Several Link Security tab settings and organization policies interact to determine who can use each link. Those settings and policies are explained here.

The “Who can access” list controls who will be able to access the shared link. There are three kinds of intended link users:

• Named guest recipients - identified on the list by their email addresses. A pull-down list and filter feature makes it easy to select email addresses from the link creator's Access Anywhere contacts.
• Any logged in user - identified on the list by a selectable option. This option covers all of Access Anywhere accounts belonging to the link creator’s organization including external users as well as org. admin and org. members.
• Named Access Anywhere users - identified by their email addresses which are associated with Access Anywhere accounts belonging to the link creator’s organization. Can include external users as well as org. admin and org. members. A pull-down list and filter feature makes it easy to select named Access Anywhere users.

“Any logged in user” can only be used by itself. Named guest recipients and named Access Anywhere users can be combined on the list.

If the list is left empty then there are no explicit identity based restrictions on who can use the link. Note, however, that logging in is required to use a link in some cases where the link was created with an empty “Who can access” list.

The rules for when passwords and verification codes can, cannot or must be used are determined by the contents of the “Who can access list” and the settings for the “Enforce Passwords” and “Enforce recipient authentication” policies. They are summarized in this table:

A password is a string of characters that is associated with a link. There is only one password per link, and all link users share that password.

Verification codes are six digit pseudo random time-based access codes that are delivered to prospective link users at their email addresses. Verification codes are only used when at least one named guest has been included on the “Who can access” list. Verification codes are required when there are both at least one guest and at least one named user on the “Who can access” list.

Verification codes are sent when the link holder tries to use the link. Verification codes for a link will only be sent to an email address that was provided in the link’s “Who can access” list. If Access Anywhere is able to identify the prospective link user from the link or by information that is attached to the link then Access Anywhere will send the verification code automatically. If the “Who can access” list allows the link to be used by more than one recipient and the prospective Access Anywhere is unable to identify the prospective link user by information that is attached to the link then Access Anywhere will request the prospective link user’s email address. In that case Access Anywhere will compare the email address supplied by the prospective user to the list of email addresses associated with the link, and it will only send a verification code if the prospective user’s email address is on the list.

Verification codes and passwords are mutually exclusive; you cannot create a link with both a verification code and a password.

If you include any guests on the “Who can access” list and set a password then anyone who has the password can use the link.

When a link has been created for one or more named users only (in which case no password can be set), the org. admin and members with the Admin role will be able to use the link whether or not they are among the named users.

When a link has been created for one or more named users and for one or more guests (in which case a verification code is required), the org. admin and users with the Admin role will not be able to use the link unless they are among the named users.

When links are created with this Policy is set to True:

• Link users must present a password or a verification code or be logged in to Access Anywhere as a user in the org. of the link creator.
• Each link must have a password unless a user and/or a guest is named in which case links can be created without passwords.
• If a link is created without a password and a guest is a recipient then the link must have an authentication code.

This policy requires that each link user provides evidence of being one of the intended users from the “Who can access” list. An org. users evidences this by being logged in when she uses the link or, if the link provides validation codes, by presenting a validation code that was emailed to her Access Anywhere email address. Guests evidence this by presenting a validation code that was emailed to an address on the “Who can access” list.

If “Enforce recipient authentication” is on when a link is created and the “Who can access” list is empty and the link does not have a password then:

• Only org. users can use the link. (Anyone who is logged in to a different org. will not be allowed to use the link.)
• Org. users who are logged in can use the link.
• Anyone who is not logged in and tries to use the link will be prompted to log in. Upon successful login to the org. they will gain access to the file or folder associated with the link.

If “Enforce recipient authentication” is on when a link is created and the “Who can access” list is empty and the link has a password then:

• Only org. users can use the link. (Anyone who is logged in to a different org. will not be allowed to use the link.)
• Org. users who are logged in can use the link if they present the password.
• Anyone who is not logged in and tries to use the link will be prompted to log in. Upon successful login to the org. if they present the password they will gain access to the file or folder associated with the link.

If both “Enforce recipient authentication” and “Enforce Passwords” are on when a link is created and the “Who can access” list is empty and the link has a password (required) then:

• Only org. users can use the link. (Anyone who is logged in to a different org. will not be allowed to use the link.)
• Org. users who are logged in can use the link if they present the password.
• Anyone who is not logged in and tries to use the link will be prompted to log in. Upon successful login to the org. if they present the password they will gain access to the file or folder associated with the link.