Users

Updated: 2023-11-22 06:10:28

1. Local User

1.1 Add user

Click User-Local user, click Add to add users.

Options Function Description
Name Account real name
Account number Cannot be modified after successful creation
Password Password can be edited manually or generated automatically
Department Establish a department for users
Forced password change on first login When this function is enabled, user must change the initial password upon the first login
Email Support email login
Department Establish a department for users
Home directory User's personal file storage location
Virtual directory After adding a virtual directory, users can view the user's virtual directory in the foreground and transfer and operate the files in the virtual directory. Support adding multiple virtual directories. Virtual directory alias: based on a path under the user's home directory; virtual directory path: based on a valid path to virtual storage.
Disable access paths Set the paths that the user is prohibited from accessing, so that the front-end user page cannot display the files (folders) of this path, and cannot create, delete, rename, copy, move, upload, or download the files (folders) that are prohibited from accessing. Refer to the rules in the prompt to fill in
Allowed access path Set the path that the user is allowed to access. The foreground user can only see the set path and can set files or folders. You cannot create, delete, rename, copy, move, upload, or download the paths other than the allowed access path. Enter the rules according to the tips
Permissions File list, download files, delete, rename, create folders, upload files, sync folders, move, copy, invite, share
Upload file option After enabling only upload new files, users can only upload newly added files, and cannot upload files with the same name.
Upload and download speed limit Limit the upload and download speed of the user, the default speed is unlimited
Transfer file format Transfer file format is divided into white list and black list. The whitelist is used to configure the file formats that the system allows to upload. Blacklist is used to configure the file formats that the system does not allow to upload. Multiple formats should be separated by ";", such as "txt;iso;mp4".
Transfer File Filtering 1) Support to prohibit setting file filtering conditions on the client-side, users cannot set filtering conditions for sync tasks created in their personal space. 2) Support to skip files whose file names meet certain conditions when transferring, support regular expressions, for example, to filter files starting with test when transferring, enter ^test.*. Support skipping files whose file size exceeds the set size when transferring.
File Transfer Notification Notify administrator when uploading and downloading files
Mailbox sender Send with administrator's configured mailbox: After setting, you need to configure the mailbox in the administrator's background mailbox settings before using. Email notifications such as sharing links will be sent to the mailbox configured by the administrator; Sending by user configured mailbox: After setting, users need to configure the mailbox in the account settings before using. Email notifications such as sharing links will be sent to the mailbox configured by users.
Share download email notification 1) Link and password will be sent in one email 2) Link and password will be sent in different emails
IP Login Whitelist After checking Enable, enter the IP address that allows the user to login in the input box. Multiple IP addresses should be separated by ";", such as "127.0.0.1; 172.16.4.55; 192.169.80.12", and the suggested wildcard [] is supported, such as 172.16.0-1000-100
Email validation Login validation using only password
Sync task frequency When enabled, the frequency of all sync tasks will be in compliance with this setting, users cannot set the frequency when creating and editing sync tasks in the User Portal

1.2 Edit user

 

Can edit user's password/home directory/permissions/speed limit/user group/prohibited path/synchronous directory function/file format transfer restriction/upload file option/file filtering/virtual directory/IP login whitelist/etc. Select any user and click Edit.

1.3 Lock/unlock user

Select any unlocked user and click Lock; for any locked user, click Unlock to unlock.

1.4 Delete user account

Check the users you want to delete and click Delete above. Click confirm to delete successfully.

1.5 Import LDAP/AD domain account

Click Import LDAP/AD domain account to actively import all domain user accounts created by the domain server, provided that you need to configure LDAP/AP domain in User Integration - Third-party Authentication to support this feature.

1.6 Import/Export users

Click Import User to fill in the account, mailbox, and password through the specified template. Click Export User to export the mailboxes, accounts, and names of all accounts.

1.7 Batch edit users

Select the account number that needs to be edited, click Edit to edit the status, directory settings, transmission settings, and security settings of the account number in batches

1.8 Copy user

Select the account you need to copy, click Copy to copy an account with the same settings, but the mailbox, account number, password, and name need to be configured separately.

1.9 Organization

Support the creation department and add users to the department. When importing the AD domain account, it can be imported directly according to the user's organization to facilitate the administrator to manage the user. The system defaults to the Local department.

 

2. User Integration

It supports AD domain user authentication, mailbox user authentication, Linux system user authentication and external http authentication methods, which are interoperable with enterprise internal accounts and easy to operate. Users only need to import an enterprise AD domain account or input email, Linux system account password or external http authentication user account password to log in Raysync system at the front-end.

