turned on (set to Yes), users who have been assigned the role of Workgroup Admin can still view the entire list of Faspex users via the Workgroup Members page.

Registrations

Configuration Option	Description
Self-registration	Determines if non-users can create or request user accounts. Choose between none (not allowed), moderated (an administrator must approve the account before it is created), and unmoderated (once a user registers, his or her account will be automatically created). If you allow self-registration, the moderated setting is recommended for security. Warning: If self-registration is enabled, then it could be utilized to find out whether a certain account exists on the server. That is, if you attempt to self-register a duplicate account, then you will receive a prompt stating that the user already exists. After a user self-registers (either moderated or unmoderated), his or her account will inherit the permissions of the configured template user and will automatically become members of designated workgroups. To configure the template user, go to Accounts > Pending Registrations and select the user. To set the workgroups that newly created users join, click the workgroups link. Although self-registered users are, by default, not allowed to send packages to other self-registered users, you can modify this setting by selecting Self-registered users can send to one another. Important: To prevent a self-registered account from having the same email address as a full Faspex user, Administrators can add a special option to faspex.yml. You will find faspex.ymlin the following directory: /opt/aspera/faspex/config/faspex.yml Inside faspex.yml, within the "Production:" section, paste the following option and set it to "true": EnforceSelfRegisteredUserEmailUniqueness: true
Terms of service	(Optional) If text is set, then users will be required to accept the statement in order to create an account.
Notify the following emails to approve	This field appears when moderated is selected, above. Input one or more email addresses to notify for moderation. Note that these email addresses are not validated against existing Faspex administrators and/or managers.
Self-registered users can send to one another	When checked, self-registered users will be allowed to send packages to other self-registered users.

Important: If users are allowed to self-register, they see the Request an account link on the login page. After a user clicks this link and completes the form, administrators are prompted under Accounts > Pending Registrations > Actions to Approve or Deny the account.

Outside email addresses

Configuration Option	Description
Allow inviting external senders	When Allow inviting external senders is selected, external senders (those who do not have Faspex accounts) can be invited to send a package. Important: An Administrator can enable or disable this feature for specific users while still retaining the server-wide setting of enabled or disabled. Go to Accounts and select the user to enable or disable this feature. For more information on this setting, see Manage Faspex Users.
Allow public URL	A Public URL can be used by external senders to submit packages to both registered Faspex users and dropboxes. The benefit of using a Public URL is in the time-savings, such that external senders no longer need to be individually invited to submit a package (although that functionality still exists). When a Public URL is enabled and posted to a an email, instant message, website, etc., the following workflow occurs: The external sender clicks the Public URL (which could be for either a dropbox or a registered Faspex user). The sender is directed to page where he or she is asked to enter and submit an email address. A private link is automatically emailed to the sender. The sender clicks the private link and is automatically redirected to a dropbox or Faspex user package submission page. Once the package is submitted through the private link, the dropbox or Faspex user receives it. Thus, when Allow public URL is set to Allow, the Public URL feature is turned on for all Faspex dropboxes and registered users. If Allow dropboxes to individually enable/disable their own public URLs is selected as well, then individual dropboxes can override the server setting and turn off this feature. Individual Faspex users, on the other hand, can override the Public URL server setting for their own accounts by going to Preferences > Misc > Enable public URL and disabling the checkbox. Important: An Administrator can enable or disable this feature for specific users while still retaining the server-wide setting of enabled or disabled. Go to Accounts and click the user. For more information on this setting, see Manage Faspex Users.
Allow sending to external email addresses	Faspex packages can be sent to people who do not have Faspex accounts. When set to Allow, all Faspex users will be able to send to external email addresses, by default. When set to Deny, you must enable this behavior within each individual user account by selecting Sending to external email in their account settings. For more information on this setting, see Manage Faspex Users.
Package link expires	When enabled, the package link will expire after the specified number of days.
Expire after full package download	If this checkbox is enabled, the package link will expire after one download. This is also applicable when the link is forwarded. After the first download, the files must be re-sent in a new package, via Faspex, for the recipient to be able to download them again.

Important: You must click the Update button to apply and save your changes.