Users
Updated: 2023-11-22 06:10:281. Local User
1.1 Add user
Click User-Local user, click Add to add users.
Options | Function Description |
---|---|
Name | Account real name |
Account number | Cannot be modified after successful creation |
Password | Password can be edited manually or generated automatically |
Department | Establish a department for users |
Forced password change on first login | When this function is enabled, user must change the initial password upon the first login |
Support email login | |
Department | Establish a department for users |
Home directory | User's personal file storage location |
Virtual directory | After adding a virtual directory, users can view the user's virtual directory in the foreground and transfer and operate the files in the virtual directory. Support adding multiple virtual directories. Virtual directory alias: based on a path under the user's home directory; virtual directory path: based on a valid path to virtual storage. |
Disable access paths | Set the paths that the user is prohibited from accessing, so that the front-end user page cannot display the files (folders) of this path, and cannot create, delete, rename, copy, move, upload, or download the files (folders) that are prohibited from accessing. Refer to the rules in the prompt to fill in |
Allowed access path | Set the path that the user is allowed to access. The foreground user can only see the set path and can set files or folders. You cannot create, delete, rename, copy, move, upload, or download the paths other than the allowed access path. Enter the rules according to the tips |
Permissions | File list, download files, delete, rename, create folders, upload files, sync folders, move, copy, invite, share |
Upload file option | After enabling only upload new files, users can only upload newly added files, and cannot upload files with the same name. |
Upload and download speed limit | Limit the upload and download speed of the user, the default speed is unlimited |
Transfer file format | Transfer file format is divided into white list and black list. The whitelist is used to configure the file formats that the system allows to upload. Blacklist is used to configure the file formats that the system does not allow to upload. Multiple formats should be separated by ";", such as "txt;iso;mp4". |
Transfer File Filtering | 1) Support to prohibit setting file filtering conditions on the client-side, users cannot set filtering conditions for sync tasks created in their personal space. 2) Support to skip files whose file names meet certain conditions when transferring, support regular expressions, for example, to filter files starting with test when transferring, enter ^test.*. Support skipping files whose file size exceeds the set size when transferring. |
File Transfer Notification | Notify administrator when uploading and downloading files |
Mailbox sender | Send with administrator's configured mailbox: After setting, you need to configure the mailbox in the administrator's background mailbox settings before using. Email notifications such as sharing links will be sent to the mailbox configured by the administrator; Sending by user configured mailbox: After setting, users need to configure the mailbox in the account settings before using. Email notifications such as sharing links will be sent to the mailbox configured by users. |
Share download email notification | 1) Link and password will be sent in one email 2) Link and password will be sent in different emails |
IP Login Whitelist | After checking Enable, enter the IP address that allows the user to login in the input box. Multiple IP addresses should be separated by ";", such as "127.0.0.1; 172.16.4.55; 192.169.80.12", and the suggested wildcard [] is supported, such as 172.16.0-100. 0-100 |
Email validation | Login validation using only password |
Sync task frequency | When enabled, the frequency of all sync tasks will be in compliance with this setting, users cannot set the frequency when creating and editing sync tasks in the User Portal |
1.2 Edit user
Can edit user's password/home directory/permissions/speed limit/user group/prohibited path/synchronous directory function/file format transfer restriction/upload file option/file filtering/virtual directory/IP login whitelist/etc. Select any user and click Edit.
1.3 Lock/unlock user
Select any unlocked user and click Lock; for any locked user, click Unlock to unlock.
1.4 Delete user account
Check the users you want to delete and click Delete above. Click confirm to delete successfully.
1.5 Import LDAP/AD domain account
Click Import LDAP/AD domain account to actively import all domain user accounts created by the domain server, provided that you need to configure LDAP/AP domain in User Integration - Third-party Authentication to support this feature.
1.6 Import/Export users
Click Import User to fill in the account, mailbox, and password through the specified template. Click Export User to export the mailboxes, accounts, and names of all accounts.
1.7 Batch edit users
Select the account number that needs to be edited, click Edit to edit the status, directory settings, transmission settings, and security settings of the account number in batches
1.8 Copy user
Select the account you need to copy, click Copy to copy an account with the same settings, but the mailbox, account number, password, and name need to be configured separately.
1.9 Organization
Support the creation department and add users to the department. When importing the AD domain account, it can be imported directly according to the user's organization to facilitate the administrator to manage the user. The system defaults to the Local department.
