Accounts
Accounts in UDMG represent the login and authentication credentials that enable your partners (such as customers, vendors, organizations, departments, internal/external users, or automated systems) to exchange files with you and your business ecosystem. As the primary participants in data exchange, Accounts serve as the bridge between your external business relationships and your internal file transfer infrastructure.
Accounts are not to be confused with Users, who are administrative individuals who access your UDMG Admin UI to configure, monitor, and manage data file transfers.
Each Account in a given Domain contains critical information needed to authenticate against a (Local SFTP Server) Endpoint. When associated with a Pipeline via an Account Group, an Account can exchange data with UDMG according to that Pipeline's permissions.
Accounts are not required for file transfers when UDMG is acting as the SFTP client. All connection details are stored in the Remote SFTP Server Endpoint and Pipeline.
Generally speaking, UDMG's flexible Account framework enables the following capabilities:
- Secure Authentication: Partner credentials are protected using modern, one-way hashing algorithms, ensuring they cannot be reversed or exposed.
- Group Assignment: Accounts are associated with Account Groups, representing collections of Accounts with similar traits or permissions.
- Individualized Tracking: Account access is logged, producing a secure audit trail, ensuring complete accountability for all file transfer activities.
- Comprehensive Administration: UDMG offers robust tools for the complete Account lifecycle: creation, configuration, monitoring, and deactivation.
- Directory Integration: Support for external authentication sources like LDAP enables centralized identity management across your organization.
Before You Begin
Account Groups and Pipeline Access
To participate in UDMG file transfers, Accounts must be associated with at least one Account Group, which holds a collection of Pipelines.
- At least one Account Group - Pipeline combination must be associated.
- The Pipeline's Source-Destination pairing determines the type of file transfers and permissions the Account can participate in.
- An Account Group association is not required on Account creation. Accounts can be added to Account Group(s) after saving.
- LDAP Accounts are created with at least one Account Group associated due to LDAP syncing requirements, but can be updated after creation.
To ensure configuration integrity, UDMG performs validation checks whenever an Account Group association is added to an Account. These checks prevent conflicts that could impact file transfers.
-
Analyze all Pipelines within the Account Groups currently associated with the Account.
-
Compare each Pipeline in the newly added Account Group against the existing collection.
-
Verify that each Pipeline combination of Destination Endpoint and Virtual Path is unique.
infoEach Destination Endpoint and Virtual Path combination must be unique within an Account Group and across all Pipelines associated with an Account.
-
Display a detailed error message if a conflict is detected.
Account Credentials
Accounts may require associated Credentials to authenticate with UDMG. The required Credentials depend on the transfer type and the Authentication Method of the Endpoint.
For Accounts participating in SFTP file transfers when UDMG is the SFTP server, an associated Public Key may be required to authenticate with UDMG. The connecting partner maintains their own SSH key pair, with their Public Key shared with UDMG and used to authenticate their SFTP client. Password or key authentication is supported, with key-only authentication used for automated or scripted transfers. This is referred to as passwordless authentication.
When an Account connects to a Local SFTP Server Endpoint, a Public Key is required if the Local SFTP Server's Authentication Method is Public Key or Password + Public Key.
Multiple Credentials can be associated with an Account (e.g., multiple SSH public keys).
Login Methods
UDMG supports two Account creation and login methods, providing flexibility and scalability options.
- Standard Authentication: The default method uses a manually set username and password.
- LDAP Authentication: This method automatically creates and authenticates Accounts against users in an LDAP server. See LDAP Authentication for instructions on how to configure and set up Account LDAP in UDMG.
Domain Scope
Accounts are created and managed within individual Domains and cannot be shared across Domains. If access is required in multiple Domains, a separate Account must be created for each one.
Adding an Account
There are two ways to add Accounts:
- New LDAP Accounts are automatically generated during an LDAP Sync.
- New Accounts with Standard Authentication can be added manually from the Accounts page.
To add an Account manually, follow these steps:
- From the Sidebar, click Configuration > Accounts.
- Click the Add Account button above the Accounts list.
- Complete the Name and Description for the new Account.
- Add the Username and Password that the Account will use to authenticate with the Local SFTP Server Endpoint.
