The Cerberus SFTP server (WINCERBERUS - 10.100.21.2) can be used to securely transfer files and data to and from anyone outside of AMS.
The admin screen is accessible from https://wincerberus:8443 and currently can only be reached from the Winsford IT Support VLAN or via the IT IPSec VPN profile. RDP is disabled.
Internal User authorisation is done via Entra SSO. To grant an internal user, follow these steps:
- Add the User to Entra Group CerberusFTP_Access
- The user needs a folder creating under D:\SFTP Root that exactly matches their full Entra Username This can be created in advance, or it will automatically be created when the user logs in for the first time, (although initially they will have no permissions):
- Login in to the admin console https://wincerberus:8443 (details in Passbolt):
- Navigate to SSO Users under Authentication and ensure the newly added user in Entra appears in this section. The replication between Entra and the SFTP server is fixed at 40 minutes:
- The User now needs a Group creating. Navigate to User Manager and select the Groups Tab. Then choose New Group from the dropdown menu on the RHS. Give the Group a descriptive name that closely matches the Username:
- On Group Properties on the RHS, select Virtual Directories, right-click in the area beneath it and select New Virtual Directory. Browse to the user folder on the D: drive, assign it and create appropriate permissions, (in most cases this will be full access with public folder sharing):