User management
A user can be a member of any number of roles and can be assigned to any number of websites.
Each user account has a Privilege level:
| Privilege level | Description |
|---|---|
| None | The user cannot access the system's administration interface. Ability to view pages and perform actions on the live site depends on the site's security options and the roles assigned to the user. |
| Editor | The user can access the administration interface and on-site editing mode for all sites assigned on the Sites tab. The Editor privilege level does not grant any permissions — it only differentiates between site editors and registered users who are limited to the live website. To allow editors to access applications and perform actions, you need to assign roles. |
| Administrator | The user has unrestricted access to non-global applications for all sites in the system (administrators skip permission and UI personalization checks). However, administrators CANNOT:
|
| Global administrator _________________ | The user has full access to all parts of the system for all sites, and can perform any operations (regardless of permissions or other settings). Global administrators are the only users who can work with global applications. |
Default user accounts
The following default user accounts are available:
- Administrator - global administrator user with full permissions.
- Public - user that represents an anonymous visitor of the site.
Creating a new user
New user accounts are typically created when a user goes through registration on the live site. However, you can also create accounts manually in the Users application. Click New user and configure the properties.
| User name | The user's user name (login). By default, it must be unique across all websites in the system. |
| Full name | User's full name (first name, middle name and last name). |
| User's e-mail address. | |
| Enabled | Indicates if the user account is enabled and the user can sign in. |
| Privilege level | Sets the user's privilege level (see the privilege level table). |
| Password | User's password. |
| Confirm password | User's password again for confirmation. |
User passwords
It is highly recommended to set a safe password for every user account to ensure the security of your website. Global administrators can monitor the list of users for accounts that have empty passwords, which are marked with a warning icon (
).
You can add a password manually by editing the given users on the Password tab.
The system can be configured to require users to enter passwords matching specific strength requirements. For more information, see Password strength policy and its enforcement.
Editing user properties
To edit user properties, open the Users application. Click Edit (
) next to the required user.
General properties
You can set the following properties on the General tab:
| User name | The name used to log in to websites and the system's administration interface. By default, user names must be unique across all sites in the system. |
| Full name | User's full name (first name, middle name and last name). |
| First name | User's first name. |
| Middle name | User's middle name. |
| Last name | User's last name. |
| User's e-mail address. | |
| Enabled | Indicates if the user account is enabled and the user can sign in. |
| Privilege level | Indicates if the user is allowed to access the administration interface, and affects how the system checks permissions. See the privilege level table for details. |
| Is external user | This attribute is used when you are using an integration with an external user database. |
| Is domain user | Indicates if the user was imported from Active Directory. See Importing users and roles from Active Directory for instructions. |
| Is hidden | If true, the user is not visible on the site (e.g. on-line user monitoring, repeaters displaying users, etc.). |
| Preferred content culture | Preferred culture in which the content is displayed to the user. |
| Preferred user interface culture | Preferred culture in which the users wants to see the administration interface. |
| Created | Date and time when the user account was created. |
| Multi-factor authentication is required | Indicates if the Multi-factor authentication is enabled for the particular user, if the Enable multi-factor authentication is SELECTED and the Multi-factor authentication is required globally is CLEARED. |
| Reset token ID | Resets the user's token ID, which is used to pair the user account with the mobile application. |
| Last logon | Date and time when the user last logged in. |
| Last logon information | Information about the IP address and browser user agent of the user's last logon. |
| Invalid logon attempts | The number of unsuccessful attempts to log in with a wrong password. You can reset the value to zero and unlock the user's account by clicking the Reset & enable button. |
| Password expires in | The number of days left until the user's password expires. You can reset the validity to the maximum value by clicking Extend validity & enable. |
| Starting alias path | Allows you to limit the user to a specific section of the content tree when using the Pages application. If you set a value, the user cannot see other parts of the website in the content tree. Note: This feature is only intended for better usability and does not ensure security control. If you need to establish access rights for a given user, grant appropriate document permissions on the Properties -> Security tab. |
Password
Here you can change the user's password:
- Password - user's password.
- Confirm password - user's password again for confirmation.
You can either enter a new password directly, or have the system generate a new one. The tab also provides the option to send an automatic notification e‑mail to the given user containing the new password.