2.1 LDAP/AD domain authentication

Support Windows Active Directory and OpenLdap 。

Click User Integration - Third-party login authentication, select LDAP/AD domain.

2.1.1 AD domain

Fill in the correct domain server address, domain name, domain username, domain password, click test, the test passed means the information is filled in correctly. Click Save to take effect.

 

Configuration instructions:
User 1 and the group is under the RD organization unit, the RD organization unit is under BU organization unit, the BU organization unit is under abc.com domain. user1 Path: abc.com/BU/RD/group/user1,the group path:abc.com/BU/RD/group
1. If only import user 1 into Raysync, then
Domain account path: cn=user1, ou=RD, ou=BU, dc=abc, dc=com
Domain test account and password: should be user1.
2.If need to configure all the accounts under the group, then
Domain account path: cn=group, ou=RD, ou=BU, dc=abc, dc=com
Domain test account and password: should be a user under RD organization unit.
If need to configure users from multiple organization units, please add the corresponding domain paths.
Note: Import group user not supported, the group users will be displaied on user list after login.
3.If need to import all the account under the RD organization unit, then
Domain account path: ou=RD, ou=BU, dc=abc, dc=com
Domain test account and password: should be a user under RD organization unit.
If need to import users from multiple organization units, please add the corresponding domain paths.
4.If need to import all the users from the domain, then
Domain account path: dc=abc, dc=com
Domain test account and password: should be a user account under abc.com

2.1.1 OpenLdap

 

Configuration instructions:
User 1 and the group is under the RD organization unit, the RD organization unit is under BU organization unit, the BU organization unit is under abc.com domain. user1 Path: abc.com/BU/RD/group/user1,the group path:abc.com/BU/RD/group
then,BindUser: uid=user1,ou=RD,ou=BU,dc=abc,dc=com (Binduser can also be any user in the abc.com domain)
BindPasswd: should be user1
1. If only import user 1 into Raysync, then
Domain account path: uid=user1, ou=RD, ou=BU, dc=abc, dc=com
2.If need to configure all the accounts under the group, then
Domain account path: cn=group, ou=RD, ou=BU, dc=abc, dc=com
If need to configure users from multiple organization units, please add the corresponding domain paths.
Note: Import group user not supported, the group users will be displayed on user list after login.
3.If need to import all the account under the RD organization unit, then
Domain account path: ou=RD, ou=BU, dc=abc, dc=com
If need to import users from multiple organization units, please add the corresponding domain paths.

 

2.2 Email authentication

Click Third-party login authentication, select Email Fill in the correct SMTP host, SMTP port, encryption, SMTP account and SMTP password, and the test pass means the information is filled in correctly. Click Save to take effect.

邮箱鉴权英文

2.3 Unix System authentication

When using the Linux system root authority or sudo authority to start the Raysync service, it supports configuring the Linux system user authentication. Click User Integration - Third-Party Login Authentication, select System Authentication, and click Save. It prompts that the save is successful and the configuration is successful. (The Raysync service started by ordinary Linux system users does not have permission to perform this configuration.

2.4 External http authentication

Support using external http service for authentication Click User Integration - Third-Party login authentication, check External http authentication, enter the correct authentication service address, and click Save.

2.5 OpenID Connect

OIDC (OpenID Connect) is an authentication and authorization protocol based on the OAuth 2.0 protocol. It extends OAuth 2.0 to provide a standardized way for identities to enable users to authenticate with third-party applications and authorize those applications to access protected resources.

Raysync oidc authentication implements back-end communication with IDP. Its function is similar to the traditional OAuth process, and it interacts with the Raysync web application to obtain the access token through the traditional OAuth access token method. During this process, the IDP provider does not send user details, but a special one-time code that Raysync Web Services can exchange for an OAuth access token. In addition to the one-time code, this exchange needs to include the client ID and client secret, just like the traditional OAuth 2.0 flow. This token is invisible through the browser and enables Raysync services to authenticate between IDP services.

If you already have your own enterprise management system, you can log in to Raysync using your enterprise management system account.

2.5.1 OKTA Login

2.5.1.1 Create OKTA app

1) Log in to your okta management page, find Applications in the left menu bar, and click Create APP Integration

2) On the pop-up page, select Sign-in method: OIDC - OpenID Connect, and select Application type: Web Application. After completing the selection, click Next

3) Fill in the application information, please make sure the address is accurate

Function Description
App integration name App integration name
Client acting on behalf of a user Authorization Code 
Sign-in redirect URIs

redirect URIs:Your Raysync user portal url + /api/user/oidc/callback.  For example: https://{{RAYSYNC_DOMAIN:8091}}/api/user/oidc/callback

 

4) Set the Assignments. The default selection is as follows. All users running okta. Click Save after completing the selection.

