Account expires lets you set an expiration for an account on a certain date.  You can also set the flag to delete the account from the user manager once its expired.  The extend expiration allows you to keep the account expiration rolling further into the future as long as the user remains active enough.  If they login once every 30 days, extend it for 30 more days from the current date.

Max simultaneous logins controls how many times this username can be logged in at once.

Max logins per unique IP lets you control how many logins from each IP are allowed.  The anonymous account may be limited to 3 connections from any given IP, but allow 50 people in total to be using the username.  This makes sure one person isn't using all 50 logins.

Ignore server's max connections will allow a special account (usually an admin account) to login even when the server is rejecting other user accounts because its 'full'.  This option does not override your license maximum.

[attachments|restrictions1.png]

Days of the week lets you control what days a user can login on.

Hours of the day lets you control what hours of the day are allowed.

IP restrictions lets you allow certain ranges of IPs, or block IPs.  Warning!  If you do not have the 'A0.0.0.0,255.255.255.255' entry in there, no one can login at all.  There must be at least one entry.  The list is searched from top to bottom trying to find a match, and when it does, it stops looking for any more.

The protocols the user can use determines if they are allowed to use insecure protocols for example, or maybe you want to block them using WebDAV.

Require encryption basically forces them to use FTPS on your FTP server.  You may allow some users to be insecure, while enforcing it on others.

[attachments|restrictions2.png]

The list of paths to trusted SSH key files controls the public / private key authentication that SFTP allows for.  This setting does not want you to enter in a 'trusted keys file', or a folder path, but rather the path to the actual key file itself.  So '/files/keys/' is not OK, while '/files/keys/ben.pub' would be OK.  Separate multiple items with new lines.  Most SSH key formats are supported.  There is also a more generic way to use this field.  If the key file has the exact name of the user logging in, you can instead reference the directory '/files/keys/'.  In this case there would need ot be a file named 'ben' in that directory.

[attachments|ssh_keys.png]

The Keystore location, password, and key pass are used in FTPS proxy connections, or when requiring a valid client certificate from a HTTPS or FTPS connection.  Client certificates are not used very frequently, so if you are unsure of what it is, dont' enable it or no one will be able to connect.

[attachments|ssl_certs.png]