{"id":122,"date":"2021-02-22T15:19:56","date_gmt":"2021-02-22T14:19:56","guid":{"rendered":"https:\/\/www.meb.ki.se\/sites\/meb-it\/?p=122"},"modified":"2021-12-07T10:20:02","modified_gmt":"2021-12-07T09:20:02","slug":"kis-mft-service","status":"publish","type":"post","link":"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/","title":{"rendered":"KIs MFT service"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69e33c4ad26f1\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69e33c4ad26f1\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/#Intro\" >Intro<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/#FAQ_Is_it_secret_Is_it_safe\" >FAQ: Is it secret? Is it safe?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/#FAQ_When_should_MFT_be_used_And_not\" >FAQ: When should MFT be used? And not?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/#Logging_in_as_a_KI_user\" >Logging in as a KI user<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/#Logging_in_as_a_non-KI_user\" >Logging in as a non-KI user<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/#Sharing_a_document\" >Sharing a document<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/#Accepting_a_share\" >Accepting a share<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/kis-mft-service\/#Things_to_look_out_for\" >Things to look out for<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Intro\"><\/span>Intro<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>These are some notes on KI&#8217;s <em>Managed File Transfer<\/em> service, in addition to the <a href=\"https:\/\/staff.ki.se\/share-and-receive-data-with-mft-managed-file-transfer\" target=\"_blank\" rel=\"noreferrer noopener\">official documentation<\/a>. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQ_Is_it_secret_Is_it_safe\"><\/span>FAQ: Is it secret? Is it safe?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Yes.<\/p>\n\n\n\n<p>Or more specifically: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>the system requires <strong>2-factor authentication<\/strong> of all users, so we can be certain that the people we are sharing with are who we think they are.<\/li><li>the <strong>transfer<\/strong> of data to and from the MFT server is as safe as you doing business with your bank, or reading your medical journal at <a href=\"https:\/\/1177.se\" target=\"_blank\" rel=\"noreferrer noopener\">1177.se<\/a> \u2014 it is done with up-to-date methods to encrypt internet traffic. <\/li><li>the data is stored <strong>physically at KI<\/strong> (the server and disks are located in KI:s server halls), so the data cannot be accessed by government agencies in countries that are not following GDPR guidelines.<\/li><\/ul>\n\n\n\n<p>Of course, all this assumes you take reasonable precautions, too \u2014 if you share a document with someone that is not following GDPR, or the DTA that you have had them sign, then no amount of technology will help \u2026 <\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQ_When_should_MFT_be_used_And_not\"><\/span>FAQ: When should MFT be used? And not?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>MFT is for transferring files, only. Files and folders are available to the recipient for 30 days, and then deleted. So \u2014 when you are <em>sending<\/em> files to someone, and needs to do so securely; or when you need to let someone <em>send you<\/em> files.<\/p>\n\n\n\n<p>If you need to share a file or folder for <em>a longer time<\/em>, or <em>work together<\/em> on something, use OneDrive. And if you make sure that the external users are using multi-factor authentication, it is safe enough for GDPR compliance, too. You will also need to make sure that you remove any sensitive data when it does not need to be shared anymore.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Logging_in_as_a_KI_user\"><\/span>Logging in as a KI user<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Before you log in for the first time, you must set up the Authenticator for your KI account, per <a href=\"https:\/\/staff.ki.se\/configure-multi-factor-authentication-by-app\" target=\"_blank\" rel=\"noreferrer noopener\">the instructions on KI:s web<\/a>.<\/p>\n\n\n\n<p>You access the service by navigating to <a rel=\"noreferrer noopener\" href=\"https:\/\/mft.ki.se\" data-type=\"URL\" data-id=\"https:\/\/mft.ki.se\" target=\"_blank\">https:\/\/mft.ki.se<\/a> and logging in with your <em>KI email adress<\/em> and the password for your KI account. You will then need to sign off in MS Authenticator &#8212; and you will <strong>not<\/strong> be prompted for this by the login dialog.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Logging_in_as_a_non-KI_user\"><\/span>Logging in as a non-KI user<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>How you (as a KI user) invite someone outside KI, and the registration process for the non-KI user, is <a href=\"https:\/\/staff.ki.se\/invite-external-users-to-mft\" target=\"_blank\" rel=\"noreferrer noopener\">described here on KI:s web<\/a>. <\/p>\n\n\n\n<p>Best is to set up the authenticator app before starting, i.e. before clicking the <em>Register here<\/em> link\/button in the invitation email. Note that you don&#8217;t have to use the Microsoft Authenticator &#8212; other similar (TOTP) authenticators should work, e.g. the Google Authenticator.<\/p>\n\n\n\n<p>Subsequent logins works the same way as for a KI user: enter the email adress and the chosen password, and if\/when prompted, enter a one-time pass-code from the authenticator.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Sharing_a_document\"><\/span>Sharing a document<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>First you need to have something to share, so upload a document, or a folder. You can also create folders, to make structure, and later add files to them.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Click the little green cogwheel next to the file or folder. <strong>DO NOT<\/strong> use the top menu Share button (more <a href=\"#Things_to_look_out_for\">below<\/a>).