User management

A user can be a member of any number of roles and can be assigned to any number of websites.

Default user accounts

The following default user accounts are available:

  • Administrator – global administrator user with full permissions.
  • Public – user that represents an anonymous visitor of the site.

Creating a new user

New user accounts are typically created when a user goes through registration  on the live site. However, you can also create accounts manually in the Users application. Click New user and configure the properties.

User name

The user’s user name, with which the user can sign in on the website. By default, it must be unique across all websites in the system.

Full name

User’s full name (first name, middle name and last name).

Email

User’s email address.

Enabled

Indicates if the user account is enabled and the user can sign in.

Privilege level

Sets the user’s privilege level (see the privilege level table).

Password
Confirm password

User’s password.

Assign to website

Allows you to quickly assign the new user to the current site.

When a user is assigned to a site, they can work with it in the administration interface (if they have a sufficient Privilege level and permissions).

Note: Assignment of users to sites only limits access to the system’s administration interface. Signing in on the live site may be possible even for users who are not assigned to the given site (depending on the system’s settings).

User passwords

It is highly recommended to set a safe password for every user account to ensure the security of your website. Global administrators can monitor the list of users for accounts that have empty passwords, which are marked with a warning icon ().

You can add a password manually by editing the given users on the Password tab.

The system can be configured to require users to enter passwords matching specific strength requirements. For more information, see Password strength policy and its enforcement.

Each user account has a Privilege level:

Privilege level

Description

None

The user cannot access the system’s administration interface. Ability to view pages and perform actions on the live site depends on the site’s security options and the roles assigned to the user.

Editor

The user can access the administration interface and on-site editing mode for all sites assigned on the Sites tab.

The Editor privilege level does not grant any permissions – it only differentiates between site editors and registered users who are limited to the live website. To allow editors to access applications and perform actions, you need to assign roles.

Administrator

The user has unrestricted access to non-global applications for all sites in the system (administrators skip permission and UI personalization checks).

However, administrators CANNOT:

  • Access applications that are restricted to global administrators (typically those that affect the entire system, for example Sites)
  • Perform certain actions restricted only to global administrators
  • Upgrade the privilege level to global administrator for their own account
  • Grant users the administrator privilege level
  • Edit the user accounts of other administrators

Global administrator

The user has full access to all parts of the system for all sites, and can perform any operations (regardless of permissions or other settings). Global administrators are the only users who have full access to all global applications.

Editing user properties

To edit user properties, open the Users application. Click Edit () next to the required user.

General properties

You can set the following properties on the General tab:

User name

The name used to sign in to websites and the system’s administration interface. By default, user names must be unique across all sites in the system.

Full name

User’s full name (first name, middle name and last name).

First name

User’s first name.

Middle name

User’s middle name.

Last name

User’s last name.

Email

User’s email address.

Enabled

Indicates if the user account is enabled and the user can sign in.

Privilege level

Indicates if the user is allowed to access the administration interface, and affects how the system checks permissions. 

See the privilege level table for details.

Is external user

This attribute is used when you are using an integration with an external user database.

Is domain user

Indicates if the user was imported from Active Directory.

Is hidden

If true, the user is not visible on the site (e.g. on-line user monitoring, repeaters displaying users, etc.).

Preferred content culture

Preferred culture in which the content is displayed to the user.

Preferred user interface culture

Preferred culture in which the users wants to see the administration interface.

Created

Date and time when the user account was created.

Multi-factor authentication is required

Indicates whether multi-factor authentication is enabled for the user.

Only applies if multi-factor authentication is allowed in Settings -> Security & Membership -> Authentication -> Enable multi-factor authentication.

Reset multi-factor secret

Allows you to Reset the secret key that is shared with the user’s multi-factor authentication application.

On the user’s next sign-in attempt, the system displays a new secret key, which the user needs to enter into their authenticator application.

Last sign-in

Date and time when the user last signed in.

Last sign-in information

Information about the IP address and browser user agent of the user’s last sign-in.

Invalid sign-in attempts

The number of unsuccessful attempts to sign in with a wrong password. You can reset the value to zero and unlock the user’s account by clicking the Reset & enable button.

Password expires in

The number of days left until the user’s password expires. You can reset the validity to the maximum value by clicking Extend validity & enable.

Starting alias path

Allows you to limit the user to a specific section of the content tree when using the Pages application. If you set a value, the user cannot see other parts of the website in the content tree.

Note: This feature is only intended for better usability and does not ensure security control. If you need to establish access rights for a given user, grant appropriate page permissions on the Properties -> Security tab.

Password

On this tab, you can change a user’s password. Kentico provides two ways to do this – generating a new password, or changing it.

