User Accounts
The User Accounts page displays a paged list of current system user accounts. The list of accounts can be sorted and filtered. Multiple accounts can be enabled, disabled, or deleted from this page.
Who has access?
- User Administrators – access to user and group management
- Anonymous Users – access to registration, recover username, and change password forms if the system is configured to allow these
Page Description
The User Accounts page is laid out in three primary sections:
User List
A list of the current system user accounts is displayed here with the list containing some of the basic user attributes: Last name, First name, Username, Email and Status.
Paging, Sorting, and Filtering
The list will be displayed in pages of user accounts with the number of user accounts per page initially being set to the system default for User Page Size (set by a System Administrator on the System Settings page). The number of user accounts per page to display can be changed by entering a number in the Showing XX users per page field at the top right of the user list. Any changes in the page size will be remembered for the current browser session. It will revert to the default value for new browser sessions. If there are more user accounts in the system than the currently set page size, page controls will be shown at the bottom right of the user list.
When the page is first displayed, the list will be sorted by Last name (ascending) with secondary sort by First name and Username. The sorting of the list may be changed by clicking on the column headings. By clicking on a column heading other than the one currently being used for sorting, the sort will be changed to use that column as the primary (ascending) sort parameter. If the column heading of the column currently used as the primary sort is clicked on, then the sort will toggle between ascending and descending sorts. For the following primary sorts, the secondary sort columns will be as shown:
Primary Sort | Secondary Sort (in order) |
Last name | First name, Username |
First name | Last name, Username |
Username | <none> |
<none> | |
Status | Last name, First name, Username |
The list of user accounts can be filtered by selecting the Advanced search link at the top left of the user list. When this is selected, the Advanced search form will be displayed. Enter (or select) any desired filtering criteria in the fields and then click on the Search button. The search form will be closed and the list will only show user accounts that match the search/filter criteria. When a search filter is in effect, a (reset) link will be displayed to the right of the Advanced search link. Clicking on this link will reset the search filter. The search filter can also be reset by opening the Advanced search form and clicking on the Clear button. Search criteria entered into text fields of the form are case-insensitive and non-positional. For example, if a capital letter ‘L’ is entered into the First name field of the form and a search is done, the list will contain all user accounts that have the letter ‘L’ (upper or lower case) anywhere in their first name. Any field set to blank will not be used as search criteria.
Operations on Multiple User Accounts
The operations that can be done on multiple user accounts simultaneously are Enable users, Disable users, and Delete users. To perform one of these operations on multiple user accounts, check the checkbox at the left of the users upon which the operation is to be performed. Note: all user accounts on the current page can be checked or unchecked by clicking on the checkbox in the top left corner of the list. When at least one user account is checked, the operation buttons below the user list will be enabled. Select the operation to perform on the checked user accounts by clicking on one of these buttons. The Enable users and Disable users operations will be performed immediately and the user account status in the list will be set accordingly. The Delete users operation will display a prompt to confirm that the user accounts are to be deleted. If the deletion is confirmed, then the user accounts will be deleted from the system and they will be removed from the list.
View Details of a User
To view or edit the details of a single user account, click on the last name or first name in the user account list. Detailed user account information and other defined attributes will be displayed for that selected user. See the documentation for Managing a User for more information.
Operations
Additional user account operations can be accessed by clicking on the links in the Operations section in the page sidebar. The operations available are:
- Create a New User – manually create a new user account by entering user information and attributes
- Start User Import Wizard – create multiple user accounts by importing user information from a file (such as an exported file from a database)
User Summary
This area displays a summary of user account information.
- License Limit – the maximum number of user accounts allowed as determined by the application license
- Total – the total number of user accounts in the system
- Enabled – the number of user accounts that have a status of Enabled
- Disabled – the number of user accounts that have a status of Disabled
- Pending Activation – the number of user accounts where a user has registered but has not confirmed by using the confirmation link that was emailed to them
- Pending Admin Approval – the number of user accounts where a user has registered and confirmed their account but the account still needs approval by a User Administrator
Create a New User
The form for a User Administrator to create a user account is much the same as that for the user to self-register an account. The additional fields available to the administrator are:
-
Temporary Password
If this is checked, the password is designated as a temporary password and the user must change it the next time they log in. Temporary passwords are not required to conform to the current password policy and are not saved into the password history list. -
Use Random Password
If this option is checked, a random password will be generated. The Password and Repeat Password fields are not used and the account summary will automatically be emailed to the user whether the Send account summary to user is checked or not. A randomly generated password will always be designated as a temporary password whether the Temporary Password setting is checked or not. The user will be required to enter a new password the next time that they log in with the randomly generated password. -
Send account summary to user
If this option is checked, an account summary will be emailed to the user. The text of this email is configurable by a System Administrator under Control Panel > Email Templates. -
Status
The user account can be created in either the Enabled or Disabled state. A user cannot log in if the account is disabled.