2. User Integration
It supports AD domain user authentication, mailbox user authentication, Linux system user authentication and external http authentication methods, which are interoperable with enterprise internal accounts and easy to operate. Users only need to import an enterprise AD domain account or input email, Linux system account password or external http authentication user account password to log in Raysync system at the front-end.
2.1 LDAP/AD domain authentication
Support Windows Active Directory and OpenLdap 。
Click User Integration - Third-party login authentication, select LDAP/AD domain.
2.1.1 AD domain
Fill in the correct domain server address, domain name, domain username, domain password, click test, the test passed means the information is filled in correctly. Click Save to take effect.
Configuration instructions:
User 1 and the group is under the RD organization unit, the RD organization unit is under BU organization unit, the BU organization unit is under abc.com domain. user1 Path: abc.com/BU/RD/group/user1,the group path:abc.com/BU/RD/group
1. If only import user 1 into Raysync, then
Domain account path: cn=user1, ou=RD, ou=BU, dc=abc, dc=com
Domain test account and password: should be user1.
2.If need to configure all the accounts under the group, then
Domain account path: cn=group, ou=RD, ou=BU, dc=abc, dc=com
Domain test account and password: should be a user under RD organization unit.
If need to configure users from multiple organization units, please add the corresponding domain paths.
Note: Import group user not supported, the group users will be displaied on user list after login.
3.If need to import all the account under the RD organization unit, then
Domain account path: ou=RD, ou=BU, dc=abc, dc=com
Domain test account and password: should be a user under RD organization unit.
If need to import users from multiple organization units, please add the corresponding domain paths.
4.If need to import all the users from the domain, then
Domain account path: dc=abc, dc=com
Domain test account and password: should be a user account under abc.com
2.1.1 OpenLdap
Configuration instructions:
User 1 and the group is under the RD organization unit, the RD organization unit is under BU organization unit, the BU organization unit is under abc.com domain. user1 Path: abc.com/BU/RD/group/user1,the group path:abc.com/BU/RD/group
then,BindUser: uid=user1,ou=RD,ou=BU,dc=abc,dc=com (Binduser can also be any user in the abc.com domain)
BindPasswd: should be user1
1. If only import user 1 into Raysync, then
Domain account path: uid=user1, ou=RD, ou=BU, dc=abc, dc=com
2.If need to configure all the accounts under the group, then
Domain account path: cn=group, ou=RD, ou=BU, dc=abc, dc=com
If need to configure users from multiple organization units, please add the corresponding domain paths.
Note: Import group user not supported, the group users will be displayed on user list after login.
3.If need to import all the account under the RD organization unit, then
Domain account path: ou=RD, ou=BU, dc=abc, dc=com
If need to import users from multiple organization units, please add the corresponding domain paths.
2.2 Email authentication
Click Third-party login authentication, select Email Fill in the correct SMTP host, SMTP port, encryption, SMTP account and SMTP password, and the test pass means the information is filled in correctly. Click Save to take effect.
2.3 Unix System authentication
When using the Linux system root authority or sudo authority to start the Raysync service, it supports configuring the Linux system user authentication. Click User Integration - Third-Party Login Authentication, select System Authentication, and click Save. It prompts that the save is successful and the configuration is successful. (The Raysync service started by ordinary Linux system users does not have permission to perform this configuration.
2.4 External http authentication
Support using external http service for authentication Click User Integration - Third-Party login authentication, check External http authentication, enter the correct authentication service address, and click Save.
2.5 OpenID Connect
OIDC (OpenID Connect) is an authentication and authorization protocol based on the OAuth 2.0 protocol. It extends OAuth 2.0 to provide a standardized way for identities to enable users to authenticate with third-party applications and authorize those applications to access protected resources.
Raysync oidc authentication implements back-end communication with IDP. Its function is similar to the traditional OAuth process, and it interacts with the Raysync web application to obtain the access token through the traditional OAuth access token method. During this process, the IDP provider does not send user details, but a special one-time code that Raysync Web Services can exchange for an OAuth access token. In addition to the one-time code, this exchange needs to include the client ID and client secret, just like the traditional OAuth 2.0 flow. This token is invisible through the browser and enables Raysync services to authenticate between IDP services.
If you already have your own enterprise management system, you can log in to Raysync using your enterprise management system account.
