Starting with Cerberus FTP server version 13.2 admins can activate One Time Password Public Sharing. If this feature has been activated, a user or client has the option to create One Time Password (OTP) protected public shares. This feature allows greater control over who can access shared content by confirming a guest’s identity via an email message.
Creating a new OTP Public Share
Once the Cerberus FTP administrator has enabled OTP public sharing, users will be able to access this new feature while using Public file sharing, also known as ad-hoc file transfer or person-to-person file transfer.
To create a one time password public share:
- Navigate to the folder or file you want to share.
- Share the selected object if the user has permission to share it. The share buttons will only work if the user has permission to create shares. If not they will be removed and disabled.
- Select the gray expand icon to the far right of the object name, this will open up an options section. Press the Share button to bring up the file sharing wizard.
- Right-click on the object you want to share, and in the menu select the Share button to bring up the file sharing wizard.
- Select the gray expand icon to the far right of the object name, this will open up an options section. Press the Share button to bring up the file sharing wizard.
- For the share basics, select a date or set the share to never expire for a simple share. We also recommend setting a Password for all shares; the system can generate one for you by clicking the generate icon.
- Continue to the next tab options and only set the default “Allow public downloads”.
- New Feature: The Security Tab is the new feature for OTP. Here we select Use One Time Password via Email to initialize an OTP list.
-
New Feature: Using the green plus button, add email addresses for guests you’d like to have access to your public share.
- We’d like to email each of these users the public share link. On the Email tab, select Send Share link via email to send an email with the share link to every guest as a blind carbon copy (BCC).
- Click the Green Create Share button, and the share will be created!
Creating a public share: Security Tab
File Share Wizard
In the screenshot above, the file share wizard has been launched, and the OTP settings are available on the Security tab via a checkbox “Use One Time Password via email”. This checkbox controls if the created public share will have an OTP enabled. When the checkbox is checked (or required and checked), authorized one time pass emails or guests can be added to the share. If the user does not have access to modify this setting, the checkbox will be disabled.
The Type column in the OTP list indicates that guests are all email addresses, and shows the addresses of the guests who are allowed to access the public share.
Add Guest & Import CSV File
There are two simple ways to interact with this table. You can either use the buttons located at the top of the table or the right-click context menu.
To add guests to a share, there are two main methods. You can use the plus (+) button or import a comma-separated value (CSV) file containing email addresses by clicking the up Arrow (↑) button that's encircled.
To import a CSV file of email addresses, the file should have a header that specifies “email” and each email address should be listed under that column. For example, email addresses may appear as {myemail@mail.address. The OTP Guest Template attached to this article provides an example. If there are duplicate email addresses in the file, only one entry will be added to the OTP guest list for each unique email address.
Please note that there is a maximum limit to the number of guests that can be added to a share’s authorized user list. This limit is set by the Cerberus Administrator and cannot be changed by the user. You can check the maximum number of guests allowed for a share by looking for the “Maximum Allowed Guests” label.
Warning: Do not use a distribution list email address; otherwise, the OTP will be mailed to the entire list whenever someone requests access to the share.
Edit Guest
Editing a guest address via the “Edit Guest” option will allow changing an email in case of a typo in the CSV import or a mistake in a previously added guest.
Delete Guest
The Trash button will remove an email address from the table, useful for sorting through an imported CSV file to remove unwanted guests. To assist with this, the select all/select none buttons will select all visible guests on the current page of the data table. This is useful if the guests are sorted to a subset of the imported addresses to remove the filtered guests all at once.
Email tab and configuring email options
The next change to workflow while creating a new OTP is a modification of what “Send Share link via email” does. When an OTP is set for the share, every guest will be seamlessly added to the BCC field of the sent out share link email. There is no need to transfer the emails to this panel. As usual, if the link is intended to be sent out via another method (such as a newsletter, blog, or other communication), there is no requirement to enable the email options.
Managing your OTP secured public share
Users manage their public shares on their share page. Here, each public share with OTP functionality has two new changes to the original share detail. On the left, there is a new orange QR code icon identifying that this share has an OTP guest list.
On the right, there is an envelope that opens up the OTP edit dialog to modify the allowed guest list.
Just as above, there is the same ability to add guest emails to the public share as when we are creating the share: by adding a guest individually (green plus sign) and by uploading a CSV file (circled up arrow). For each address we add to the list, we will see a pending action occur that won’t be submitted until we save the changes we’re making to the public share.
Similar actions also correspond with editing a guest's address & deleting guests. As with adding a guest, the pending actions are visible as changes in the action column that won’t take effect until saved.
One feature to note is the ability to sort through the guests via the filter field. In the image above, ‘test’ is being sorted on, showing the 5 guests with test in their addresses out of the 38 total entries.
Preventing OTP Abuse and Managing Locked-Out Guests
Guests may attempt to guess an OTP through brute force, but the system has safeguards in place to prevent this. Administrators can define the maximum number of incorrect attempts allowed before a guest is locked out, as well as the maximum number of times a new OTP can be generated. When a guest is locked out, they will see a locked screen and will be unable to access their share. You can identify locked guests by the red lock icon in the Locked column. To restore access, simply use the "Reset Lock" action to remove the lock state.
Guest locked out page
Client edit share page, resetting the locked out guest
Guest OTP Communication Timeline
The above diagram illustrates how OTP secured public shares function. When a guest clicks on the shared public share URL, they are prompted to input their email address. This email address serves as a guest identifier and is checked against a list that is specific to the public share. If the guest is not on the list, then CerberusFTP takes no further action. However, if the guest is on the list, an OTP is generated based on the admin settings and sent to their email address. The guest must then return to the shared URL and enter the OTP to access the files.
Comments
0 comments
Please sign in to leave a comment.