Users
> Administration > Access Management > Users
A user is a person who can access the platform, run applications, and view or modify data, as specified by their privileges.
1 About Users
A User has a login identity, password, email address, and other descriptive attributes. That information is stored in a User record. You create such a record when you add a user.
The assignments made in the User record determine the user's privileges:
- The Team a user belongs to determines which data is shared with other users.
- A user's Access Profile specifies global privileges for viewing and modifying data that is available to them. It also specifies administrative privileges.
- Application Access settings determine which applications the user can run, and which Roles they can assume in those applications.
- A user's Role determines their ability to view and modify data for individual application Objects. If a user has multiple Roles available, they choose which one is in force at any given time.
- Learn more: User, Team and Role Guidelines
2 Working with Users
Users that have the User Management permission can add new users in the platform.
- Learn More: Available Permissions
2.1 Add a User
To add new users:
- Click > Administration > Access Management > Users
- Click the [New User] button
- Fill in the User Settings.
- Click [Save]
- In the Application Access page, specify the applications the user can access and the roles they can assume in those applications.
2.2 Edit a User
To Edit User Information:
- Click > Administration > Access Management > Users.
The default view displays all Active Users. You can select another type of user, if required, from the Views icon. - Click the Edit link next to the name of the user you want to edit.
- Modify the User Settings. Note that some fields are required.
- Click [Save]
- In the Application Access page, make changes to the list of applications the user can access and the roles they can assume in those applications.
- Optionally, choose one of the following actions:
Note: The ability to edit users is subject to the Permissions Hierarchy restrictions.
2.3 Reset a User Password
- Click > Administration > Access Management > Users
- Click the [Reset Password] button
- Use the Lookup to Select a User
- Click [Save].
The user's password is reset and a temporary password is emailed to the user's email address.
Note:
- The user is required to change the Password and verify the Security Question at Login.
- Users who are recognized via the LDAP Configuration are not included in the list of users whose password can be reset. Such changes must be made in the LDAP directory.
- When session management capability is enabled, all existing user sessions will be logged out when the password is reset or changed.
2.4 Customer Support Login
A Service Provider's Customer support often needs to login to a tenant, so they can help with its configuration. The Customer Support Login lets them login as the admin user in the specified tenancy, to do that.
Users that have the Customer Support Login Permission permission can Login by Proxy to a Tenant
To Login by Proxy to a Tenant:
- Open the Tenants object
- Navigate to the Tenant of interest
- In the Quick Links section, click the Customer Support Login link to login as this user
- This Login by Proxy is tracked in the Audit Log, and is visible to the user
- When the investigation is complete, click the Switch Back link to exit the Proxy Login and revert to your last login state
2.5 Proxy Login as this User
As an administrator responsible for a number of Users, it is often convenient to diagnose user issues by logging in via proxy. With this login, you gain full access to all actions available to the user. (Each action performed during a Proxy Login is audited and logged.)
Users that have the Proxy Login Access permission can Login as another user to troubleshoot problems that may arise in a user's account
When a Proxy Login is initiated, a dialog box opens to remind the user that a record of these actions will be created. The user can opt to continue or cancel the action.
- To execute a proxy login
- Click > Administration > Access Management > Users
- Select a user
If your role has the capability to do a proxy login, the [Proxy Login] button is visible. - Click the [Proxy Login] button.
A confirmation dialog appears. - Click [OK]
- If this is a first-time login, you may need to answer a Security Question
- The name of the user will appear on the screen, in place of your username
- Perform any necessary troubleshooting activities
Note: You can only login-by-proxy as a member of your team or one of its subteams, as specified by the Permissions Hierarchy restrictions.
- To close a proxy login session
- Click the down arrow next to your name at the top of the window.
- A drop down appears with additional options.
- Learn more: Using the Agent Portal#User Options
- Click the Switch Back link that appears above the Logout option.
- Confirm that your login name appears on the screen, which indicates that you have successfully closed the Proxy Login session.
2.6 Manage Proxy Login Permissions
Grant Users the ability to Login as selected Users or a group of users in a Team.
