Manage user accounts
Create users and manage the account settings.
Introduction
The Master data/Users table stores the user profiles with the required login data, domains, and roles. If you use the internal standard authentication of censhare, the user management is done here. If you use an external authentication method (for example SAML SSO or LDAP), user data are stored outside censhare in the remote directory service. If a new user logs in, user data are sent to censhare. A new user is created in the Master data/Users table. At each login, the external user data are synchronized with the user profile in censhare.
There are two different types of users in the censhare system:
Standard-users: all normal personnel such as administrators, internal and external users, and collaborators are maintained with individual user accounts, but also virtual users that represent system processes.
System user: This is used for machine accounts like the censhare Render Client or the Service Client to connect to the system. Accounts that have this flag set are not displayed in any user lists.
Click here to watch the security enhancement demonstration ...
User settings
General
Field | Description |
---|---|
Enabled | New users are enabled by default. Use this field to temporarily or permanently deactivate users. We strongly recommend to deactivate users instead of deleting users. This ensures that the user history (for example, edited asset properties and content) is kept in the system. |
ID | Generated automatically. |
Gender | Use this attribute to create salutation formulas in notifications etc. |
Title | Enter an optional title here. |
First name | Enter the first name and any middle names or initials here. |
Last name | Mandatory. Enter the last name here. |
Display name | Mandatory. This name is shown in the censhare UI and in the personal profile. |
Login name | Mandatory. This is the name that the user enters in the login field. |
Mandatory. Enter a personal e-mail address of the user. Confidential information When a new user is created, censhare sends a temporary password to this e-mail address. Do not use generic e-mail addresses! | |
Language | Select the default language. This language determines the UI language and preview language. Users can change their language settings in their personal profiles. |
Visible | If enabled, this user can be selected as workflow target (assignee). If disabled, this user can do anything according to their permissions, and is shown as creator or modifier of assets, but cannot be assigned as workflow target. Typically, this is used for virtual users that represent automation processes. |
Authentication | To manage user data in censhare, Standard must be selected. If you manage user data in a remote directory service (SAML, LDAP), select External and then select the synchronization mode. |
Data synchronization | Only displays if External authentication method is selected!
|
System user | Select if you want to create a system user. |
Expiry date of password | This field is ignored for new users! For new users, censhare uses the Define password policies. For existing users, you can enter a date here that overwrites the Password expires in value in the Define password policies. |
Notification | If enabled, this user receives a notification e-mail when assets are assigned to them. The notification feature is typically used to keep external users who are not permanently connected to the system informed about their tasks. |
Asset ID | Filled out automatically. When a new user logs in for the first time, censhare creates a Person asset that is associated with the user profile. This is the ID of the person asset that belongs to the user. The person asset stores personal information (contact, function, etc.) and preferences. |
Online Channel SSO Asset ID | Filled out automatically. If an Online channel is set up with censhare, it uses a single sign-on method and creates an asset that handles the signing on to the Online channel. |
Default role | Required. This is the role that the user has in the default domain. |
Default domain | Required. This is the working domain of the user. |
Default 2nd domain | Required. This is the role that the user has in the default 2nd domain. If you do not use a 2nd domains tree, select root. |
Region | Optionally, select a region for the user. |
Roles
Besides the default role and default domains, users can have mandatory or optional secondary roles and domains. Add here the role/domain combinations according to your governance model.
Field | Description |
---|---|
Enabled | Must be enabled. |
Role | Select a secondary role. The default role cannot be selected. |
Domain | Select a secondary domain. The default domain cannot be selected. |
2nd domain | Select a secondary 2nd domain. The default 2nd domain cannot be selected. |
Groups
Field | Description |
---|---|
Group | Assign the user account to one or multiple groups. Groups are a logical collection of users, for example as a workflow target |