User Management Page
The User Management Page is restricted to users with MANAGER account role privileges.
User List
When first viewing the User Management Page, you will see a list of Users associated with the account, as well as their status as shown in the above example.
Users are listed with their full name and email, as well as whether they are currently Enabled and Approved (see below)
User Enabled Flag
Users can be Enabled or Disabled at any time by a Manager.
Typically all new users are marked as Enabled within the account, so need to be explicitly Disabled by a Manager in order to prevent them from logging in to the account in future.
Note that disabling a user prevents them from logging into the account in future. If they are currently logged in, they may continue to access the system until they log out, or until their login session expires, whichever occurs first.
User Approved Flag
When the "User Approval Required" setting is enabled for an account (as seen on the Account Details Page ), new users need to be "Approved" by a Manager before they are able to access any non-public content in the account.
In the list shown above, you may notice the red button is shown, indicating that there is "1 User Approval Pending". This indicator only appears whenever there are pending users. Clicking the button will display a filtered list of users limited to those requiring approval, making the review and approval process easier.
Managers have the option of approving these new users at any time, however reviewing this list frequently is recommended, since these users are unable to access certain content before they are approved.
To approve a user, the Manager simply clicks on the user name or email address to open the Edit User page, as shown in this example:
The User Enabled and User Approved flags can be changed using the sliders shown to the left. After making changes to the user's settings on this page, click the Save button.
Note that when you are editing yourself, certain functions are not enabled. For example, you cannot delete you own user entry (for obvious reasons)
Assigning Account Roles
Account Roles are assigned to users granting permission at the Account level (above that of application-level roles described below)
There are 2 types of Roles than may be assigned at the account-level:
- ACCOUNT Role - this grants various permissions to allow modification of critical account settings, such as payment information, and subscriptions, etc. so users assigned this role should have appropriate levels of trust and permissions to make such account modifications.
- MANAGER Role - this grants permission to allow modification of users (as described in this article). Again, only trusted staff should be granted this role
Both of these roles should only be given to trusted members of staff with responsibility for the options they control. Unless someone explicitly requires these roles, you do not need to (and should not) grant them to all staff users.
These roles can be assigned using the checkboxes shown on the left-hand side of the Edit User page shown in the example above (in the Account Roles section). You can also see the current roles assigned to the user listed above.
As with any permission assignments, you should exercise caution when assigning any Role to any users, so as to prevent unwanted access to areas of your account that you do not wish to be exposed.
Assigning Application Level Roles
Application Roles are assigned to users granting permission at the Application level only - there is no implied Account-Level access granted when these roles are assigned. They only determine access within an application or service they are explicitly assigned to.
There are currently 2 defined application-level roles:
-
ADMIN
Role -this grants access to the application or service configuration settings
-
CONTENT_EDITOR
Role - this grants access for users to create and edit content within an application or service (creating new articles in the Knowledge Base, for example).
Again, these roles should only be granted to trusted staff members, any only to the minimum extent required to perform their work.
These roles can be assigned using the checkboxes shown on the right-hand side of the Edit User page shown in the example above (in the Service Roles section). You can also see the current roles assigned to the user listed above.
If you have more than one application enabled for the account/user, then these application-level roles need to be applied to each listed service independently, since these are not applied across applications.
Resetting a User's Password
Manager's never have access to a user's password, so cannot directly enter a new password for a user if they have forgotten theirs.
Ideally, a user who forgets their password should use the "Forgot Password" link in the login page to request a new password link to be emailed to them. If this is inconvenient for some reason, Managers have the ability to trigger this email request on the user's behalf by clicking the "Send Password Reset Email" button shown above. If the user does not respond within the time period specified in the email, the link will be automatically disabled (a new request can later be made if needed).
Adding a User to a Service
If a user is not assigned to a service you have within your account (such as the Knowledge Base), there will be an option to the right of the page to enable the service for the currently selected user. Selecting this option does not provide the user any specific roles in the selected service, but allows them to access it with Reader permissions.
Removing a User from a Service
To remove a user from a specific service (such as the Knowledge Base), you can click the "Remove From Service" button associated with the service. After this, the user will not be granted any special access to the service. Note that after removing this reference, the user may still access the publicly accessible areas of the service (if any), but without any permissions (the same as an anonymous user in other words)
Deleting a User
To permanently delete a user from your account, select the Delete button at the bottom and then confirm. This will permanently delete the user from the account.
Note that deleted users can be added back in at a later time if needed (either by self-registration, or being added by a Manager), however they will be given a new set of credentials and will need to be assigned any roles and User Groups assignments that may be required. There will be no reference to the deleted user, with the possible exception of a shared email address and name (internally they will be treated as a completely new user)