Registration On the LiquidFiles Appliance Home Page.
Q: I See that it's possible for anyone to register on the Home Page of our LiquidFiles Appliance, isn't that really insecure?
A: It's as insecure as accepting emails from the public Internet on your email system — i.e. not at all.
How User Registration work
On a default system, when a user registers on the front page, if their email matches one of your Local Domains, the user will be placed in the Local Users group. If the email does not match any of your Local Domains, the user will be placed in the External Users group.
The External Users group can only send messages to your Local Users but not anywhere else, thereby mimicking how emails normally work on the Internet. Almost every email server will accept emails from any other (legitimate) email server.
LiquidFiles is built to be secure by default, and to be as self administrating as possible. That means in this case that you can further tweak this behaviour by Automatically Assign Users to different groups as needed. So when your own users register, you can set it so that any email that matches "@ourpartners.com" will be placed in a Partner Users group with different settings from your other groups.
But I really want to disable the Registration Button!
There's absolutely no problems disabling the Registration button on the LiquidFiles Appliance Home Page. There is a setting in Admin → Configuration → Settings that you can use to disable the Registration if you want.
User Invites by your Local Users
By default, Local Users can Invite Users to Register on your LiquidFiles system. Local Users can do that by using the Settings → Invite User menu option.
Users responding to a User Invite will follow the same rules for Automatically Assign Users as when users register themselves so by default any invited external user will be placed in the External Users Group.
If you wish to disable this option for your Local Users, please go to Admin → Groups, Edit the Local Users Group and in the Basic Settings Tab is a setting that permits users in this group to invite users or not.
Requiring External Users to have Accounts
On default, if you send Secure Messages to external users that doesn't have accounts on your LiquidFiles system, they will be sent a Secure Token or Temporary User Email that they can use to authenticate themselves.
External User authentication is very convenient as it doesn't really require any administration, but if you want to increase the security for external users, for instance by requiring that they use Strong TOTP or SMS 2 Factor Authentication, you will need to setup accounts for external users as well.
By Enabling the setting in Admin → Configuration → Settings, that External Recipients are Required to create accounts, they will be required to do so when any of your Local Users sends a Secure Message to an External Recipient:
Please see the Require Accounts Documentation for a complete description of the available options.
As you can see in this article, LiquidFiles offer several options for using accounts for External Users. We believe that the default options offers the best balance between security and convenience, and feel free to adjust your configuration to match your needs.