Account expires lets you set an expiration for an account on a certain date.  You can also set the flag to delete the account from the user manager once its expired.  The extend expiration allows you to keep the account expiration rolling further into the future as long as the user remains active enough.  If they login once every 30 days, extend it for 30 more days from the current date.

Max simultaneous logins controls how many times this username can be logged in at once.

Max logins per unique IP lets you control how many logins from each IP are allowed.  The anonymous account may be limited to 3 connections from any given IP, but allow 50 people in total to be using the username.  This makes sure one person isn't using all 50 logins.

Ignore server's max connections will allow a special account (usually an admin account) to login even when the server is rejecting other user accounts because its 'full'.  This option does not override your license maximum.


Days of the week lets you control what days a user can login on.

Hours of the day lets you control what hours of the day are allowed.

IP restrictions lets you allow certain ranges of IPs, or block IPs.  Warning!  If you do not have the 'A0.0.0.0,' entry in there, no one can login at all.  There must be at least one entry.  The list is searched from top to bottom trying to find a match, and when it does, it stops looking for any more.

The protocols the user can use determines if they are allowed to use insecure protocols for example, or maybe you want to block them using WebDAV.

Require encryption basically forces them to use FTPS on your FTP server.  You may allow some users to be insecure, while enforcing it on others.


[SSH public key authentication|UserManagerRestrictionsSSH] can be configured here too.

The Keystore location, password, and key pass are used in FTPS proxy connections, or when requiring a valid client certificate from a HTTPS or FTPS connection.  Client certificates are not used very frequently, so if you are unsure of what it is, dont' enable it or no one will be able to connect.