Manage user accounts

Create users and manage the account settings.

Introduction

The Master data/Users table stores the user profiles with the required login data, domains, and roles. If you use the internal standard authentication of censhare, the user management is done here. If you use an external authentication method (for example SAML SSO or LDAP), user data are stored outside censhare in the remote directory service. If a new user logs in, user data are sent to censhare. A new user is created in the Master data/Users table. At each login, the external user data are synchronized with the user profile in censhare.

There are two different types of users in the censhare system:

Standard-users: all normal personnel such as administrators, internal and external users, and collaborators are maintained with individual user accounts, but also virtual users that represent system processes.
System user: This is used for machine accounts like the censhare Render Client or the Service Client to connect to the system. Accounts that have this flag set are not displayed in any user lists.

Click here to see a demonstration for the security enhancements ...

User settings

General

Field	Description
Enabled	New users are enabled by default. Use this field to temporarily or permanently deactivate users. We strongly recommend to deactivate users instead of deleting users. This ensures that the user history (for example, edited asset properties and content) is kept in the system.
ID	Generated automatically.
Gender	Use this attribute to create salutation formulas in notifications etc.
Title	Enter an optional title here.
First name	Enter the first name and any middle names or initials here.
Last name	Mandatory. Enter the last name here.
Display name	Mandatory. This name is shown in the censhare UI and in the personal profile.
Login name	Mandatory. This is the name that the user enters in the login field.
E-mail	Mandatory. Enter a personal e-mail address of the user. Confidential information When a new user is created, censhare sends a temporary password to this e-mail address. Do not use generic e-mail addresses!
Language	Select the default language. This language determines the UI language and preview language. Users can change their language settings in their personal profiles.
Visible	If enabled, this user can be selected as workflow target (assignee). If disabled, this user can do anything according to their permissions, and is shown as creator or modifier of assets, but cannot be assigned as workflow target. Typically, this is used for virtual users that represent automation processes.
Authentication	To manage user data in censhare, Standard must be selected. If you manage user data in a remote directory service (SAML, LDAP), select External and then select the synchronization mode.
Data synchronization	Only displays if External authentication method is selected! Don't synchronize: Only the user credentials are synchronized. To successfully log in users, censhare requires at least a default role and default domain. The standard governance model requires secondary roles and domains as well. These must be added here. Basic synchronization without roles and groups: Only the necessary user attributes (login name, default role and default domains) are synchronized. Be aware that the standard governance model requires secondary roles and domains! Complete synchronization: Recommended for external authentication. User attributes are stored in the remote directory service and synchronized with censhare at each login via an attribute mapping.
System user	Select if you want to create a system user.
Expiry date of password	This field is ignored for new users! For new users, censhare uses the Define password policies. For existing users, you can enter a date here that overwrites the Password expires in value in the Define password policies.
Notification	If enabled, this user receives a notification e-mail when assets are assigned to them. The notification feature is typically used to keep external users who are not permanently connected to the system informed about their tasks.
Asset ID	Filled out automatically. When a new user logs in for the first time, censhare creates a Person asset that is associated with the user profile. This is the ID of the person asset that belongs to the user. The person asset stores personal information (contact, function, etc.) and preferences.
Online Channel SSO Asset ID	Filled out automatically. If an Online channel is set up with censhare, it uses a single sign-on method and creates an asset that handles the signing on to the Online channel.
Default role	Required. This is the role that the user has in the default domain.
Default domain	Required. This is the working domain of the user.
Default 2nd domain	Required. This is the role that the user has in the default 2nd domain. If you do not use a 2nd domains tree, select root.
Region	Optionally, select a region for the user.

Roles

Besides the default role and default domains, users can have mandatory or optional secondary roles and domains. Add here the role/domain combinations according to your governance model.

Field	Description
Enabled	Must be enabled.
Role	Select a secondary role. The default role cannot be selected.
Domain	Select a secondary domain. The default domain cannot be selected.
2nd domain	Select a secondary 2nd domain. The default 2nd domain cannot be selected.

Groups

Field	Description
Group	Assign the user account to one or multiple groups.