This tab is hidden if the edited user is authenticated using either an external user database or Active Directory, i.e., if the user has the Is external user property enabled on the General tab of the user editing interface or if Is domain user is enabled and the application is configured to use Windows authentication.
Settings
On the Settings tab, you can edit the following properties of the user:
| User nick name | Nick name of the user used in website forums, on the user's profile, etc. |
| User picture | User's avatar image. The image appears in forums and on the user's profile. You can either upload an image or select a pre-defined avatar. |
| User signature | User's signature that will be used below the user's forum posts. |
| Description | Optional text describing the user. |
| URL referrer | URL from that the user came to the site when they performed registration. |
| Campaign | If the given user arrived on the website through a campaign before registering, this field will store the name of that campaign. See Tracking campaigns for details. |
| Messaging notification e-mail | Notifications about new messages received in the messaging application will be sent to this e-mail address. |
| Time zone | User's time zone; if set, this time zone will be used where applicable instead of the site time zone. |
| Badge | User's badge; depends on the number of gained activity points. |
| User activity points | Number of user's activity points; these points are gained for forum posts, message board posts, blog posts and blog post comments. |
| Live ID | User's Live ID token; this is a hexadecimal number that the user is identified by when logging-in via Windows Live ID. |
| Facebook user ID | User's Facebook user ID; it is used when the user is logging in via Facebook Connect. |
| OpenID | User's OpenID; it is used when the user is logging in via OpenID. |
| LinkedIn ID | User's LinkedIn ID; it is used when the user is logging in via LinkedIn authentication. |
| Activation date | Date of the user's account activation. |
| Activated by user | User who activated this user's account. |
| Registration info | User's IP and browser agent detected on registration. |
| Gender | User's gender. |
| Date of birth | User's date of birth. |
| Skype account | User's Skype account. |
| Instant messenger | User's instant messenger; format of values of the field is not strictly required, you may use any string of characters according to your specific needs (e.g. ICQ: 123456789). |
| Phone number | User's phone number; the number may be entered in any format, no validation is applied. |
| Log activities | Indicates if the system logs on-line marketing activities for the user. |
| Waiting for approval | If checked, the user account is not active yet and is waiting for an administrator's approval. |
| Show welcome tile | Indicates whether the application dashboard displays the welcome tile that introduces the basics of the administration interface to new users. |
| Forum posts | Number of user's forum posts. |
| Forum comments | Number of user's forum comments. |
| Blog comments | Number of user's blog comments. |
| Message board posts | Number of user's message board posts. |
Custom Fields
Here you can edit the values of custom user fields. The custom fields can be defined in Modules -> Membership -> Classes -> User -> Fields.
Sites
Here you can specify the sites that the user can work with in the administration interface. To assign the user to a site, click Add sites, check the appropriate boxes in the displayed dialog and click Select.
The sites assigned here primarily limit access to the system's administration interface. This is intended to allow the separation of access privilege for content editors responsible for different websites.
If the Share user accounts on all sites setting is enabled in Settings -> Security & Membership, signing in on the live site is possible even for users who are not assigned to the given site.
Roles
Here you can manage the roles to which the edited user is assigned. Depending on the permissions available for individual roles, the user will be authorized to perform various actions on the website or in the administration interface. Refer to Role management for further information about roles.
Departments
Here you can specify the E-commerce departments in which the user is authorized to manage products.
Notifications
On this tab, you can see a list of all notification subscriptions of the currently edited user. You can Delete (
) subscriptions in the list, which unsubscribes the user from receiving notifications.
Categories
This tab displays a list of the user's custom categories. Categories are topic-related groups to which documents can be assigned. By clicking New category, you can create new categories.
Friends
On this tab, you can manage the currently edited user's friends.
Subscriptions
On this tab, you can manage the user's subscriptions to newsletters, blog posts (comment notifications), message boards, forums and reports.
Languages
On this tab, you can specify which cultural versions of documents can be edited by the user. You have the following options:
- User can edit all languages - if selected, the currently edited user can edit documents in all language versions of all sites in the system
- User can edit following languages - if selected, you can specify which language versions can be edited by the user by checking the check-boxes in the list of language versions; this can be set separately for each site in the system using the Select site drop-down list
Memberships
Here you can manage special types of website membership assigned to the edited user. Each membership represents a collection of roles. When a membership is assigned to a user, it automatically authorizes that user to perform any actions allowed for all contained roles. Refer to Membership management to learn more.