Skip to main content
Feedback

Users SFTP/FTPS

When adding MFT SFTP or FTPS endpoints to a flow, unique users are created automatically or can be edited or defined as required to access that unique Flow Endpoint and any associated paths.

Requiring unique user accounts for source and target SFTP/FTPS endpoints is a security best practice that helps mitigate risks and enhance the overall security posture of file transfer operations.

caution

Usernames are case sensitive.

Example: Source SFTP User

example SFTP user in the flow endpoint editor

Example: Target FTPS User

example FTPS user in the flow endpoint editor

tip

Multiple users can be associated with a single Flow Endpoint.

The Add or Edit User option lets you create new users to access this Flow Endpoint.

Create a username and choose an authentication type from User Password or SSH Key. Once saved, this new user will be in the User Table.

For additional information about controlling the option of the default user, refer to Feature Flags.

Benefits of unique user accounts:

  • Isolation and Least Privilege: Unique user accounts for both source and target SFTP/FTPS endpoints follows the principle of least privilege and isolation. Each SFTP/FTPS endpoint, whether it's the source or the target, should have its own dedicated user account with the minimum necessary permissions to perform its specific role. This ensures that if a breach or unauthorized access occurs on one endpoint, the attacker's ability to move laterally within the environment is limited. It prevents a compromised account on one endpoint from directly affecting the other.

    • For example, if a shared user account is used for both source and target endpoints, an attacker who gains access to that account (or compromises the password) would have unrestricted access to both sides of the file transfer. With separate accounts, the attacker's ability to propagate their access is constrained, reducing the potential impact of a security breach.

  • Enhanced auditing and accountability: Unique user accounts simplify the process of tracking and attributing actions to specific individuals or processes, making it simpler to identify the source of any security incidents or breaches.

With this practice, you can achieve a more robust and secure file transfer process, effectively mitigating risks associated with unauthorized access.