Users
Settings > Administration > Users
A user is a person who can access the platform, run applications, and view or modify data, as specified by their privileges.
1 About Users
A User has a login identity, password, email address, and other descriptive attributes. That information is stored in a User record. You create such a record when you add a user.
The assignments made in the User record determine the user's privileges:
- The Team a user belongs to determines which data is shared with other users.
- A user's Access Profile specifies global privileges for viewing and modifying data that is available to them. It also specifies administrative privileges.
- Application Access settings determine which applications the user can run, and which Roles they can assume in those applications.
- A user's Role determines their ability to view and modify data for individual application Objects. If a user has multiple Roles available, they choose which one is in force at any given time.
- Learn more: User, Team and Role Guidelines
2 Working with Users
Users that have the User Management permission can add new users in the platform
- Learn More: Available Permissions
2.1 Add a User
To Add New Users:
- Click Settings > Administration > Users
- Click the [New User] button
- Fill in the User Settings.
- Click [Save]
- In the Application Access page, specify the applications the user can access and the roles they can assume in those applications.
2.2 Edit a User
To Edit User Information:
- Click Settings > Administration > Users.
The default view displays all Active Users. You can select another type of user, if required, from the Views icon. - Click the Edit link next to the name of the user you want to edit.
- Modify the User Settings. Note that some fields are required.
- Click [Save]
- In the Application Access page, make changes to the list of applications the user can access and the roles they can assume in those applications.
- Optionally, choose one of the following actions:
Note: The ability to edit users is subject to the Permissions Hierarchy restrictions.
2.3 Reset a User Password
- Click Settings > Administration > Users
- Click the [Reset Password] button
- Use the Lookup to Select a User
- Click [Save].
- The user's password is reset and a temporary password is emailed to the user's email address.
-
Note:
- The user is required to change the Password and verify the Security Question at Login.
- Users who are recognized via the LDAP Configuration are not included in the list of users whose password can be reset. Such changes must be made in the LDAP directory.
2.4 Customer Support Login
A Service Provider's Customer support often needs to login to a tenant, so they can help with its configuration. The Customer Support Login lets them login as the admin user in the specified tenancy, to do that.
-
Users that have the Customer Support Login Permission permission can Login by Proxy to a Tenant
To Login by Proxy to a Tenant:
- Open the Tenants object
- Navigate to the Tenant of interest
- In the Quick Links section, click the Customer Support Login link to login as this user
- This Login by Proxy is tracked in the Audit Log, and is visible to the user
- When the investigation is complete, click the Switch Back link to exit the Proxy Login and revert to your last login state
2.5 Proxy Login as this User
As an administrator responsible for a number of Users, it is often convenient to diagnose user issues by logging in via proxy. With this login, you gain full access to all actions available to the user. (Each action performed during a Proxy Login is audited and logged.)
-
Users that have the Proxy Login Access permission can Login as another user to troubleshoot problems that may arise in a user's account
When a Proxy Login is initiated, a dialog box opens to remind the user that a record of these actions will be created. The user can opt to continue or cancel the action.
- To execute a proxy login
- Click Settings > Administration > Users
- Select a user
If your role has the capability to do a proxy login, the [Proxy Login] button is visible. - Click the [Proxy Login] button.
A confirmation dialog appears. - Click [OK]
- If this is a first-time login, you may need to answer a Security Question
- The name of the user will appear on the screen, in place of your username
- Perform any necessary troubleshooting activities
-
Note: You can only login-by-proxy as a member of your team or one of its subteams, as specified by the Permissions Hierarchy restrictions.
- To close a proxy login session
- Click the Switch Back link
- Confirm that your login name appears on the screen, which indicates that you have successfully closed the Proxy Login session
2.6 Manage Proxy Login Permissions
Grant Users the ability to Login as selected Users or a group of users in a Team.
