Skip to content

Account Setup

Account-wide configuration lives under Account Settings, reachable from the user menu (the avatar circle in the top-right of the page). Account Settings opens with a left sidebar that groups every administrative setting; the items below are organized by topic and reference their location in that sidebar.

Service Plan & Account Information

View details about your account:

  • Service Plan: Current plan, signup date, and available features
  • Account Information: Account name, administrator contact, and company details

Transfer & Expiration Policies

File Delivery Options

  • Set maximum and default expiration periods for file transfers
  • Configure how long transfers remain available after sending
  • Default is typically 7 days

File Expiration Policy

  • Define when files are permanently deleted from LeapFILE's servers
  • Set separate policies for outgoing and incoming transfers
  • Choose from: immediately after download, after X days, or never expire

File Expiration Settings

Incomplete Transfer Notifications

  • Enable alerts for transfers that haven't been fully downloaded
  • Set the number of days before notification is sent

Transfer Archiving

  • BCC all transfer notifications to a specified email address
  • Useful for compliance and record-keeping
  • Archived copies include all transfer details and notifications

Note

File Expiration Policy changes only apply to future transfers, not existing ones.

Security & Authentication

Receiver Authentication Options

Choose which authentication methods senders can use:

  • Email and access code: Recipient enters email and unique code (most secure)
  • Security question: Recipient answers a custom question
  • Email only: Recipient enters only their email address
  • No authentication: Files accessible via link alone (least secure)

Default Receiver Authentication

  • Set the default authentication method for all new transfers
  • Users can override this when sending individual transfers

Upload Security

  • Require registered guest accounts to send files to your users
  • Prevents spam and unauthorized uploads
  • Recommended for organizations with strict security policies

Email Verification Policy

New as of July 2025.

  • By default, external senders must verify their email address
  • Disable verification to allow unverified uploads
  • Recipients will see a warning if sender is unverified

Incoming Transfer Rules

Filter who is allowed to upload to your account by sender email. Configured under Account Settings → Transfer → Incoming Rules.

  • Blocking Rules — glob patterns that deny incoming uploads (e.g., *@spammer.com, user?@*, *@{gmail,yahoo}.com). Patterns must contain exactly one @.
  • Exception Rules — glob patterns that override block rules. Use these alongside a broad blocking rule to create a whitelist.
  • Rule Testing Tool — preview how any email would be evaluated.

Whitelist-only posture

To accept uploads only from known clients or partners: add Blocking Rule *@*, then add Exception Rules for each trusted domain (e.g., *@clientfirm.com).

Blocked senders see "Uploads from this sender are not allowed" and can request access, which emails the account administrator. Registered guest-account logins bypass these checks.

Standard Security Questions

Create a list of pre-defined security questions for senders to choose from:

  1. Scroll to Create standard security questions
  2. Enter your questions (e.g., "What is our project code?", "What city is our office located in?")
  3. Click Save

Users can then select from these questions when sending files.

Password Policies

Configured at Account Settings → Security → Password:

  • Password expiration — force users to reset their password after a set number of days
  • Disallow previous 4 passwords — prevent users from reusing any of their last 4 passwords
  • Allow users to reset their password — turn the self-service "Forgot your password?" flow on or off (see below)
  • Inactive account lockout — automatically disable accounts after a period of inactivity (hidden on single-user subscriptions)

Password Complexity

Every password set or changed in LeapFILE — whether through self-service reset, an administrator reset, or new user/guest setup — must meet a fixed minimum:

  • 8 to 128 characters
  • At least one uppercase letter, one lowercase letter, and one number
  • No spaces
  • Special characters are allowed and encouraged, but not required

These rules are enforced system-wide. They are not an admin-configurable policy, so they don't appear on the Account Settings → Security → Password page, and there is currently no option to raise the minimum length or require special characters.

Note

The password-reset screen mentions "at least 8 or 10 characters depending on your account configuration"; the minimum currently enforced is 8.

Self-Service Password Reset

The Allow users to reset their password toggle (Account Settings → Security → Password) controls whether users can reset their own password from the login page:

  • Enabled (default): the employee login page shows a Forgot your password? link. The user enters their email, receives a verification code by email, and enters that code to set a new password.
  • Disabled: the Forgot your password? link is removed from the login page. If a user reaches the reset flow another way, it returns "Password reset is not enabled. Please contact your administrator." and no email is sent. With self-service off, the only way to reset a user's password is for an administrator to do it from Account Settings → Users → Accounts (see Resetting Passwords).

Sign-In Verification (Two-Factor Authentication)

LeapFILE supports app-based two-factor authentication (TOTP — the rotating 6-digit codes from Google Authenticator, Authy, Microsoft Authenticator, 1Password, and similar apps). In the product this is labelled Sign-In Verification.

At Account Settings → Security → Sign-In (full administrators only):

  • Sign-in verification — check "Require sign-in verification for all users" to make two-factor authentication mandatory. Unenrolled users are forced through setup at their next login. Switching this on does not break logins for users who have already enrolled; switching it off does not turn it off for anyone who already enabled it.
  • Remember this browser — set how many days a browser stays trusted after a successful code entry before the user is challenged again. Set it to 0 to always prompt.

Sign-In Verification applies to interactive sign-ins (web, and SSO logins routed through LeapFILE) and the desktop client. It does not apply to the legacy signed REST API. See User Accounts → Two-Factor Authentication for per-user enrollment status, the Reset action, and what happens when a user is locked out by failed sign-ins.

Single Sign-On (SSO)

LeapFILE supports OpenID Connect SSO with Azure AD/Entra, Google, Okta, or any OpenID Connect provider, configured at Account Settings → Security → SSO. Users sign in with their existing company credentials and MFA is enforced by your identity provider. See the Single Sign-On (SSO) guide for setup.

Event Monitoring

At Account Settings → Security → Events, you can enable a pull-based REST API that streams your account's activity (transfers sent, files downloaded, and related events) so you can forward it into a SIEM or log pipeline — Microsoft Sentinel, Splunk, Cribl, or anything else that can poll a REST endpoint. Enabling it generates an API key (shown once, prefixed obs_); the page also shows a usage log of API calls. See the Event Monitoring guide for full details.

Inactive Account Policy

  • Automatically disable user accounts after a specified period of inactivity
  • Reduce security risk from dormant accounts
  • Configured under Account Settings → Security → Password (the Inactive account lockout setting); set the number of days of inactivity before accounts are automatically disabled

Content & Feature Management

Secure File Transfer Site URL

  • Change your company's LeapFILE URL
  • Format: https://yourcompanyname.leapfile.com or https://yourcompanyname.leapfile.net
  • Contact support if you need to update this
  • Create a standard HTML footer for all outgoing transfer notifications
  • Add disclaimers, contact information, or branding
  • Appears at the bottom of every transfer notification email

Feature Enablement

Enable or disable major features for all users:

  • Repositories: Toggle internal file storage feature on/off
  • Portals: Toggle external guest portal feature on/off

When disabled, users will not see the Repositories or Portals links in the top menu.

Tip

Use feature enablement to simplify the interface for users who don't need these advanced features.