User accounts are created in the Settings folder under the Users item.
Users can be created at client level and also at global level. A user created at client level can only log in in the client in which he was created and has access only to the data of this client. A user created at global level can access the data of all clients.
A new user is created in the Settings folder under Users by clicking on + New/User.
General
Information
Here you enter general information about the user. This data is primarily used to address the user within the system.
The email address you enter here will be used to send the user information by email that he can request in the system - such as profile exports. Please make sure that the email address you enter here is valid and correctly spelled.
Settings
All settings made here apply to the user. He can also edit these data himself - either by navigating in the folder structure or by clicking on the user name in the upper right corner of the logo bar. The selection of the appearance always refers to the user level - global users can only select global appearances, local users can select global and also local appearances.
In the settings, the appearance and system language can be adjusted to the preferences of the respective user.
Access data
With the user name and password, a user can log on to the system. The username can be generated by clicking on the button Suggest - usually the entered email address is used here. If a username already exists in the system, no second one with the same username can be created. The password is entered either directly by entering a password twice or automatically by the system. A generated password is sent to the specified e-mail address. After the first login with the temporary password, the user must enter a new password of his own. The temporary password has a validity period of 24 hours.
Under restrictions the user can be limited to a demo phase. This user will be automatically blocked from accessing the system for 30 days after the account has been created. For immediate manual blocking of the account, check the box Account locked. If there are too many incorrect attempts during login, the system automatically sets a check mark here.
With automatic password assignment, a temporary password (valid for 24 hours) is sent to the user at the specified e-mail address with which the user can log in.
Security guidelines
For the Security Policy, all available policies are displayed. If there is no defined policy, the native policy (default) is used. If access to personal data should only be possible in a certain IP range, at least two IP restrictions must be set. In the first, the IP range must be defined and the rights "Show profiles" and "Login" must be selected. In the second, all other IP ranges (0.0.0.0/0) must be defined with the "Login" right.
Rolls
For each selectable role, its origin is also displayed. A distinction is made between system, global and client roles. System roles are roles predefined by the system (for example, payroll, administrator), Global roles are roles at global level.
A user can be assigned one or more roles. By assigning such a role, a user receives all the authorizations that were defined in a role. A user can only assign roles to another user that he/she has the right to do so.
Restriction
Global users can be restricted to clients here. These users can then only switch to the clients for which they are released. The other clients are only displayed in the navigation, but cannot be clicked on.
Login history
Here you will find a list of the last 20 login (attempts) of the user with information about the browser used and the IP address from which the user logged in. The user can also view this information about himself in the settings. If a user has failed to log in, the user will be informed once when logging in.
In the login history you can see when and with which IP address the user has logged in.
Warning!
Please observe the current legal situation regarding the data protection of your employees - especially when using data that is not used for system administration and to maintain data security.