Create users and manage the account settings.

Introduction

The Master data/Users table stores the user profiles with the required login data, domains, and roles. If you use the internal standard authentication of censhare, the user management is done here. If you use an external authentication method (for example SAML SSO or LDAP), user data are stored outside censhare in the remote directory service. If a new user logs in, user data are sent to censhare. A new user is created in the Master data/Users table. At each login, the external user data are synchronized with the user profile in censhare.

There are two different types of users in the censhare system:

  • Standard-users: all normal personnel such as administrators, internal and external users, and collaborators are maintained with individual user accounts, but also virtual users that represent system processes.

  • System user: This is used for machine accounts like the censhare Render Client or the Service Client to connect to the system. Accounts that have this flag set are not displayed in any user lists.

Click here to see a demonstration for the security enhancements ...

User settings

General

FieldDescription
EnabledNew users are enabled by default. Use this field to temporarily or permanently deactivate users. We strongly recommend to deactivate users instead of deleting users. This ensures that the user history (for example, edited asset properties and content) is kept in the system.
IDGenerated automatically.
GenderUse this attribute to create salutation formulas in notifications etc.
TitleEnter an optional title here.
First nameEnter the first name and any middle names or initials here.
Last nameMandatory. Enter the last name here.
Display nameMandatory. This name is shown in the censhare UI and in the personal profile.
Login nameMandatory. This is the name that the user enters in the login field.
E-mail

Mandatory. Enter a personal e-mail address of the user.

Confidential information

When a new user is created, censhare sends a temporary password to this e-mail address. Do not use generic e-mail addresses!

LanguageSelect the default language. This language determines the UI language and preview language. Users can change their language settings in their personal profiles.
VisibleIf enabled, this user can be selected as workflow target (assignee). If disabled, this user can do anything according to their permissions, and is shown as creator or modifier of assets, but cannot be assigned as workflow target. Typically, this is used for virtual users that represent automation processes.
AuthenticationTo manage user data in censhare, Standard must be selected. If you manage user data in a remote directory service (SAML, LDAP), select External and then select the synchronization mode.
Data synchronization

Only displays if External authentication method is selected! 

  • Don't synchronize: Only the user credentials are synchronized. To successfully log in users, censhare requires at least a default role and default domain. The standard governance model requires secondary roles and domains as well. These must be added here.
  • Basic synchronization without roles and groups: Only the necessary user attributes (login name, default role and default domains) are synchronized. Be aware that the standard governance model requires secondary roles and domains! 
  • Complete synchronization: Recommended for external authentication. User attributes are stored in the remote directory service and synchronized with censhare at each login via an attribute mapping.
System userSelect if you want to create a system user.
Expiry date of passwordThis field is ignored for new users! For new users, censhare uses the Define password policies. For existing users, you can enter a date here that overwrites the Password expires in value in the Define password policies
NotificationIf enabled, this user receives a notification e-mail when assets are assigned to them. The notification feature is typically used to keep external users who are not permanently connected to the system informed about their tasks.
Asset IDFilled out automatically. When a new user logs in for the first time, censhare creates a Person asset that is associated with the user profile. This is the ID of the person asset that belongs to the user. The person asset stores personal information (contact, function, etc.) and preferences.
Online Channel SSO Asset IDFilled out automatically. If an Online channel is set up with censhare, it uses a single sign-on method and creates an asset that handles the signing on to the Online channel.
Default roleRequired. This is the role that the user has in the default domain.
Default domainRequired. This is the working domain of the user.
Default 2nd domain Required. This is the role that the user has in the default 2nd domain. If you do not use a 2nd domains tree, select root.
RegionOptionally, select a region for the user.

Roles

Besides the default role and default domains, users can have mandatory or optional secondary roles and domains. Add here the role/domain combinations according to your governance model.

FieldDescription
EnabledMust be enabled.
RoleSelect a secondary role. The default role cannot be selected.
DomainSelect a secondary domain. The default domain cannot be selected.
2nd domainSelect a secondary 2nd domain. The default 2nd domain cannot be selected.

Groups

FieldDescription
GroupAssign the user account to one or multiple groups.