Secure Links
Beyond sharing with others inside the organisation, users are also able to securely share files and folders outside the organisation using short URLs. The short URLs can either be open and require no authentication (called Public Links) or ‘Secure Links’ can be created which allows the user to restrict access to specific email addresses. i.e. The recipient of the shared items is required to authenticate before they can access the shared items.
With Secure Links, external users receive email notifications as items are shared with them, and an internal account is automatically created for them on the Foldr server itself. External users are prompted to create a password the first time they try to access a shared item from Foldr via a Secure Link. External users can optionally be given the permission to be able to upload to shared folders. External user password’s can be reset either by the administrator or by the user using a ‘forgot password’ link on the web app sign-in page. Where a user requests a password reset, a verification code is sent to the external user’s email address which must be supplied when they go through the reset process.
Folio
As of Foldr v8.6.1.12 (January 2024) an additional licenced feature is available called ‘Folio’. This feature allows external users to sign directly into the Foldr web app’s main sign in page, and access all shared items quickly via a convenient Shared with Me panel. Without the Folio licence, an external user is unable to sign in to the server’s root URI (https://address-of-foldr) and instead is required to use the shared link URI that is given in the email notification, for example https://address-of-foldr/public/ABC123).
Where the Folio licence is active, users may sign into the root URL or the direct shared link URI as required.
Server Configuration Step
1. Ensure the appliance can send email successfully.
Configure your email server settings within Foldr Settings > Integrations > Email. Example given below:
Configure the Notifications tab as required.
Click Save Changes
Click on the Server Details tab again and use the Send Test Message button and verify the test email was received successfully at the address configured as ‘Send appliance notifications to this address’ .under Integrations > Email > Notifications tab
Test Message:
2. Enable Email Notifications
within Foldr Settings > Notifications > Email Notifications and click Save
3. Allow the built-in Foldr External Users group to sign in.
Within Foldr Settings > Security > Permissions > Use Foldr (top option) click + Add User or Group
Search for the built in group Foldr External Users. Select from the picker and choose Allow. Click Update
Click Save Changes.
4. Enable the Secure Links permission
Within Foldr Settings > Files & Storage, edit the storage item in question and select the Access tab.
Edit an object in the permissions section and click the Sharing tab and enable the Create Secure Links permission for the users that require this permission (those who need to share files/folders).
NOTE: Secure links require the other sharing permissions below to also be granted. These are required as a pre-requisite for the Secure Links feature.
Share with other user = Allow
Create public links = Allow
In the example below, the built in group ‘Foldr Users‘ was granted the permission, and this refers to everyone that has access to this storage location.
Alternatively, you can grant sharing permissions to specific Active Directory users or groups if required.
Click Update
The permissions panel will be updated to reflect the sharing permissions changes selected. Click Save Changes.
If this permission to allow upload to secure linked is granged, an additional toggle will be available to the user sharing the folder to allow uploads to that specific folder.
5. When enabling this feature for SMB file shares, click the Access tab and select a service account that has at least READ permission to the share (on the backend file server). If you intend to allow external users to upload to shared folders, the service account also requires write permission. New service accounts can be created as required within Foldr Settings > Integrations > Service Accounts. For Active Directory envionments, use service account type = username/password and ensure the username is configured using the accounts UPN (user principle name).
6. Click Save Changes.
The configration steps are now complete, any users that have been granted the sharing permission should be able to share files/folders externally and securely wtih others by their email address.
Using Secure Links – Web App Example
To share a folder (or file) with an external user, use the context menu in the web app or click the inline sharing button to bring up the menu and select Public Link:
Enable the Create Public Link toggle. Additional tabs will become accessible when this switch is enabled.
Click the External Users tab
Enter one or more external email addresses for external users that you wish to share the folder (or individual file) with.
Optionally enable the toggle External users can upload? if you’d like to grant the ability to upload back to a shared folder. Note uploads are organised automatically within a dynamically generated Foldr Uploads directory in the root of a shared folder. Additional subfolders are created for each external user that uploads files.
Click UPDATE.
An email will be sent immediately to the recipient containing a button (Click here to view it) that will take them directly to the shared resource.
When the user clicks the button in the email they will be taken to the public link where they will need to create a password. Note the verification code will be automatically filled in.
Set the password as required and click NEXT. The password is saved on the server and this will be used to access any future items that are shared on the server. The web app will now automatically sign in and display the shared files/folders accessible using the public link.
NOTE – At this point a user account has been created on the Foldr server with type ‘External’. This is visible under Foldr Settings > Users & Groups.
(Note that all sub-folders inside the example folder ‘client proposal’ are navigable)
If the user has the ability to upload to the shared folder, the shared item will have a coloured banner at the top to show it is a submission folder. To upload the user can drag files into the browser or use the Upload button (top right)
Resetting Users Passwords
Should an external user forgot their password, they can reset it using the ‘Forgot Password‘ link after supplying their email address. Alternatively, the Foldr administrator can reset it within Foldr Settings >> Users & Groups.
First pass the captcha by entering the username (email address) and select the correct image. Click NEXT.
An email will be sent to the external user’s email address containing a verification code.
The verification code should be entered into the verification code field and a new password must be entered into the ‘new’ and ‘confirm’ fields.
Click NEXT – if the verification code is correct and the passwords match the user will see a success message. They can now sign into public links using their username (Email address) and their password to access shared items.
Note that external users such as this cannot sign directly into the main Foldr web app (https://address-of-foldr) – if they attempt to do so they will receive a permission denied message. External users can only sign into public links for items shared with them.