<\/li><li>Fill in who to share it with. Either emails, or you can choose from the contact list, by clicking the three dots to the right.<\/li><li>Give the share invitation a Subject line.<\/li><li>Optionally, you can send a message with the invitation, and you may also share the file with an alias, if you wish.<\/li><li>Check the permissions. NOTE that the default permissions allow the other person to change the shared file\/folder. This may not be what you intend.<\/li><\/ol>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"164\" height=\"147\" src=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-content\/uploads\/sites\/12\/2021\/02\/mft_file_share_perms_default-e1613730257743.png\" alt=\"KI MFT default file share permissions\" class=\"wp-image-133\" \/><figcaption>Default <strong>file<\/strong> share permissions<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-content\/uploads\/sites\/12\/2021\/02\/mft_folder_share_perms_default.png\" alt=\"\" class=\"wp-image-138\" \/><figcaption>Default <strong>folder<\/strong> share permissions<\/figcaption><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>Uncheck<\/strong> <em>Overwrite<\/em> and <em>Append<\/em> to let the recipient access the file, but stop them from altering it.<\/p>\n\n\n\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><strong>Uncheck<\/strong> all but <em>List<\/em> and <em>Download<\/em> under the <strong>General<\/strong> headline, and all but <em>Allow Access<\/em> under <strong>Subfolders<\/strong>, to set the minimal permissions useful to the recipient.<\/p>\n<\/div>\n<\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\"><li>Click the Share button at the top of the sharing dialog.<\/li><\/ol>\n\n\n\n<p>At this point, the user you have invited to share the file\/folder will get an email telling them about the share.<\/p>\n\n\n\n<p>If you go back to the green cogwheel, and select <em>Manage Access<\/em>, you&#8217;ll see the status of the user listed as <em>Pending<\/em>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Accepting_a_share\"><\/span>Accepting a share<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Before you can access the shared file or folder, you need to <strong>accept<\/strong> the invitation to share.<\/p>\n\n\n\n<p> To do that:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Log in to the MFT server, as described above (if this is the first time, you&#8217;ll end up in the registration page).<\/li><li>Find the file\/folder in the list of <em>Shared<\/em> files<\/li><li>Click the green cogwheel &#8230;<\/li><li> &#8230; and select Accept.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"211\" height=\"146\" src=\"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-content\/uploads\/sites\/12\/2021\/02\/accepting_an_invitation.png\" alt=\"\" class=\"wp-image-144\" \/><figcaption>The &#8220;cogwheel dropdown&#8221; on a shared file or folder, for a newly shared file<\/figcaption><\/figure>\n\n\n\n<p>This will make the file\/folder accessible under the &#8220;<em>File<\/em>&#8221; view, so to download it, you must open it there.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Things_to_look_out_for\"><\/span>Things to look out for<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>The top menu Share button will share <strong>the entire folder<\/strong>, regardless of eventual check-marks in folder view. This may cause you to share more than you intended. <\/li><li>The Applet button does not work (and will never work).<\/li><li>The &#8220;<em>Files<\/em>&#8221; view to the left only shows folders and &#8230;<\/li><li>&#8230; the &#8220;<em>Shared Files<\/em>&#8221; view is a flat list of all the shared files <strong>and<\/strong> folders, both the ones <strong>you<\/strong> manage, and the ones that someone else has invited you to share. It is here you can accept or decline an invitation to share a file\/folder, and you can also manage permissions, but &#8230;<\/li><li>&#8230; it&#8217;s unclear if managing permissions for already shared files\/folders does work, and<\/li><li>&#8230; you can not download files from the &#8220;<em>Shared Files<\/em>&#8221; view \u2014 for that you have to find the file\/folder in the &#8220;<em>Files<\/em>&#8221; view.<\/li><li>In the &#8220;<em>Shared Files<\/em>&#8221; view, the shares will still be listed after the file itself has been deleted from the server \u2014 only when you (with files you have shared) remove all users from the access list will the listing of the file\/folder go away. Likewise if you are on the receiving end, only when you remove your own access will it go away. The green cogwheel is where you do this.<\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intro These are some notes on KI&#8217;s Managed File Transfer service, in addition to the official documentation. FAQ: Is it secret? Is it safe? Yes. Or more specifically: the system requires 2-factor authentication of all users, so we can be certain that the people we are sharing with are who we think they are. the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[17,15,16],"class_list":["post-122","post","type-post","status-publish","format-standard","hentry","category-faq","tag-howto","tag-mft","tag-tutorial"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/posts\/122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/comments?post=122"}],"version-history":[{"count":33,"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/posts\/122\/revisions"}],"predecessor-version":[{"id":200,"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/posts\/122\/revisions\/200"}],"wp:attachment":[{"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/media?parent=122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/categories?post=122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.meb.ki.se\/sites\/meb-it\/wp-json\/wp\/v2\/tags?post=122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}