User Import Wizard
The User Import Wizard allows for the creation of multiple user accounts through uploading and processing a file containing required user account information. The file that is uploaded will typically come from the export of data from a datastore such as a database or AD/LDAP.
The user import process consists of these steps:
- Upload CSV file
- Set import options
- Map file data to user account fields
- Set merge and notification option
- Review settings
- Execute import
Managing a User
Clicking on a user from the list of users on the main User Accounts page will display the View User page for that particular user. The current settings for that user will be shown. This will consist of the basic User Information (First name, Last Name, Username, Email address) plus the following information:
- Dates for when the user account was created and last modified
- Status as to whether the user account is enabled or not
- Administrative roles that have been assigned to this user
- Groups to which the user belongs
The settings for any additional user attributes that have been defined in the User Account Template will be displayed here as well.
To make any changes in the user account, select one of the Operations listed in the page sidebar.
Operations (View User page)
The operations that are available for the currently viewed user account will vary depending on the state of the user account.
-
Approve User
If a user has requested a user account through the User Register page and they have confirmed their account by clicking on the confirmation link that was emailed to them and the system is also configured to require an administrator’s approval for user account registration, then this operation will allow a User Administrator to approve that user account. A confirmation prompt will be displayed to ensure that the administrator wants to approve this account. -
Activate User
This is the same as Approve User except that the user has not confirmed their account by clicking on the confirmation link that was emailed to them when they registered. This might be used when the user did not receive the email for some reason such as their mail server flagging it as spam. A confirmation prompt is displayed when this operation is clicked on to ensure that the administrator wants to activate the account even though it has not been confirmed by the user. If a user did not receive the confirmation email, it would be best to determine why and get that resolved since most of the user self-service options require delivery of email to the user in order to work properly. -
Reject User
This operation will be available for the same reason as the Approve User operation. When a user account registration is rejected, an email is sent to the user to let them know that the registration was rejected and the pending user account is deleted from the system. When this operation is selected, a confirmation prompt will be displayed to ensure that the administrator wants to reject and delete the pending user account. -
Send Confirmation Email
This operation will send another copy of the registration confirmation email to the user. This would normally be used if the user did not receive the initial email and the reason for non-delivery of the email was resolved. It is best to go through the process of sending the email so the user can confirm their account through the link rather than just activating the account without the user being able to receive emails from the application. -
Send Username
This will send an email that contains the user’s username to the user. The text of the email is configurable by a System Administrator under Control Panel > Email Templates.
Update User
At a minimum, the information required to define a user account will consist of basic User Information which includes: First name, Last name, Username and Email. Additional user data fields may be available, and possibly required, depending on the Custom User Fields configuration.
-
First name
The first name of the user. This can be up to 128 characters in length. -
Last name
The last name (surname) of the user. This can be up to 128 characters in length. -
Username
This field must be unique among all users. The format (minimum/maximum length, allowed characters, etc.) is governed by the Username Policy that has been defined.
- Email
This field must be unique among all users. It must be in a valid email format and can be up to 128 characters in length.
Set Password
- Password
The format of the password (minimum/maximum length, allowed/required characters, etc.) is governed by the Password Policy that has been defined.
-
Repeat Password
This field is a verification check to ensure that the password is entered correctly before it is saved. The value entered here must match the value entered in the Password field. -
Temporary Password
If this option is checked, the password that is set is only temporary and the user will be prompted to change their password at the time that they log in. Temporary passwords are not required to conform to the Password Policy. -
Use random Password
If this option is checked, a random value will be generated for the password. An email with the password will always be sent to the user if this option is selected. -
Send Password to user
If this option is checked, the new password will be sent to the user via email. If the Use random Password option is checked, this option will be ignored. -
Disable User
Click this button to disable the currently viewed user account. When a user account is disabled, the user will not be able to log in to the system or be authenticated by the IdP. -
Enable User
Click this button to enable the currently viewed user account. -
Set Admin Privileges
A user account can be given administrative privileges which allow management of various aspects of the Elastic SSO application. The setting of administrator privileges is only available to the super administrator. The types of administrative privileges that may be granted are:-
User Administrator
A User Administrator can manage user accounts and groups. These items are available via the main menu bar item Manage Users. -
SAML Administrator
A SAML Administrator can manage the SSO configuration for the application. Items related to this are available via the main menu bar item Manage SSO. -
System Administrator
A System Administrator can manage application settings. These items are available via the main menu bar item Control Panel.