This tab is hidden if the user being edited is authenticated using either an external user database or Active Directory, i.e., if the user has the Is external user or Is domain user property enabled on the General tab of the user editing interface.

Generating a new password

You can generate a completely new password by clicking the Generate new password button. The affected user receives an email, based on the Membership - Changed password email template, containing the generated password and a recommendation to immediately change it. This password complies with the set password policy (a string of 8 characters containing at least one non-alphanumeric character by default).

Changing an existing password

If you want to change an already existing password manually, you can type a new one into the Password and Confirm password fields. The Password strength indicator gives you an estimate of the password’s complexity. Clicking Change password sends the affected user an email, based on the Membership - Password reset confirmation email template, notifying them of the password change. This email does NOT contain the changed password.

Settings

On the Settings tab, you can edit the following properties of the user:

User nick name

Nick name of the user used in website forums, on the user’s profile, etc.

User picture

User’s avatar image. The image appears in forums and on the user’s profile. You can either upload an image or select a pre-defined avatar.

User signature

User’s signature that will be used below the user’s forum posts.

Description

Optional text describing the user.

URL referrer

URL from that the user came to the site when they performed registration.

Campaign

If the given user arrived on the website through a campaign before registering, this field will store the name of that campaign. See Campaigns for details.

Time zone

User’s time zone; if set, this time zone will be used where applicable instead of the site time zone.

Badge

User’s badge; depends on the number of gained activity points.

User activity points

Number of user’s activity points; these points are gained for forum posts, message board posts, blog posts and blog post comments.

Live ID

User’s Live ID token; this is a hexadecimal number that the user is identified by when signing in via Windows Live ID.

Facebook user ID

User’s Facebook user ID; it is used when the user is signing in via Facebook Connect.

OpenID

User’s OpenID; it is used when the user is signing in via OpenID.

LinkedIn ID

User’s LinkedIn ID; it is used when the user is signing in via LinkedIn authentication.

Activation date

Date of the user’s account activation.

Activated by user

User who activated this user’s account.

Registration info

User’s IP and browser agent detected on registration.

Gender

User’s gender.

Date of birth

User’s date of birth.

Skype account

User’s Skype account.

Instant messenger

User’s instant messenger; format of values of the field is not strictly required, you may use any string of characters according to your specific needs.

Phone number

User’s phone number; the number may be entered in any format, no validation is applied.

Log activities

Indicates if the system logs on-line marketing activities for the user.

Waiting for approval

If checked, the user account is not active yet and is waiting for an administrator’s approval.

Show welcome tile

Indicates whether the application dashboard displays the welcome tile that introduces the basics of the administration interface to new users.

Forum posts

Number of user’s forum posts.

Forum comments

Number of user’s forum comments.

Blog comments

Number of user’s blog comments.

Message board posts

Number of user’s message board posts.

Custom fields

Here you can edit the values of custom user fields. The custom fields can be defined in Modules -> Membership -> Classes -> User -> Fields

Sites

Here you can specify the sites that the user can work with in the administration interface. To assign the user to a site, click Add sites, check the appropriate boxes in the displayed dialog and click Select.

The sites assigned here primarily limit access to the system’s administration interface. This is intended to allow the separation of access privilege for content editors responsible for different websites.

If the Share user accounts on all sites setting is enabled in Settings -> Security & Membership, signing in on the live site is possible even for users who are not assigned to the given site.

Roles

Here you can manage the roles to which the edited user is assigned. Depending on the permissions available for individual roles, the user will be authorized to perform various actions on the website or in the administration interface. Refer to Role management for further information about roles.

Notifications

On this tab, you can see a list of all notification subscriptions of the currently edited user. You can Delete () subscriptions in the list, which unsubscribes the user from receiving notifications.

Categories

This tab displays a list of the user’s custom categories. Categories are topic-related groups to which pages can be assigned. By clicking New category, you can create new categories.

Subscriptions

On this tab, you can manage the user’s subscriptions to newsletters, blog posts (comment notifications), message boards, forums and reports.

Languages

On this tab, you can specify which cultural versions of pages can be edited by the user. You have the following options:

  • User can edit all languages - if selected, the currently edited user can edit pages in all language versions of all sites in the system
  • User can edit following languages - if selected, you can specify which language versions can be edited by the user by selecting the check boxes in the list of language versions; this can be set separately for each site in the system using the Select site drop-down list

Memberships

Here you can manage special types of website membership assigned to the edited user. Each membership represents a collection of roles. When a membership is assigned to a user, it automatically authorizes that user to perform any actions allowed for all contained roles. Refer to Membership management to learn more.