User administration

Administration of users and roles > User administration

A user account allows a physical user to authenticate to the application. The account is identified by a username, and contains detailed information of the user.

User accounts are server-wide in scope, and a user account can be a member of an unlimited number of applications. For this reason, before creating a new user account, make sure that the physical user does not already have an account on the same server, in the Application users form. If so, simply add the existing account to the application in question.

For security reasons, a user account should never be used by more than one physical person.

The following actions can be performed with the User administration form:

Show or hide the colums you wish by clicking the NDMEhiddenSettings icon placed at the top left corner of this form.

Filters and sorting may be applied per column.

Multi-level sorting: You can sort more than one column, keeping a specific order, e.g. sort by column "A", then by column "B", and so on.

For that, after sorting the first column, hit and hold Shift on your keyboard, and then click on the second column you wish to sort (one click for ascending, two clicks for descending), and then the third column, etc.

Note that the order will be indicated by a number together with the sorting arrow icon.

Create a user account

Before proceeding with the creation of users, decide the Expandable text.

Open the User administration form, in Administration in the navigation menu. Click on Create new user, and enter at least Username, First name, Surname and E-mail address.

Other fields are optional, and some of them can be filled in or overriden by the user at a later stage in the User settings form.

The following columns have special remarks:

  • Password: For security reasons, only the user can generate a new password by using the Forgot password link in the login page.

  • Membership locked: It is automatically set in case the user has enter the password too many times in sequence (subjected to the password policy) when attempting to log in any application; however, if manually set, can be used by the administrator to pause the membership of that user for that application only. To do it at a server level (i.e., all applications at once), untick the Active column instead.

  • Membership expires: If provided, the access to the application will be denied for the selected user after this date.

  • Password policy: This is the way the system regulates the authentication of users in order to access the application. The preset password policy for new applications is the Server Default, however the application administrator can select another policy (if available) or can request to the IS Tools support team to define a different policy that suits in a better way the needs of the application.

    The following information is provided as tooltip upon hovering over the Password policy column: Authentication type, Minimum length, Generations, Changes per day, Locked after (attempts), Locked out time (minutes), Expires after (days), Request password enabled, Complex password forced.

    The password policy can also be applied in the Application preferences form.

  • Phone number: This number must be entered if the Password policy previously chosen requires a "Password + SMS" authentication type (defined at server level). A mobile number is also needed if text messages (SMS) are wished to be sent via rule actions (for when the user is added as recipient). Once saved, an international format is automatically applied to the number typed into this field, depending on the selected Country; e.g., for Sweden, the number 0706988621 changes to +46 70 6988621 after saving. If no Country is selected, then the international format must be manually typed.

  • Start form*: Select a form that will be automatically displayed for the selected user once logged in on desktop mode. If no start form is defined, an empty browser pane will be displayed next to the IS Tools navigation menu.

  • Mobile start form*: Same as above, but for mobile mode. In this case, note that only application forms can be selected, i.e., no system forms are available in this drop-down field.

*Note that these settings are also available in User settings and Applications preferences forms.

Finally, click Save.

If you already have a list of users that you wish to export to IS Tools, use the Import file button. Simply map the columns of your Excel file with the columns of this form, check the preview, and click Add. Save this action.

Assign roles to a user

To assign roles, select one or multiple usernames. Click the Assign roles button, select the roles you need, and then Save.

Edit a user account

Double-click the cell you need to edit, make the necessary changes and click Save.

These changes will take effect the next time the user logs on, and the user will be able to see this information updated in his/her own menu with the User settings form.

For the selected user(s), you may click on the More actions button to:

  • Send accounts details by mail. Use this action right after you create a new account so the user gets information and a link to access the application.

  • Activate account or Deactivate account. Alternatively, use the Active column for this.

    Only accounts that were originally created in the current application are subjected to activation/deactivation.

    Inactivating a user account that has a membership in other applications, will automatically lock it out for all those applications.

    If you are unsure about what other memberships the account you wish to deactivate has, ask your IS Tools support team before you perform this action.

  • Unlock membership. Use this action whenever a user reports that his/her account is locked due to typing the wrong password. Alternatively, use the Membership locked column for this.

  • Generate API key. For API access purposes.

  • Remove from application. The user will no longer be part of the current application, but will still have access to other applications within the server, if membership exists.

  • Delete user account. The user will no longer exist in the entire server.

    Only accounts that were originally created in the current application are subjected to deletion.

    If you are unsure about what other memberships the account you wish to delete has, ask your IS Tools support team before you perform this action, as it cannot be reverted once done.

Export user accounts

Right-click on any cell of the table grid, and click on Export. To export specific users, first make the proper filters, and then right-click to export the data displayed.

Other features

At the bottom of the form you can see figures like the total number of users your application has, how many are filtered and how many you have selected.