Does the solution support Single Sign-On integration?
Yes, Maytech support Single Sign-On and ADFS integrations. Maytech's customers can sign in to their accounts using their existing corporate Active Directory credentials or any other identity provider (i.e. Duo, Okta, OneLogin, etc.).
Does the solution distinguish user roles and admin roles within the application?
FTP-Stream: All users except admin are jailed to their home folders and cannot see files or folders outside. To exchange confidential files with customers give each login a distinct home folder. Account owners can add new secondary admins who can help to manage FTP-Stream account and Billing admin, who helps with payments and invoices.
In Quatrix there is several types of users.
Pro users they can browse folders and share to any of your users or to their contacts who don't need a licence to download (normally your employees).
Associate users can only use your service to share files back to your Pro Users - great for external partners who need to regularly feed data into your organisation.
Owner is the top administrator of the account that has access to all Quatrix features and can purchase more users for the account.
Admin has the same rights as the account owner with the exception of tracking and paying invoices for the account.
How are user passwords stored in the system?
Passwords are individually salted and stored in a database, encrypted one way.
Does your organization have a documented password policy? If YES, describe the controls (e.g. minimum length, complexity, expiration period).
Yes. ISMS OP 30 - Password Management Policy:
The following are general recommendations for creating a Strong Password.
A Strong Password should:
A Strong Password should not:
With the optional Extended Authentication module, customers can set a password policy, including: Users can / cannot change their passwords, must change their passwords on the first login, must periodically change their passwords, must use strong passwords.
Can we request a custom password policy to be applied to Customer users?
Yes, the administrator of FTP-Stream account can set a password policy for his/her account to specify complexity requirements and rotation periods for his users' passwords. It provides a possibility to allow users change their passwords, to set a number of failed login attempts, to set the minimum password length, to force password change on the first login or after a specified period and to specify password construction requirements.
The following options are available for configuring the password policy:
Quatrix supports strong passwords.
What is the password reset process?
There are several ways of changing the password in FTP-Stream and Quatrix:
The user or admin can change their password on the Login page. Follow these steps:
Does the solution support multi-factor authentication?
Yes, all Maytech's file sharing products offer Two Factor Authentication (2FA) as an additional module.
Administrators can elect to have their 2FA codes sent in one of two ways:
1). Download and install the Google Authenticator, Duo Mobile, Authy, or Windows Phone Authenticator app for your phone or tablet.
An installed app implements TOTP security tokens from RFC 6238 in a mobile app. It provides a 6 digit one-time password which users must enter alongside their username and password every time they log into their account.
During account login an SMS is sent to the user's designated phone number with a one-time use code which is 6 digits long. This code must be entered as well as the username and password during login.