User Management

Owned by John Bosco
Last updated: May 09, 2024 by Megan Sproul
8 min read

Overview

User accounts in nVIRO are managed by internal administrators that have the appropriate roles/permissions. Many user-management functions are the same for all types of users, but there are some that only apply to internal users and others that only apply to external users. These differences are noted throughout the text, where applicable.

To access the user-management area, navigate to Admin > Users

Adding Users to the System

  • External user accounts are created through self-registration, as described in Creating External Users.

  • Internal user accounts are created by internal users with the appropriate administrative permissions, as described in Creating Internal Users.

User Security

The pages that a user can see and the actions they can take on those pages are dependent upon the user's security level. For external users, the base security level allows access to a fixed set of system pages appropriate to the tasks that external users need to perform within the system. Once an external user is associated with a site, the user can then access additional pages and functionality specific to that site (or sites, if associated with more than one site). 

For internal users, the security level is primarily a function of the security groups of which that user is a member. These are assigned via the Security Groups field on the User Details page. All internal users should belong to the nVIRO User security group, as this provides basic view capability within the system. Users can then be added to other security groups, according to the functions they need to perform in the system. As with any multi-user system, users should be granted the minimum permissions necessary to perform their jobs, with additional permissions only added as needed and after proper review and authorization by security admins.

Each security group is defined by a number of permissions (or roles); these roles are configurable, but great care should be taken when modifying security groups, as misconfiguration can cause undesired effects and can create security vulnerabilities. For details about configuration of security groups themselves, see the Security Groups help topic. 

Users Page

The Users page can be used to search for any user account in the system. Filters at the top of each column allow you to quickly filter the displayed list of users by a number of criteria, including login name, account type (internal or external), and current account status.

Because there is a limit to the number of users that can be displayed in the list at one time, searching for a user by using the filter columns alone might not return a matching result. In such cases, you can use the Search panel available via the dropdown control above the user list:

This will search all of the user accounts in the system and will display a result list matching the specified criteria. Note that, if broad search criteria are used, the resulting search results might be too large to fully display in the results list. In such cases, an alert message is displayed at the top of the page, prompting you to narrow your search criteria.

The Status column in the search result list will display if the user is Active or Inactive. In addition, the status may indicate Locked if the user has been locked out of their account due to too many failed log-in attempts. The status field can also indicate Unverified if the external user never clicked the verification link that was emailed to the user's log email address.

When you have located the account you want to view or edit, clicking the corresponding Open button will open the User Details page, where the account can be managed.

User Details Page

User account details can be viewed and edited on the User Details page, which consists of four tabs: DetailsDocumentsSites, and Audit History.

Details Tab

Most of the work of configuring a user account is done on the Details tab, which contains the following fields and controls:

Name

Description

First Name

User's first name.

Last Name

User's last name.

Title

User's title.

Display Name

Name used for display in dropdown boxes throughout nVIRO.

Org./Company Name

User's organization or company name.

Phone Number

User's phone number.

Extension

Extension for user’s phone number.

Account Settings

Email Address

User's email address. Must be unique.

If built-in authentication (not a third-party authentication provider) is configured, external user's username is the same as their email address. Updating the external user’s email address will also update their username.

Updating a user’s email address will trigger a notification to both the old and new email address that their email address has been changed.

Username

 

User's login name.

For Active Directory implementations, this must be the user's domain credential. For example, DOMAIN\User or user@domain.gov

Notification Delivery Preference

Indicates whether the user prefers to get notifications only via the nVIRO User Notifications screen, or whether the user would also like to receive notifications via email.

Account Type

Internal or External. Cannot be changed.

Default Program Area

Specifies a default program area for an internal user.

This is currently used on document generation where the default program area is specified in a document template.

Default District

Specifies a default district for an internal user.

This is currently used on document generation where the default district is specified in a document template.

Security Groups

Lists the security groups to which the user belongs.

Workgroups

Applies to internal users only. Lists the workgroups to which the user belongs.