 

2.5.1.2 Get OKTA application information

1) Click on the created APP

2)Get the Client ID、Client Secret

3) In the left menu bar, select API under Security and enter

4) Click on the picture to enter the configuration information of okta

5) Get the Issuer 

6) According to the issuer, obtain the configuration information address of idp. The conversion address is such as: {{issuer}}/.well-known/openid-configuration. After the conversion is completed, enter the address in the browser.

7) From the json information obtained in step 6, obtain authorization_endpoint, token_endpoint, userinfo_endpoint

2.5.1.3 Fill in OKTA  APP information into Raysync 

Fill in the above information into the oidc authentication configuration of the Raysync admin portal and click Save

Click Test Connection. If you successfully jump to OKTA's login page, the configuration is successful. After successful configuration, users can use their OKTA account to log in to Raysync user portal.

 

2.5.2  OneLogin Login

2.5.2.1 Create OneLogin app

1) Login into your management page, click on the upper navigation bar , Applications > Add App

 

2) Search for "OpenId Connect" or "oidc" and select Open Connect (OIDC)

3) Enter a name for the application and click Save

4) In the Configuration tab, configure the application information, make sure the address is accurate, and click Save

Function Description
Login Url

Your Raysync user portal url

https://{{RAYSYNC_DOMAIN:8091}}

Redirect URI's

Your Raysync user portal url + api/user/oidc/callback 

https://{{RAYSYNC_DOMAIN:8091}}/api/user/oidc/callback 

Post Logout Redirect URI's

Your Raysync user portal url

 https://{{RAYSYNC_DOMAIN:8091}}

5) In the SSO tab, select Web for Application Type; select POST as the token endpoint for Authentication Method, and click Save

6) Add users to the application

Click the navigation bar Users > Users, then select a user and click to enter

Click Application and add

Select the application you want to add and click Save

 

2.5.2.2 Get OneLogin application information

1) Click to enter the app

2) Click SSO , get Client ID and Client Secret

3) Get IssuerURL

Click "Well-known Configuration" to get authorization_endpoint, token_endpoint, userinfo_endpoint

 
2.5.2.3 Fill in the OneLogin APP information into Raysync

After saving, click Test Connection. If you jump to the Onelogin login page, the configuration is successful. After successful configuration, users can use their Onelogin account to log in to Raysync user portal.

2.5.3  Google Login

2.5.3.1 Create Google credentials

1) Log in to google console https://console.cloud.google.com

2) Click API & Services

 

 

3) Click Credentials > Create Credentials

 

4) Select OAuth client ID

 

5) Select application type: Web application

 

 

6) Fill in Authorized JavaScript origins and Authorized redirect URIs

 

 

Function Description
Authorized JavaScript origins

Your Raysync user portal url. The address must use a top-level domain name

https://{{RAYSYNC Top-level domain:8091}}

Authorized redirect URIs

Your Raysync user portal url + /api/user/oidc/callback

https://{{RAYSYNC Top-level domain:8091}}/api/user/oidc/callback

 

Click Create

 

7) Download  json file or click to enter your Client to obtain your Client ID and Client secret

 

 

 

 

2.5.3.2 Fill in Google credentials information into Raysync

Log in to the Raysync admin portal , User--User integration--Third-party login auth--OpenID Connect

1) Open the help document

https://accounts.google.com/.well-known/openid-configuration

Get Issuer URL、Authorization Endpoint、Token Endpoint 、Userinfo Endpoint

 

 

 

2) Fill in the configuration information and save

 

4) Click Test Connection

 

 

If you jump to the Google login page, the configuration is successful.

After successful configuration, users can use their Google account to log in to Raysync user portal.

 

2.6 Default authentication permission configuration

After configuring the login authentication method, you can configure the default permission for the authenticated users. LDAP/AD domain & mailbox authentication: The configuration on this page only takes effect for new login accounts with these two authentication methods, and existing login accounts can modify the configuration through the account information list. System & External http authentication: accounts logged in through these two authentication methods will not generate account list in the account information, so if you need to change the account configuration, please edit this page.

配置鉴权英文

We use cookies to ensure that we give you the best experience on our website. By clicking any link on this page you are giving your consent to our Cookies and Privacy Policy.