Users
Administrative Users are individuals with access to the UDMG Admin UI and UDMG Server REST API, who are responsible for configuring, managing, and monitoring file transfers.
Users are not to be confused with Accounts. Users are responsible for UDMG administration and system management. Accounts represent the entities and configurations that enable your partners (such as customers, vendors, organizations, automated systems) to exchange files with you.
Before You Begin
Domain Scope
Users are created at the Domain level and only have access to Configuration Items within their Domain. Furthermore, Users cannot be shared across Domains. If access to multiple Domains is required, then separate Users must be created for each one.
Login Methods
UDMG supports three User Login Methods (authentication methods), providing flexibility and scalability options to best meet your needs and security requirements. This versatile authentication framework eliminates the need to choose between security and convenience—organizations can leverage existing LDAP infrastructure, implement modern SSO solutions, or maintain standard authentication, all within a single platform.
| Method | Description | Configuration |
|---|---|---|
| Standard Authentication | Uses a manually set username and password stored locally in UDMG. | Create Users with the Adding a User steps. |
| LDAP Authentication | Authenticates UDMG Users against an external LDAP directory and can automatically create Users from directory entries. | Configure the LDAP provider following the steps described in the LDAP Configuration section. |
| Single Sign-On Authentication | Authenticates UDMG Users through an external Identity Provider (IdP) and can automatically provision Users. | Configure the SSO provider/IdP following the steps described in the Single Sign-On Configuration section. |
Concurrent Logins
By default, UDMG restricts each User to a single active session. When a User logs in from a new device or location, any previous session is automatically terminated.
To allow multiple simultaneous sessions per User, set the api.allowConcurrentUserLogin argument to true in the Configuration File and restart UDMG Server by running the following command in the Server's host:
sudo systemctl restart udmg-server
Disabling concurrent logins strengthens security by ensuring that each User can only maintain one active session. However, it may also interrupt legitimate use cases where Users need to stay logged in on multiple devices at the same time.
Two-Factor Authentication
In addition, administrators can require Two-Factor Authentication (2FA) for Users who log in with Standard or LDAP Login Methods. When enabled, Users must enroll in an external authenticator app and provide a time-based one-time code (TOTP) in addition to their primary credentials at each login.
See the 2FA page for management and reset information.
Adding a User
Admins can add Users to their Domain. There are three ways to add Users:
- New Users with Standard Authentication can be added manually from the Users page.
- New LDAP Users are automatically generated during a daily LDAP Sync.
- New Single Sign-On (SSO) Users are automatically provisioned the first time they authenticate via a configured SSO provider (Just-in-Time provisioning).
To add a User manually, follow these steps:
- From the Sidebar, click General > Users.
- Click the Add User button above the Users table.
- Fill out the fields for the new User using the Field Descriptions table as a guide.
- Click Add.
Field Descriptions
This table describes the fields that display on the new User form.
| Name | Description | Specifications | Required |
|---|---|---|---|
| Role | The Role for this User. Options:
|
| Yes |
| User ID (Username) | User identifier used when logging in. | If Login Method is Standard,
| Yes |
| First Name | User's first name. | Must follow the Standard Naming Pattern. | Yes |
| Last Name | User's last name. | Must follow the Standard Naming Pattern. | Yes |
| User's email address. | Must be a valid email address. | No | |
| Password | User's password used when logging in. | If Login Method is Standard, the Password must follow the global password policy set in the Global Config file. | Yes |
| Confirm Password | Re-enter the Password. | Re-entered password must match the Password field. | Yes |
| Require Two-Factor Authentication (TOTP) | A toggle switch to enable 2FA. When enabled, the User must enroll in an authenticator app and enter a one-time code at each sign-in. | Login Method must be Standard or LDAP | No |
The Login Method is automatically set based on how the User was created. See User Metadata below for additional details.
Editing a User
Admins can edit Users in their Domain. To edit a User, follow these steps:
- From the Sidebar, click General > Users.
- Click the Username of the User you want to edit.
- Click the Edit button above the User details.
- Edit details for the User, using the Field Descriptions above as a guide.
- Click Update.
Only Users with Standard and LDAP authentication can be edited, and only specific fields remain editable after creation. Users with SSO (SAML/OIDC) authentication cannot be edited. See Authentication page for more information and editable fields.
Managing Users
Viewing User Details
To view the details of a User, follow these steps:
- From the Sidebar, click General > Users.
- Click the Username of the User you want to view.
User details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
User Metadata
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this User. |
| Version | Version number of the latest configuration of the User. |
| Enabled | User's Enabled status. If enabled, field is set to True. |
| Created | Date and time this User was created. |
| Updated | Date and time this User was last updated. |
| Login Method | The method the User uses to log in and authenticate with the UDMG Admin UI. If the User is created via LDAP Authentication, LDAP is automatically selected. If the user is created via SSO authentication, SAML or OIDC is automatically selected based on the Protocol. Cannot be modified after creation. If a different Login Method is needed, a new User must be created. Options:
|
| Source | User's Login Method source. For example, ldap://mft-dc1.udmg.local:389. |
| TOTP Enrollment Status | Indicates whether the User has completed Two-Factor Authentication (TOTP) enrollment. Possible values are:
|
Changing a User's Password
If a User's Login Method is Standard, there are two ways to change their password, depending on your role.
-
Admins can change the password of any User, including themselves, by editing the User.
-
All Users can change their own password via the Change Password button on the User Profile.
This is not a "Forgot Password" function. To change your password, you must enter your current password. The new password cannot match the current password.
If a User forgets their password, an Admin must reset their password. As a best practice, the User should change their password afterward to something only they know with the Change Password function.
Enabling and Disabling Users
Admins can Enable or Disable Users to control their access to UDMG.
- Enabled (default): The User can log in to the UDMG Admin UI and access the UDMG Server REST API.
- Disabled: The User cannot log in to the UDMG Admin UI or access the UDMG Server REST API.
To enable or disable a User, follow these steps:
- From the Sidebar, click General > Users.
- Click the Username of the User you want to enable or disable.
- Click the Enable or Disable button above the User details, depending on the current status.
Deleting a User
Admins can delete Users in their Domain. Any User can be deleted except the default System Admin, udmg.sys-admin. To delete a User, follow these steps:
- From the Sidebar, click General > Users.
- Click the Username of the User you want to delete.
- Click the Delete button above the User details.
- You will be asked to confirm the deletion. Click Delete.
Deletion cannot be undone. Deleting an LDAP or SSO User should be done with caution. To avoid inconsistencies, refer to the appropriate authentication page for more information.