Skip to main content
Skip table of contents

Users SFTP/FTPS

Requiring unique user accounts for source and target SFTP/FTPS endpoints is a security best practice that helps mitigate risks and enhance the overall security posture of file transfer operations.

When adding Thru SFTP or FTPS endpoints into a flow, unique users are created automatically or can be edited / defined as required to access that unique Flow Endpoint and any associated paths.

Example : Source SFTP User

Example :Target FTPS User

Multiple users can be associated with a single Flow Endpoint.

Using the Add or Edit User option lets you create new users to access this Flow Endpoint.

Create a username and choose an authentication type from User Password or SSH Key

Once saved this new user will be in the User Table

See additional information about controlling the option of the default user in the section on Feature Flags

Isolation and Least Privilege: Requiring unique user accounts for both source and target SFTP/FTPS endpoints follows the principle of least privilege and isolation. Each SFTP/FTPS endpoint, whether it's the source or the target, should have its own dedicated user account with the minimum necessary permissions to perform its specific role. This ensures that if a breach or unauthorized access occurs on one endpoint, the attacker's ability to move laterally within the environment is limited. It prevents a compromised account on one endpoint from directly affecting the other.

For instance, if a shared user account was used for both source and target endpoints, an attacker who gains access to that account (or compromises the password) would have unfettered access to both sides of the file transfer. With separate accounts, the attacker's ability to propagate their access is constrained, reducing the potential impact of a security breach.

Furthermore, this practice also aids in auditing and accountability. With unique user accounts, it becomes easier to track and attribute actions to specific individuals or processes, making it simpler to identify the source of any security incidents or breaches.

In summary, using unique user accounts for source and target SFTP/FTPS endpoints enhances security by enforcing isolation, limiting lateral movement, and adhering to the principle of least privilege, all of which contribute to a more robust and secure file transfer process.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close