A user can be created at the global level with access to all clients in the group or locally with access to this local client only. A new user is created on the left in the folder navigation in the Settings folder under the item Users, by clicking on + New User. A user with the role system administrator can create additional users on his or her own authority.
A new user is created in the Settings folder under Users, with a click on + New/User.
Necessary user information
A separate access must be set up for each user. Sharing an access with several people is prohibited for security reasons.
The following information is required for a new user:
- Form of address
- First name
- Last name
- E-mail address of the user
- Available roles for the user
The areas are located under the General tab:
Here you enter the surname, first name and email address of the user. This data is primarily used for communication with the user. The specified e-mail address is used to deliver information that can be requested in the system, such as a profile export. You should therefore ensure that the e-mail address you enter here is valid and correctly spelled.
The settings made here apply to the user. The user can also edit this data himself. The selection of the appearance always refers to the user level. Global users can only be assigned global appearances, whereas local users can be assigned both global and local appearances.
With the user name and password, a user can log on to the system. The user name can be generated by clicking on "Suggest", here the entered e-mail address is suggested.
The password is entered either directly by entering a password twice or automatically by the system. A temporary password is sent to the e-mail address entered. After the first login, the user must enter a new password.
The temporary password has a validity period of 24 hours.
Manual password assignment
Use upper and lower case letters, numbers and special characters for your password.
Automatic password assignment
When a password is automatically assigned, a temporary password is sent to the user's e-mail address. Please note that this password is only valid for 24 hours.
Under restrictions the user can be limited to a demo phase. In this case, this user will be automatically blocked from accessing the system 30 days after the account has been created. For immediate manual blocking of the account, check the box Account blocked. If there are too many incorrect attempts during login, the system will automatically lock the user here.
For the security policy, all available policies are displayed.
A user can be assigned one or more roles. By assigning such a role, a user gets all rights that were defined in this role. A user can only assign the roles that he/she owns to another user if he/she has the right to do so.
Roles and rights
One or more roles can be assigned to a user or even withdrawn from a user.
Each user must be assigned at least one role. A new user can only be assigned roles if the assigning user has the rights of the role itself.
Creating a new role
In the left folder navigation you will find the items Users and Roles below the folder Settings. Here you can define which system elements the user should have access to. By clicking on Roles you create a new role, e.g. "Editor".
You create a new role in the Settings/Roles folder by clicking on + New/Roles.
Assign system rights
The right to login must be given to every user, otherwise the user cannot log in.
Assign object rights
The assignment of rights can be used to define exactly which objects the user is allowed to edit and which not. In the role provided, you define whether an object can be displayed, managed, created or changed. If several roles are assigned to a user, this user has the sum of all rights of all assigned roles.
To assign the necessary rights to a role, activate the checkbox for the desired rights. In addition, the Login permission must be activated, otherwise the owner of this role cannot log in to the system. Only assign as many rights to users as absolutely necessary.
For each selectable role, its origin is also displayed. A distinction is made between system, global and client roles. System roles are roles predefined by the system (for example, payroll, administrator). Global roles are superordinate at a global level, while client roles are available locally in individual clients.
The role distribution is divided into two areas: the system area and the area for internal objects. In the system area, you can define which basic functions, such as profile export or creating folders, can be used. In the rights for objects, you can define exactly which objects the owner of this role may see, manage, create, or change.
Globally created users can be restricted to individual clients. Users can only switch to the clients for which they are released. Other clients are still displayed in the navigation, but are no longer available.
A user created on a global level can be restricted access to certain clients.
For the security policy, all available policies are displayed. If there is no defined policy, the native (default) policy is used. Each user can have a specially defined security policy. Here you can set how the security policy of a password should be defined or when a user is automatically logged out. If a user is only allowed to log in within the company, this can be set via the IP restrictions. Here you can define an IP address that can only be used to log in.
Individual settings can be made in each security policy.
You can configure the following settings in the security policy:
- Password length
- Password with special characters
- Password validity period
- Logout after inactivity
- IP restrictions (Login is only possible via a defined IP address)