In this tutorial, you will learn how to use Domains in GoAnywhere MFT.
Domains make it possible to virtually segment a GoAnywhere installation into multiple security zones. Admin Users can be authorized to specific Domains, in which those users can only work with the items belonging to those Domains. Examples of items that can be assigned to Domains are Resources, Projects, Schedules, Monitors, Triggers, Admin Users and Web Users. Each Domain can be configured with file access restrictions to prevent users from accessing restricted network locations.
All installations of GoAnywhere MFT include a Default Domain where all items belong to. Follow these steps to configure your GoAnywhere MFT installation for multiple Domains:
To create a new Domain, you must first log in to GoAnywhere as an Admin User with the Security Officer role. From the main menu bar, select Users, and then click the Domains link. In the Domains page, click the Add Domain link in the page toolbar to create a Domain.
Specify the Domain information in the appropriate boxes:
Specify the File Access Restrictions for the Domain:
Note: When a new Domain is added, GoAnywhere will provide the path to the keys location to assist administrators in key management. This path is an optional suggestion to help administrators manage a single key location across multiple Domains.
Click the Save button to add or save the Domain properties.
By default, Admin Users accounts are not assigned to a Domain. However, Admin Users that are members of an Admin Group inherit the Domains that are assigned to that Admin Group. For example, if an Admin User can access a Domain that is not listed in their Admin User Profile, check to see if the Admin User is in any Admin Groups, such as the All Admin Users Group, and then view the Domains that Admin Group has access to.
After a second Domain is created, the current Domain will appear in the upper-right corner of the product administrator screens (called the Domain selection tool). You can click on this Domain in order to select another Domain to switch to.
When a specific Domain is selected, only the items belonging to that Domain will appear in their respective management pages. The 'All' Domain option will display all the items across all Domains which the Admin User has permission to.
When two or more Domains exist, and the Domain selection tool has the 'All' Domain selected, Admin Users will be prompted to select the target Domain when adding new Resources, Projects, Schedules, Triggers, Monitors, Web Users and Web User Groups.
Once an item is created in a Domain, such as a Web User, Resource, or Project, it can be moved to another Domain using the Switch Domain feature located in the item's Action menu. The Admin User that is switching the item must be authorized to the item's new Domain.
Web User Templates provide a method to configure the default account settings when new Web Users are created. By defining templates that share common settings (authentication, permissions, account expirations, etc.), this can dramatically reduce the time needed to create new Web User accounts.
The Domain for a Web User Template is chosen when the Web User Template is created. Web Users that are created using a Web User Template will be a member of the Domain specified on the template.
In the example image below, an administrator has started the process of creating a new Web User. The administrator has selected the "Internal Users" template which belongs to the Sales Domain, so the Web User will also become a member of the Sales Domain.
When GoAnywhere is configured to use multiple Domains, each Domain name will appear at the root level of the Project Explorer. For example, in the image below GoAnywhere is configured with multiple Domains named Default, Accounting, IT, HR, and Sales.
The folder will appear gray to Admin Users who do not have permissions to access the Projects within that Domain: