User Management
Overview
User accounts in nVIRO are managed by internal administrators with the appropriate roles and permissions. Many user management functions are the same for all types of users, but there are some that apply only to internal or external users. These differences are noted below, where applicable.
To access the user management area, navigate to Admin > Users.
Adding Users to nVIRO
External user accounts are created through self-registration, as described in Creating and Managing External Users.
Internal user accounts are created by internal users with the appropriate administrative permissions, as described in Creating and Managing Internal Users.
User Security
The pages that a user can access and the actions they can perform depend on the user’s security level. For external users, the base security level allows access to a fixed set of system pages needed to perform their tasks. Once an external user is associated with a site, they can then access additional pages and functionality specific to that site.
The security level of internal users is determined by the security groups they belong to. These are assigned via the Security Groups field on the User Details page. All internal users should belong to the nVIRO User security group, which provides basic view access within the system. Users can then be added to other security groups based on the tasks they need to perform. As with any multiuser system, users should be granted the minimum permissions necessary to perform their tasks, with additional permissions only added as needed and after proper review and authorization by security administrators.
Each security group has a unique set of permissions and roles. These roles are configurable, but great care should be taken when modifying security groups, as misconfiguration can cause undesired effects and create security vulnerabilities. For more information about the configuration of security groups, see the Security Groups page.
Users List Page
The Users List page can be used to search for any user account in the system. Filters at the top of each column allow for quick filtering of the user list by criteria such as login name, account type, and account status.
Because there is a limit to the number of users that the list can display at one time, searching using the filters alone may not return a matching result. In such cases, the search panel—accessible via the dropdown control above the user list—can be used. This searches all user accounts in the system and displays results that match the specified criteria.
Use specific search criteria when possible. If the criteria are too broad, the search results may be too large to display. In such cases, an alert appears at the top of the page suggesting a narrower search.
The Status column in the search results indicates if a user is active or inactive. A locked status indicates that the user has been locked out of their account due to too many failed login attempts. An unverified status indicates that the user never clicked the verification link that was emailed to them.
Upon locating the correct user, click the Open button to view the User Details page, where the account can be managed.
User Details Page
The User Details page has five tabs: Details, Preferences, Documents, Sites, and Audit History.
Details Tab
Most user account configuration is done on the Details tab, which contains the following fields and controls.
Field | Description | Notes |
First Name | User’s first name. |
|
Last Name | User’s last name. |
|
Title | User’s title. |
|
Display Name | Name used for display in dropdown boxes throughout nVIRO. |
|
Organization or Company Name | User’s organization or company name. |
|
Phone Number | User’s phone number. |
|
Extension | Extension for user’s phone number. |
|
Account Settings |
| |
Email Address | User’s email address. | Must be unique. If built-in authentication (not a third-party authentication provider) is configured, the user’s username is the same as their email address. Updating the user’s email address will also update their username. Updating a user’s email address will trigger a notification to both the old and new email addresses that their email address has been changed. |
Username
| User’s login name. | For Active Directory implementations, this must be the user’s domain credential, for example, DOMAIN\User or user@domain.gov. |
Account Type | Internal or external. | This field cannot be changed. |
Default District | The default district for an internal user. | This is currently used for document generation, where the default district is specified in a document template. |
Security Groups | The security groups to which the user belongs. |
|
Workgroups | The workgroups to which the user belongs. | Applies to internal users only. |
Signature Image | Signature image upload control. | Uploaded signature images may be included in generated documents or applied to finalized PDFs. For more information, see the Document Template Signature Images page. Permissions for uploading signatures is controlled by the USERS.SIGN_UPLOAD_MODE configuration setting:
|
Certifier Agreement Received and Identity Verified | Indicates whether a user has been verified as a certifier. | Applies to external users only. A certifier is a user whose identity has been verified outside the system, such as through a notarized hard copy of a document with a wet ink signature, and who is authorized to electronically sign and submit certain documents on behalf of a facility. |
Sidebar |
| |
Status | Active or inactive. | An email can be configured to be sent when the account status is changed. |
Reset Security Questions | Resets a user’s security questions if they have forgotten them. | An email can be configured to be sent when these questions are reset. |
User Edit History | When the user account was created and last updated, and when the user last logged in. |
|
View History | Opens the User Edit History page, which displays a history of changes that have been made to the user’s account. |
|
Granting Users Permissions via Security Groups
Security groups are the basic structure through which the nVIRO system manages internal users’ ability to access resources and edit data. Users must belong to at least one security group containing basic system roles to access pages and data within the system. For more information about security groups and roles, see the Security Groups page.
To add a user to a security group:
Click the Add Security Group dropdown menu.
Scroll to find the security group that you wish to add the user to.
Click the security group name to add the user to the security group.
To add the user to another security group, repeat the steps above.
External users are provided system access via the Registered External User role. This is typically configured under the Registered External User security group and is required for all external users. Removing the Registered External User security group from the user account will remove the user’s system access.
Associating Users with Workgroups (Internal Users Only)
Internal users may be associated with one or more workgroups. Workgroups are sets of users who work together and perform similar business functions. Many of the detail pages in nVIRO allow the assignment of an item, such as a submission, to a workgroup and a user. For more information about workgroups, see the Workgroup Administration page.
To add a user to a workgroup:
Click the Add Workgroup dropdown menu.
Scroll to find the workgroup that you wish to add the user to.
Click the workgroup name to add the user to the workgroup.
To add the user to another workgroup, repeat the steps above.
Users may also be added to a workgroup via workgroup administration pages.
Approving Certifier Agreements and Locking Name Fields for Certifiers (Internal Users Only)
After receiving a certifier agreement from an external user, navigate to the user’s details and select the Certifier Agreement Received and Approved checkbox.
If a user has a certifier agreement on file, the first name, last name, and display name fields are read-only on their user profile. A message is displayed instructing the user to contact an administrator to request a name change.
If a user has changed their name, their certifier agreement is no longer valid, and a new one is needed. Certification must be revoked by an internal user before the name can be updated. This can be done by clearing the Certifier Agreement Received and Approved checkbox on the User Details page.
Preferences Tab
The Preferences tab includes two fields:
Default Program Areas (Internal Users Only): Assigning a user to one or more default program areas automatically filters search and list pages to display only information relevant to those areas. This streamlines access for agency users by displaying relevant content by default.
Notification Delivery Preference: This field indicates whether a user prefers notifications delivered in the system only or both in the system and via email.
Documents Tab
The Documents tab can be used to upload and store documents associated with a user. For example, to be verified as a certifier for a site, a user may be required to mail in a hard copy of a document with a wet ink signature. This document could then be scanned and uploaded to the user’s Documents tab for future reference.
Sites Tab
The Sites tab displays the sites with which an external user is affiliated. By clicking the Open button for a site, an agency administrator can navigate to the site’s Edit User’s Site Role page. On this page, the administrator can change the user’s role or status for that site.
Users can also bulk add sites based on another user’s site assignments:
Click the Add Sites From Another User button.
Select the user from which to select sites from the dropdown menu. A list of all sites related to that user appears.
Select one or more sites from the list and click the Add button.
Audit History Tab
The Audit History tab displays a history of the changes the user has made throughout the system.
On this page
Related Content