Users that have the Proxy Login Configuration permission can enable Proxy Login for users
To enable the Proxy Login rights:
- Click > Administration > Access Management > Users
- Select the user of interest
- Click the [Proxy Login Permissions] button
- By default, no Users or Teams are displayed
- The Default Proxy Login settings grant this user Proxy Login rights to All Users and Teams
- If Users or Teams are selected, then this user has Proxy Login rights to the selected Users/Teams, only
- Click the [Edit] button to modify the Default Proxy Login settings
- Choose the desired Users or Teams
- Click [Save]
- Considerations
-
- The User/Team relationship is additive, meaning that:
- If a Team is selected, all Users on that team are available for Proxy Login by the selected user
- If individual Users are selected, only those individual Users are available for Proxy Login by the selected user
- If a Team is selected, and individual Users in that team are also selected, then the addition of those users makes no difference (because the Users are already members of the selected Team)
- However, if those Users move to a new Team in the future, then this permission will apply to those Users in their new Team
2.7 Deactivate a User
When a user leaves your organization, you manage the change by Deactivating that user. That action frees up a License that can be applied to a new user, while preserving the former user's history of record ownership, activities, tasks, and so on. (The delete operation is not allowed, for reason.
To deactivate a user:
- Remove the user from all but one team - see Remove Team Members
- Deactivate the User
This user is now deactivated, and the License is now free to assign to another user.
- Tips
- Deactivating a user will not change your Subscription Plan
- To change the number of licenses in your subscription, modify your Subscription Plan
See also: Customize the Users Object
3 User Settings
Note:
When a User is added, a record is added to the database. Tasks and activities associated with that user are then tracked in the Audit Log.
Note:
- Empty fields are not shown when viewing user settings. They appear only when editing.
- For a user who is recognized via LDAP Configuration, only the user's Team membership, initial Application, and application Role can be changed. All other information comes from the LDAP directory, where it can be modified.
3.1 Basic Information
First Name User's first name as it should appear in the platform Last Name User's last name as it should appear in the platform Title User's professional title Reports To Manager or supervisor Access Profile The Access Profile assigned to the user Accessibility Mode Enables Accessibility Mode for those whose vision or motor skills are impaired. Employee Number Optional identification number for each employee User License Type Site user (an external user for whom there is no charge) or a Platform User (an internal user).
(This option appears only in a tenant-management domain.)
3.2 Locale Information
Time Zone Choose a Time Zone Code from the drop-down list. Date Format Choose a Date Format from the drop-down list Time Format Choose a Time Format from the drop-down list Locale The user's locale setting. Determines the format for numbers, decimal fields, and percentages. Language User's language. (Only shown if Multiple Languages are specified in Company Information.)
3.3 Login Information
Email The user's email address, used for sending and receiving email through the platform Username Username is a unique name associated with each User. Username is required to Login, can be an email address or an alphanumeric text string. Active Selecting this option indicates that the user account is active Mobile Access Allows a user to access the platform using a mobile device. Single Sign-On This option appears when Single Sign-On is enabled. It allows a user to login to an organization's secure network with a single username and password, and then access the platform without having to log in again. The following options are displayed, depending on the configuration:
- Single Sign-On - Pass Through Authentication
- Supply address information for a custom authentication server.
- Single Sign-On - Delegated Authentication
- Select the checkbox to enable Single Sign-On for the user.
- Single Sign-On - SAML
- A SAML Federated Id field is displayed. A SAML Federated Id is used as authentication across multiple IT systems
- Single Sign-On - Pass Through Authentication
3.4 Team Membership
- This section appears only when adding a new user.
Primary Team The initial Team the user belongs to
3.5 Startup Information
Initial Application The first application the user sees after logging in. Role The user's initial Role in the application. (Additional Roles can be assigned later, using the Application Access settings.) Send Welcome Email A message is sent to the user, welcoming them to the platform, and telling them what they need to know to log in.
3.6 Contact Information
- This section does not appear when adding a new user. Users can fill it in for themselves later, or the admin can fill out by editing the record after the User has been added.
Phone Mobile Phone Fax Street Address City State/Province Postal/Zip Code Country
4 For Developers
When using the REST API to Add a User, the password is optional, and not required. Password policies are implicit and are applied automatically when a new user record is created.
- Learn more: Add a User (Record)