Account Access Tips (when access is blocked)
- Last Updated: September 25, 2025
- 3 minute read
- MOVEit Transfer
- Version 2024.1
- Version 2024
- Documentation
Invalid username/password or not allowed to sign on Message
If your sign-on attempt fails, the following generic message might display:
Invalid username/password or not allowed to sign on from this
location
This is not always a password or username issue. It can be as simple as using a new laptop or mobile device that lacks the client certificate that identifies you to the particular MOVEit Transfer site.
Workaround:If you have a Common Access Card (CAC) or smart ID, try using it to sign on. If you are trying to sign on from an unexpected device, try using the device you typically use to sign on to MOVEit Transfer.
Tip: Contact the User that Granted You Access
In most file/package or folder sharing scenarios, a registered user shares a single file or a shared folder (or message and attachment also known as a "package") with a temporary user or guest user. The files associated with this sharing event are managed by MOVEit Transfer.
If your current user holds guest or temporary user level of permissions, and your account expired, or you reached your file download limit, you can contact the sender (user that provided your initial access) to request new access or extend your access time. The sending user or administrator of the MOVEit Transfer organization that manages the file, package (attachment), or folder typically grant initial access by an email message called a New File or New Package notification message.
Why is There a Common Access Denied Message?
To prevent giving up clues about our users, a generic message displays when a sign-on attempt fails. This generic message is intentional and prevents a type of exploit by unauthorized users sometimes referred to as "username harvesting."
Who Can Restore My Access?
Typical Controls Used to Secure Your Site (but can block your access)
This section helps you understand and align within typical security and user management policies that help secure your site. If you ignore policy controls, it can affect access to MOVEit Transfer (and most secure and managed systems). See the table within section titled Common Reasons Access is Denied (and workaround tips) for self-help tips for signing on and next steps.
- Restrict site or organization access if a threshold was
exceeded
This policy behavior occurs when a user attempts to exceed a file or package download limit or exceed a length of time ("time window") that the user account was configured to remain active. Time and download limits are typically applied to users that need infrequent or one-time access (such as temporary and guest users).
- Require a client certificate
You might need to use your smart card or other client certificate-enabled device to verify your identity to MOVEit Transfer.
- Block access when signing in from an unexpected IP address range
In some cases, you need to be on your corporate network or use your corporate or institution's VPN.
Common Reasons Access is Denied (and workaround tips)
In general, if a user shares a file/folder/package with you that you cannot access, you can use the guidelines listed in this table to ensure that you are accessing the shared item within the expected constraints expected by the system.
| # | Reason for blocked access | Workaround/tip |
|---|---|---|
| 1 | Temporary access expired. (User access is often time-restricted or can be conditional, based on a download limit.) | Ask the sender (individual that sent you the access) to extend your access (you typically receive an access granted, package email, or shared folder or shared file email) that enables your account to be available for a certain number of downloads or a specific time period. |
| 2 | Account suspended (for too many bad sign-on attempts, password aging, or manual administrator action) | Notify the individual that sent you the "access granted" notification (you typically receive an access granted, package access, or file shared email) and ask them to unlock your account (or have them notify the local org admin to unlock it). |
| 3 | Client certificate not provided when one is required, or a bad client certificate has been provided | If you have a smart card issued by your institution or business, use it from your local client machine or client device. If you are using a new desktop, laptop, or mobile device that your company has not registered with a certificate, ask you local IT department to help you install it. |
| 4 | Account not allowed to sign on from a specific IP address. | Try signing on from your company's Virtual Private Network (VPN). Some sites require you to access MOVEit Transfer from a known range of expected IP addresses. |
| 5 | IP address your client application is connecting from is blocked by MOVEit Transfer (for too many bad sign-on attempts, often with different usernames). | If you sign in from your corporate or institution's VPN, you might be able to workaround this issue. Otherwise, if you are connecting from a secure and safe network, and you are still blocked, contact the MOVEit Transfer user or administrator that first granted you access (typically, access is granted by email). |
| 6 | Username incorrect |
Check the access notification mail you received from the MOVEit Transfer site administrator you are trying to access. For guest (package users) or temporary users, your username might be your email address. |
| 7 | Password incorrect | If you were prompted to answer security questions the first time you signed on to your account, and there is a Forgot Password link on the sign-on page, you can be prompted to answer these security questions to reset your password. Otherwise, you can contact your local MOVEit Transfer administrator, or if that does not work, try to contact the user or administrator who provided you initial access to the site you are trying to access. |