Delegating administration in MOVEit TransferTechnical top tips for MOVEit MFT
MOVEit transfer allows you to delegate permissions to perform certain activities to some users in order to free up the MOVEit administrators. You do this by creating group administrators in the MOVEit system. A Group administrator has a certain degree of access to perform such activities as password resets, creating or removing accounts, setting permissions, etc.
Most commonly, the functionality is handed to support staff. All users are added to one group to which the support staff have been granted group administrator access. In other circumstances, a departmental ‘superuser’ may be defined with access just to their own departmental group. The extent of their abilities is set within the group definition.
Selection of the options has to be carefully handled; for example, you would normally only select the option “List all users in the organisation and add existing users as group members” when dealing with a help desk scenario – the group administrator could potentially add all users in the organisation and then either delete them or reset their passwords, regardless of whether or not they should. You can search for and find all group administrators from the user screen.
If you are using the AdHoc module, you can easily reduce administrator workload by allowing your users to automatically create temporary users when sending files to them. You can set defaults which will be used for expiry dates (for example) and opt to have old accounts purged after they have expired.
To further simplify the process of managing these temporary users, you may allow them to self-register on the MOVEit Transfer site. This can be set as a safe process by requiring the user to know the email address of the internal user to whom they want to send a file; they must also provide their own email address in order to receive a password setting link.