-
Users that have the Proxy Login Configuration permission can enable Proxy Login for users
To enable the Proxy Login rights:
- Click Settings > Administration > Users
- Select the user of interest
- Click the [Proxy Login Permissions] button
- By default, no Users or Teams are displayed
- The Default Proxy Login settings grant this user Proxy Login rights to All Users and Teams
- If Users or Teams are selected, then this user has Proxy Login rights to the selected Users/Teams, only
- Click the [Edit] button to modify the Default Proxy Login settings
- Choose the desired Users or Teams
- Click [Save]
- Considerations
-
- The User/Team relationship is additive, meaning that:
- If a Team is selected, all Users on that team are available for Proxy Login by the selected user
- If individual Users are selected, only those individual Users are available for Proxy Login by the selected user
- If a Team is selected, and individual Users in that team are also selected, then the addition of those users makes no difference (because the Users are already members of the selected Team)
- However, if those Users move to a new Team in the future, then this permission will apply to those Users in their new Team
2.7 Deactivate a User
When a user leaves your organization, you manage the change by Deactivating that user. That action frees up a License that can be applied to a new user, while preserving the former user's history of record ownership, activities, tasks, and so on. (The delete operation is not allowed, for reason.
Tip: In a large organization, it is good practice to create a team to hold deactivated users.
To deactivate a user:
- Remove the user from all but one team - see Remove Team Members
- Deactivate the User
- Click Settings > Administration > Users
- Open the user record, and deselect (uncheck) the Active checkbox. (Verify that the Active checkbox is not checked).
This user is now deactivated, and the License is now free to assign to another user.
- Tips
- Deactivating a user will not change your Subscription Plan
- To change the number of licenses in your subscription, modify your Subscription Plan
See also: Customize the Users Object
3 User Settings
-
Note:
- Empty fields are not shown when viewing user settings. They appear only when editing.
- For a user who is recognized via LDAP Configuration, only the user's Team membership, initial Application, and application Role can be changed. All other information comes from the LDAP directory, where it can be modified.
3.1 Basic Information
First Name The first name of the user Last Name The last name of the user Company The company where the user is employed Title The professional title of the user User License Type License Type; choose Site User or Platform User
(This option appears only in a tenant-management domain.)Reports To The person on your team to whom this new user reports to Access Profile Select an Access Profile from the lookup window Employee Number The user's work or sales territory and employee number; if a user supports multiple territories, include each territory, separated by commas
3.2 Locale Information
Time Zone Time Zone, based on Time Zone Codes Date Format Choose a Date Format from the drop-down list.
3.3 Login Information
Email The email address to use for sending and receiving email through the platform Username Username is a unique name associated with each User. Username is required to Login, can be an email address or an alphanumeric text string. Active Makes this User's account active Single Sign-On If Single Sign-On is enabled, one of the following options is displayed, depending on the configuration:
- Single Sign-On - Pass Thru
- Supply address information for a custom authentication server.
- Single Sign-On - Delegated Authentication
- Checkbox
- If checked, Single Sign-on is enabled for this user
- Single Sign-On - SAML
- Either a Federation Id or platform User Id field is displayed.
- If blank, Single Sign-on is disabled for this user
- Enter a value to enable Single Sign-On for this user
- UserId is the Record Id of the user that is logged in
- Federated Identity acts as a user's authentication across multiple IT systems or organizations
3.4 Team Membership Information
Primary Team Each user must be assigned to a Primary Team - When a user is assigned to a Primary Team, any previous primary team assignment is replaced
3.5 Address and Contact Information
Phone The user's telephone number, including area code Mobile Phone The user's mobile phone number, including area code Fax The user's fax number, including area code Street Address The user's street address City The user's city State The user's state or province Postal/Zip Code The user's postal or zip code Country The user's country Receive Newsletter Get emailed newsletters from the company, whenever they are sent Send Welcome & Login Information by Email Notify the user by email of changes in their account
When a User is added, the record remains in the database, and the tasks and activities associated with that user are tracked in the Audit log.
3.6 For Developers
When using the REST API to Add a User, the password is optional, and not required. Password policies are implicit and are applied automatically when a new user record is created.
- Learn more: Add a User (Record)