User Management
- John Bosco
- Megan Sproul
- Will Rensmith
Overview
User accounts in nVIRO are managed by internal administrators that have the appropriate roles/permissions. Many user-management functions are the same for all types of users, but there are some that only apply to internal users and others that only apply to external users. These differences are noted throughout the text, where applicable.
To access the user-management area, navigate to Admin > Users.
Adding Users to the System
External user accounts are created through self-registration, as described in Creating and Managing External Users.
Internal user accounts are created by internal users with the appropriate administrative permissions, as described in Creating and Managing Internal Users.
User Security
The pages that a user can see and the actions they can take on those pages are dependent upon the user's security level. For external users, the base security level allows access to a fixed set of system pages appropriate to the tasks that external users need to perform within the system. Once an external user is associated with a site, the user can then access additional pages and functionality specific to that site (or sites, if associated with more than one site).
For internal users, the security level is primarily a function of the security groups of which that user is a member. These are assigned via the Security Groups field on the User Details page. All internal users should belong to the nVIRO User security group, as this provides basic view capability within the system. Users can then be added to other security groups, according to the functions they need to perform in the system. As with any multi-user system, users should be granted the minimum permissions necessary to perform their jobs, with additional permissions only added as needed and after proper review and authorization by security admins.
Each security group is defined by a number of permissions (or roles); these roles are configurable, but great care should be taken when modifying security groups, as misconfiguration can cause undesired effects and can create security vulnerabilities. For details about the configuration of security groups themselves, see the Security Groups help topic.
Users List Page
The Users List page can be used to search for any user account in the system. Filters at the top of each column allow you to quickly filter the displayed list of users by a number of criteria, including login name, account type (internal or external), and current account status.
Because there is a limit to the number of users that can be displayed in the list at one time, searching for a user by using the filter columns alone might not return a matching result. In such cases, you can use the Search panel available via the dropdown control above the user list:
This will search all of the user accounts in the system and will display a result list matching the specified criteria. Note that, if broad search criteria are used, the resulting search results might be too large to fully display in the results list. In such cases, an alert message is displayed at the top of the page, prompting you to narrow your search criteria.
The Status column in the search result list will display if the user is Active or Inactive. In addition, the status may indicate Locked if the user has been locked out of their account due to too many failed log-in attempts. The status field can also indicate Unverified if the external user never clicked the verification link that was emailed to the user's log email address.
When you have located the account you want to view or edit, clicking the corresponding Open button will open the User Details page, where the account can be managed.
User Details Page
User account details can be viewed and edited on the User Details page, which consists of four tabs: Details, Documents, Sites, and Audit History.
Details Tab
Most of the work of configuring a user account is done on the Details tab, which contains the following fields and controls:
Name | Description |
First Name | User's first name. |
Last Name | User's last name. |
Title | User's title. |
Display Name | Name used for display in dropdown boxes throughout nVIRO. |
Org./Company Name | User's organization or company name. |
Phone Number | User's phone number. |
Extension | Extension for user’s phone number. |
Account Settings | |
Email Address | User's email address. Must be unique. Updating a user’s email address will trigger a notification to both the old and new email addresses that their email address has been changed. |
Username
| User's login name. For Active Directory implementations, this must be the user's domain credential. For example, DOMAIN\User or user@domain.gov |
Notification Delivery Preference | Indicates whether the user prefers to get notifications only via the nVIRO User Notifications screen, or whether the user would also like to receive notifications via email. |
Account Type | Internal or External. Cannot be changed. |
Default Program Area | Specifies a default program area for an internal user. This is currently used on document generation where the default program area is specified in a document template. |
Default District | Specifies a default district for an internal user. This is currently used on document generation where the default district is specified in a document template. |
Security Groups | Lists the security groups to which the user belongs. |
Workgroups | Applies to internal users only. Lists the workgroups to which the user belongs. |
Signature Image | Signature image upload control. Uploaded signature images may be included in generated documents or applied to finalized PDFs. See Document Template Signature Images.