2.5.1 OKTA Login
2.5.1.1 Create OKTA app
1) Log in to your okta management page, find Applications in the left menu bar, and click Create APP Integration
2) On the pop-up page, select Sign-in method: OIDC - OpenID Connect, and select Application type: Web Application. After completing the selection, click Next
3) Fill in the application information, please make sure the address is accurate
Function | Description |
---|---|
App integration name | App integration name |
Client acting on behalf of a user | Authorization Code |
Sign-in redirect URIs |
redirect URIs:Your Raysync user portal url + /api/user/oidc/callback. For example: https://{{RAYSYNC_DOMAIN:8091}}/api/user/oidc/callback |
4) Set the Assignments. The default selection is as follows. All users running okta. Click Save after completing the selection.
2.5.1.2 Get OKTA application information
1) Click on the created APP
2)Get the Client ID、Client Secret
3) In the left menu bar, select API under Security and enter
4) Click on the picture to enter the configuration information of okta
5) Get the Issuer
6) According to the issuer, obtain the configuration information address of idp. The conversion address is such as: {{issuer}}/.well-known/openid-configuration. After the conversion is completed, enter the address in the browser.
7) From the json information obtained in step 6, obtain authorization_endpoint, token_endpoint, userinfo_endpoint
2.5.1.3 Fill in OKTA APP information into Raysync
Fill in the above information into the oidc authentication configuration of the Raysync admin portal and click Save
Click Test Connection. If you successfully jump to OKTA's login page, the configuration is successful. After successful configuration, users can use their OKTA account to log in to Raysync user portal.
2.5.2 OneLogin Login
2.5.2.1 Create OneLogin app
1) Login into your management page, click on the upper navigation bar , Applications > Add App
2) Search for "OpenId Connect" or "oidc" and select Open Connect (OIDC)
3) Enter a name for the application and click Save
4) In the Configuration tab, configure the application information, make sure the address is accurate, and click Save
Function | Description |
---|---|
Login Url |
Your Raysync user portal url |
Redirect URI's |
Your Raysync user portal url + api/user/oidc/callback |
Post Logout Redirect URI's |
Your Raysync user portal url |
5) In the SSO tab, select Web for Application Type; select POST as the token endpoint for Authentication Method, and click Save
6) Add users to the application
Click the navigation bar Users > Users, then select a user and click to enter
Click Application and add
Select the application you want to add and click Save
2.5.2.2 Get OneLogin application information
1) Click to enter the app
2) Click SSO , get Client ID and Client Secret
3) Get IssuerURL
Click "Well-known Configuration" to get authorization_endpoint, token_endpoint, userinfo_endpoint
2.5.2.3 Fill in the OneLogin APP information into Raysync
After saving, click Test Connection. If you jump to the Onelogin login page, the configuration is successful. After successful configuration, users can use their Onelogin account to log in to Raysync user portal.
2.5.3 Google Login
2.5.3.1 Create Google credentials
1) Log in to google console https://console.cloud.google.com
2) Click API & Services
3) Click Credentials > Create Credentials
4) Select OAuth client ID
5) Select application type: Web application
6) Fill in Authorized JavaScript origins and Authorized redirect URIs
Function | Description |
---|---|
Authorized JavaScript origins |
Your Raysync user portal url. The address must use a top-level domain name |
Authorized redirect URIs |
Your Raysync user portal url + /api/user/oidc/callback https://{{RAYSYNC Top-level domain:8091}}/api/user/oidc/callback |
Click Create
7) Download json file or click to enter your Client to obtain your Client ID and Client secret
2.5.3.2 Fill in Google credentials information into Raysync
Log in to the Raysync admin portal , User--User integration--Third-party login auth--OpenID Connect
1) Open the help document
https://accounts.google.com/.well-known/openid-configuration
Get Issuer URL、Authorization Endpoint、Token Endpoint 、Userinfo Endpoint
2) Fill in the configuration information and save
4) Click Test Connection
If you jump to the Google login page, the configuration is successful.
After successful configuration, users can use their Google account to log in to Raysync user portal.
2.6 Default authentication permission configuration
After configuring the login authentication method, you can configure the default permission for the authenticated users. LDAP/AD domain & mailbox authentication: The configuration on this page only takes effect for new login accounts with these two authentication methods, and existing login accounts can modify the configuration through the account information list. System & External http authentication: accounts logged in through these two authentication methods will not generate account list in the account information, so if you need to change the account configuration, please edit this page.