- Select the Account Groups through which the Account will send file transfers. Account Group association is not required on Account creation.
- Select the Public Key you created earlier from the Credentials dropdown.
- Click Save.
Within the Account form, the Account Group - Pipeline combinations with conflicts are not identified. If there is a conflict between the Account Group - Pipeline combinations selected, then an error is displayed after saving. All Pipelines associated with an Account must have unique Destination Endpoint and Virtual Path combinations.
Field Descriptions
The following table describes the fields that are configured for the Account:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Account Name | The name of the Account. The name of the Account. The Account Name (not the same as the Username used for logging in) is used only for administration and association purposes. | If Login Method is Standard,
| Yes |
| Description | The description of the Account. | No | |
| Login Method | The method the Account uses to log in and authenticate with the specific Endpoints. Options:
|
| Yes |
| Username | Account's login name used to authenticate the Account to the Local SFTP Server. | If Login Method is Standard,
| Yes |
| Password | Account's password used to log in to the Local SFTP Server. | If Login Method is Standard,
| Yes |
| Confirm Password | Re-entered password. | Must match the Password field. | Yes |
| Account Groups | Account Groups associated with the Account, chosen from a list of all Account Groups created on the Account Groups page. An Account must be associated with at least one Account Group to send or receive files. | This is a multi-select field that must reference already-created Account Group(s). | No |
| Credentials | The Credentials used by this Account for authentication with an Endpoint. For SFTP file transfers, select a Public Key if authentication requires it. | This is multi-select field that must reference already-created Credentials. | No |
Editing an Account
To edit an Account, follow these steps:
- From the Sidebar, select Configuration > Accounts.
- Click the Name of the Account you want to edit.
- Click the Edit button above the Account details.
- Edit details for the Account using the Field Descriptions table as a guide.
- Click Save.
Editing an LDAP Account should be done with caution. Changes made, specifically Account details (Username, Password, etc.), will make the two systems out of sync. UDMG allows the Account details to be changed, but they are not "activated" (that is, new password is not usable). If a change is required, then it must be made in both systems (UDMG and external LDAP system).
Managing an Account
Account management includes viewing metadata, verifying associated Account Group - Pipeline combinations, and controlling the Account's enabled status.
Viewing Account Details
To view the details of an Account, follow these steps:
- From the Sidebar, click Configuration > Accounts.
- Click the Name of the Account you want to view.
- Review the Account details.
- To view the associated Credentials, click the Credentials tab.
- To view the associated Account Groups, click the Account Groups tab.
Account Metadata
Account details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Account. |
| Version | Version number of the configuration. Every change increases the number. |
| Enabled | Account's Enabled status. If enabled, field is set to True. |
| Created | Date and time this Account was created. |
| Updated | Date and time this Account was last updated. |
Enabling and Disabling Accounts
Accounts can be Enabled or Disabled to control their active status and ability to participate in file transfers. The status is defaulted to Enabled and can be changed after creation.
- Enabled (default): The Account is active and can participate in file transfers.
- Disabled: The Account is inactive and cannot participate in file transfers.
To enable or disable an Account, follow these steps:
- From the Sidebar, click Configuration > Accounts.
- Click the Name of the Account you want to enable or disable.
- Click the Enable or Disable button above the Account details, depending on the current status.
Changes to the Account's Enabled/Disabled status are not active until the Account reconnects. Disabling an Account is a good alternative to deleting an Account.
Deleting an Account
To delete an Account, follow these steps:
- From the Sidebar, click Configuration > Accounts.
- Click the Name of the Account you want to delete.
- Click the Delete button above the Account details.
- You will be asked to confirm the deletion. Click Delete.
Deletion cannot be undone. Deleting an LDAP Account should be done with caution, as UDMG does not automatically resynchronize with the LDAP directory. To avoid inconsistencies, ensure the Account is also removed from the LDAP system.
Troubleshooting
If an Account is experiencing connection issues, verify the following:
1. Authentication details: Ensure the Account's Username, Password, and any associated Credentials (e.g., SSH keys) are correct and valid.
2. Pipeline and Endpoint status: Confirm that the Pipelines and Endpoints associated with the Account's Account Groups are enabled and properly configured.