When a user’s administrative privileges are changed, an email may optionally be sent to the user to notify them of the change. The content/format of the email can be configured by the super administrator under Control Panel, Email Templates.
-
-
Delete User
To delete the user account that is currently being viewed, click on Delete User in the Operation section of the page sidebar. A prompt will be displayed to confirm that the user account is to be deleted.Warning: Once a user account is deleted, the information set in that user account cannot be recovered. If the deletion is confirmed, then the user account will be deleted from the system.
-
Add to Group(s)
A user may be added to one or more groups. A list of groups to which the currently viewed user may be added will be displayed. If there are no groups defined or if the user is already a member of all available groups, a message to that effect will be displayed. If there are available groups, select the checkbox next to the group or groups that the user is to be added to and then click on the Add group memberships button that is located at the bottom right of the browser window.
User Self-Service
Self-service features for users.
Register
The User Register page allows users to request a user account. Upon submitting the registration request form, a confirmation email is sent to the user. This email will contain a link that the user must click on in order to confirm the registration. Depending how the system is configured, once a user confirms their registration, their account may be automatically activated or it may require a user administrator to approve the registration. The user will be informed of the status at the time that they confirm their registration and they will also receive an email with the status of their account.
The user registration form will display fields to gather the basic user information (First name, Last name, Username, Email, Password) as well as any additional attributes that may have been added via the User Account Template.
User Information
All fields in the User Information section are required (cannot be blank).
-
First name
The first name of the user. The length of this field is limited to 128 characters. -
Last name
The last name (surname) of the user. The length of this field is limited to 128 characters. -
Username
The username for the user account. This must be unique across all users and must conform to any username policy that has been defined. There will be text displayed next to this field describing limitations that have been set on the format of the username such as minimum number of characters, etc. -
Email
The email address of the user. This must be unique across all users. The length of this field is limited to 128 characters. -
Repeat email
Verification entry of the user’s email address. -
Password
The password that the user will use to log in to the system. This must conform to any password policy that has been defined. There will be text displayed next to this field describing limitations that have been set on the format of the password such as minimum number of characters, etc. -
Repeat Password
Verification entry of the user’s password.
The system may be configured to have fields for additional user account attributes. These attributes may or may not be required fields depending on configuration.
This form includes a security code which is displayed graphically and must be entered into the Verification code field. This is a required field. If the graphical code is difficult to read, click on the graphical code and it will automatically display a new code.
Recover Username
The Recover Username page allows users to request the username associated with their user account. When this form is submitted, the system checks to see if a user account exists that is associated with the email address that is entered in the Email address field of the form. If a matching account exists, an email containing the username will be sent to that email address.
Security Check
This form includes a security code which is displayed graphically and must be entered into the Verification code field. This is a required field. If the graphical code is difficult to read, click on the graphical code and it will automatically display a new code.
Change Password Request
The Change Password page allows users to request to change the password for their user account. When this form is submitted, the system checks to see if a user account exists for the entered username or email address. If a matching account exists, an email containing a link that will allow changing the password for their account will be sent to the email address associated with that user account.
Security Check
This form includes a security code which is displayed graphically and must be entered into the Verification code field. This is a required field. If the graphical code is difficult to read, click on the graphical code and it will automatically display a new code.
Password Change Link
The link that is in the email sent as a result of a password change request is only valid for a certain amount of time. The valid duration can be set by a System Administrator as part of the password policy. If the password change request is still valid when it is used, it will display a form for the user to enter and verify their new password.
-
Password
This is the password that the user will use to log in to the system. This must conform to any password policy that has been defined. There will be text displayed next to this field describing limitations that have been set on the format of the password such as minimum number of characters, etc. -
Repeat Password
Verification entry of the user’s password.