Overview
Managing user accounts can be done from the Settings section.
Users & Groups Settings
List of User Accounts
List of User Accounts
The users list view shows you all of the user accounts in the CMS. The table can be filtered on columns as well as searched. The list view shows you a few key properties of each user account. you can also export the list by clicking Export to CSV at the top right of the table.
To see the details for an individual user account, either double-click the account username or right-click on a username and select 'Edit User' from the context menu.
Accounts can be disabled for a number of reasons:
- The user has entered their password incorrectly more than a threshold number, typically three.
- The date after which the user account is expired has passed.
Accounts that are disabled will show in this list without the green icon on the left and the text greyed out.
User Detail View
The user detail view is split across two tabs: Profile and Preferences.
Profile
User Profile
The fields on the user profile page are:
Name |
Description |
Status |
A dropdown that allows an administrator to flip the status of the account between Enabled and Disabled. |
Expires On |
A date selector. If this field is set, the account will automatically become disabled after the selected date. |
Avatar image |
Users can provide their own avatar image if they wish to customize their account. The default avatar image is a grey person silhouette. |
Username |
The username that should be used for login. Typically this is set to be the users email account as this ensures uniqueness. However, if you are planning to use single sign-on, then the username should match the account name your SSO provider will send. |
Mark as service account |
If this field is checked, the account is not subject to the password expiry rules, which may cause problems for external scripts that are using this account for Access API authentication. |
Edit password |
Clicking this button will open a secondary view to allow you to change the user's password or have the CMS generate a password for the user and email it to them. |
First Name |
The first name of the user |
Last Name |
The last name of the user |
Email Address |
The email address of the user. This is a required field because any system generated passwords, either from this configuration view or when the user uses the "Forgot my password" link on the login page, will be emailed to the user. |
Persona, Department and Location |
Choose from a pre-configured list of values for each field. These fields can be used to group users together for easier management. |
Login Provider |
This should always be set to «Standard», which is the default username + password scheme, unless you have single sign-on configured in which case, you can select from one of the configured authentication profiles. |
Associated Groups |
This matrix of checkboxes allows you to specify which groups the user is associated with. |
Preferences
User Preferences
Create a New User
You can create a new user by cloning an existing user or creating a new user from scratch. The benefit of cloning is that content access permissions will match, so you will not have to start from scratch.
To clone a user, right click the username you want to clone and click Clone User.
Make sure to complete all required fields marked with a red asterisk.
You will need to select at least one Group. Learn more about Groups here.
User Account Security Settings
User Account Security features can be found under the Settings > Configuration section of the CMS. These features are often restricted to administrators.
- Disable User Account: An administrator can choose how many times a user can attempt to login. After the chosen amount of failed attempts, the user will be locked out and the account disabled temporarily. An administrator will need to re-enable the account and will be notified via an email alert; the email account used for the alert is on file under the Configure > General area of the Settings section.
- Login Settings for User Accounts: an option for restricting users from logging into the CMS during a specified amount of time. The period of time is configurable. Users who try to access the CMS between the restricted time range will be notified clearly on the login screen.
- User Account Inactivity: ability to force a logout of the application if a user is idle. The amount of time idle before forcing a logout is configurable. The user will be warned 1 minute prior to the logout event. If they do not remain active, they will be logged out and have to sign back in.
Reactivating Deactivated Account
Disabled user accounts are seen as greyed out in the User List. To reactivate a deactivated account, find the user in the list and double click to open the User Details view. Confirm the status is set to deactivated in the Status field and toggle it to enabled.
If the account was disabled because the user forgot their password or attempted an incorrect password too manny times, click the blue Edit Password button and select "On Save, Randomly Generate a One-Time Use Password". Then click Save.
Account Login Logs
To troubleshoot account deactivation, navigate to Reports > Audit > System and select the user's name from the user drop down. This will provide information on the user's last activity to confirm if the deactivation was due to too many failed login attempts.
User Password Settings
Enhanced password settings and configurations are now available in the Settings > Configuration section. These optional features are often restricted to administrators.
Password Expiration
An administrator can turn on / off the expiration of the CMS users's password, as well as force a password expiration immediately for all users. (This is by default turned off to prevent accidental usage). You can also configure the number of days prior to the password expiration when a user will be notified about the upcoming expiration. This notification will appear on the login screen. If you find that this feature is not enabled, you should contact your administrator to request it. If you wait until expiration, you will see a notification prompting you to create a new password. The "Remember My Login" option will not apply until you login again.
Password Re-Use
An administrator can decide the length of time during which a password cannot be re-used as well as the number of previous passwords that can be re-used. The number of days that a password cannot be re-used is limited to a three digit number.
Password Recovery
he login screen has a link titled "Forgot Password." This can be used to create a temporary password; you must enter your email or username associated with the Crownpeak account. A temporary password will be sent to the associated email account. The temporary password used to reset or re-enable a user account will expire after one-time use.