Signature Image

Signature image upload control. Uploaded signature images may be included in generated documents or applied to finalized PDFs. See Document Template Signature Images.
Varying permissions for uploading of signatures is controlled by the configuration setting of USERS.SIGN_UPLOAD_MODE:

  • "NONE" - Signature upload is not supported.

  • "PROFILE_ONLY" - Self-managed on users own profile.

  • "USER_DTL_ONLY" - Administrator managed.

  • "USER_DTL_NOT_MINE" - Administrator managed, but administrator cannot manage their own.

  • "ALL" - Administrator managed + self managed.

Certifier Agreement Received and Identity Verified

Applies to external users only. Indicates whether this user has been verified as a certifier. A certifier is a user whose identity has been verified outside of the system (e.g., via a notarized hardcopy document with a wet ink signature) and who is authorized to electronically sign and submit certain documents on behalf of a facility.

Sidebar

Status

Indicates whether the user account is active or inactive. An email can be configured to be sent when this is toggled.

Reset Security Questions

Resets a user's security questions if they have been forgotten. An email can be configured to be sent when questions are reset.

User Edit History

Displays when the user account was created and last updated, and when the account last logged in.

View History

Opens the User Edit History page, which displays a history of changes that have been made to the user’s account.

Granting Users Permissions via Security Groups

Security groups are the basic structure through which the nVIRO system manages internal users' ability to access resources and edit data. Users must belong to at least one security group containing basic system roles in order to access screens and data within the system. See Security Groups for more information about security groups and roles.

To add a user to a security group:

  1. Click the Add Security Group dropdown. A list of security groups is displayed.

  2. Scroll to find the security group that you wish to add the user to.

  3. Click the security group name to add the user to the security group.

  4. To add the user to another security group, repeat the steps above.

Registered External Users are provided system access via the Registered External User role. This is typically configured under the Registered External User security group and is required for all external users. Removing the Registered External User security group from the user account will result in removing the user’s system access.

Associating Users with Workgroups (Internal Users only)

Internal users may be associated with one or more workgroups. Workgroups are sets of users who work together and perform common business functions. Many of the detail pages in nVIRO allow the assignment of an item (such as a Submission) to a workgroup and a user. See Workgroup Administration for more information about workgroups.

To add a user to a workgroup:

  1. Click the Add Workgroup dropdown. A list of workgroups is displayed.

  2. Scroll to find the workgroup that you wish to add the user to.

  3. Click the workgroup name to add the user to the workgroup.

  4. To add the user to another workgroup, repeat the steps above.

Users may also be added to a workgroup via the workgroup administration screens. See Workgroup Administration

Prevent external user from editing name if a certifier agreement has been received

Upon receipt of the Certifier Agreement, an Internal User will navigate to the External User’s details (Admin->Users) and select the checkbox “Certifier Agreement Received and Approved.”

image-20240509-001444.png

If a user has had a signature agreement received the first, last, and display name are read only on the user profile. A message is displayed that they must contact support if they wish to change their name.

In the situation where a user has changed their name, the certifier signature agreement is no longer valid, and a new certifier agreement is needed. Certification must be revoked by an internal user before allowing the name to be updated. (By unchecking the Certifier Agreement Received box on the User Details.)

Preferences Tab

The Preferences tab can be used to affiliate a user to a Default Program Areas (used as defaults for record searches) – multiple program areas can be associated with a single user. Additionally, Notification Delivery Preferences can be configured, where notifications are delivered either in the system only, or both in the system and via email.

Documents Tab

The Documents tab can be used to upload and store documents associated with the user. For example, in order to be verified as a valid Certifier for a site, a user may be required to mail in a hard-copy document with a wet ink signature. This document could then be scanned and uploaded to the user's Documents tab for future reference.

Sites Tab

For external users, the Sites tab displays the sites with which the user is affiliated. By clicking the Open button for a site in the list, an agency administrator can navigate to the Edit User's Site Role page for the given site. On this page, the administrator can change the user's account role (Administrator, Editor, or Viewer) or status (Active or Inactive) for that site.

Audit History Tab

Displays a history of the changes the user has made throughout the system. 

On this page

 

Related Content