|
Certifier Agreement Received and Identity Verified | Applies to external users only. Indicates whether this user has been verified as a certifier. A certifier is a user whose identity has been verified outside of the system (e.g., via a notarized hardcopy document with a wet ink signature) and who is authorized to electronically sign and submit certain documents on behalf of a facility. |
Sidebar | |
Status | Indicates whether the user account is active or inactive. An email can be configured to be sent when this is toggled. |
Reset Security Questions | Resets a user's security questions if they have been forgotten. An email can be configured to be sent when questions are reset. |
User Edit History | Displays when the user account was created and last updated, and when the account last logged in. |
View History | Opens the User Edit History page, which displays a history of changes that have been made to the user’s account. |
Granting Users Permissions via Security Groups
Security groups are the basic structure through which the nVIRO system manages internal users' ability to access resources and edit data. Users must belong to at least one security group containing basic system roles in order to access screens and data within the system. See Security Groups for more information about security groups and roles.
To add a user to a security group:
Click the Add Security Group dropdown. A list of security groups is displayed.
Scroll to find the security group that you wish to add the user to.
Click the security group name to add the user to the security group.
To add the user to another security group, repeat the steps above.
Registered External Users are provided system access via the Registered External User role. This is typically configured under the Registered External User security group and is required for all external users. Removing the Registered External User security group from the user account will result in removing the user’s system access.
Associating Users with Workgroups (Internal Users only)
Internal users may be associated with one or more workgroups. Workgroups are sets of users who work together and perform common business functions. Many of the detail pages in nVIRO allow the assignment of an item (such as a Submission) to a workgroup and a user. See Workgroup Administration for more information about workgroups.
To add a user to a workgroup:
Click the Add Workgroup dropdown. A list of workgroups is displayed.
Scroll to find the workgroup that you wish to add the user to.
Click the workgroup name to add the user to the workgroup.
To add the user to another workgroup, repeat the steps above.
Users may also be added to a workgroup via the workgroup administration screens. See Workgroup Administration
Prevent external user from editing names if a certifier agreement has been received (External Users Only)
Upon receipt of the Certifier Agreement, an Internal User will navigate to the External User’s details (Admin->Users) and select the checkbox “Certifier Agreement Received and Approved.”
If a user has had a signature agreement received, the first, last, and display names are read only on the user profile. A message is displayed that they must contact support if they wish to change their name.
In the situation where a user has changed their name, the certifier signature agreement is no longer valid, and a new certifier agreement is needed. Certification must be revoked by an internal user before allowing the name to be updated. (By unchecking the Certifier Agreement Received box on the User Details.)
Preferences Tab
Default Program Areas (Internal Users Only) - Assigning a user to one or more default program areas will automatically filter search and list pages for their assigned program areas. This provides a convenience for agency users by only showing the information relevant to their program areas by default.
Notification Delivery Preferences – indicates whether notifications are delivered either in the system only (under the Mail charm on the application header), or both in the system and via email.
Documents Tab
The Documents tab can be used to upload and store documents associated with the user. For example, in order to be verified as a valid Certifier for a site, a user may be required to mail in a hard-copy document with a wet ink signature. This document could then be scanned and uploaded to the user's Documents tab for future reference.
Sites Tab
For external users, the Sites tab displays the sites with which the user is affiliated. By clicking the Open button for a site in the list, an agency administrator can navigate to the Edit User's Site Role page for the given site. On this page, the administrator can change the user's account role (Administrator, Editor, or Viewer) or status (Active or Inactive) for that site.
Users can also add sites in bulk based on another user’s site assignments by clicking the Add Sites from Another User button.
First, the user from which to select site(s) is selected from the dropdown. System displays a list of all related sites.
Next, one or more sites are selected by checking the box and clicking Add. Newly added sites are then displayed.
Audit History Tab
Displays a history of the changes the user has made throughout the system.
On this page
Related Content