Creatio administration
This documentation is valid for Creatio version 7.16.0. We recommend using the newest version of Creatio documentation.

Managing users

Each Creatio user has a unique name and password to log in to the system. A user account is linked to a corresponding contact record and each contact record can only be linked to one user account.

To manage users in Creatio, use the [System users] section. User settings determine what operations users can perform, what data they can see and how they can work with these data.


By default, only system administrators have access to the [System users] section.

To access the [System users] section, click system_designer.png -> [System users] (Fig. 1).

Fig. 1 Accessing user management


The section has a usual structure, where each record corresponds to a Creatio user. One notable exception is that views in the section are used to switch between managing different types of administration units:

btn_users_and_roles_users.png [System users]

btn_users_org_roles.png [Organizational roles]

btn_users_func_roles.png [Functional roles]

Common data

Information on a user page is presented in the table below.


The field contains the name of the contact that this user will represent in the system. It is editable only when adding a new record.


You specify the system user type (company employee or portal user) when you add a new user record. The [Type] field on the user page is populated with the selected value automatically and remains grayed-out until you save the record. After you save the record and reopen the new user page, you will be able to edit the type.

Home page

Select the section that will open by default when a user logs in.


Select the checkbox to activate the user account. If the [Active] checkbox is cleared, then this user account cannot be used to log in to the system. The [Active] checkbox will be selected automatically if the [LDAP Authentication] option is selected. Learn more in the “Setting up LDAP integration” article.


The language of the user interface.

The [General information] tab

The tab contains data for user authentication.

Select the [Creatio authentication] option if the current user should not be synchronized with LDAP. The [Username] and [Password] fields will become editable.


The user’s login for authenticating in Creatio.


Password confirmation

Specify the password for authenticating in Creatio. The password entry is encrypted.

Password expiration date

The password expiration date is set automatically when a user changes the password. The date is calculated based on the “Password validity term, days” system setting by adding the specified number of days to the date when the password was last changed.

Reset password

Select the checkbox to force the resetting of a user's password. If the checkbox is selected, when logging in to the system for the next time, the user will be notified that the password is expired and must be changed. Once the password is changed, the checkbox will be automatically cleared.

Select the [LDAP authentication] option to synchronize the current user with an LDAP user. When this option is selected, only the [Username] field becomes editable. In this field, you need to select a value from the LDAP lookup containing the users that have not yet been synchronized with Creatio.

The [Roles] tab

The tab contains the list of functional roles that have been added manually and the list of organizational roles that the current user is included in. Read more in the “Organizational roles” and “Functional roles” articles.

The [Licenses] tab

The tab displays the list of Creatio licenses as well as the licenses available for users. Read more is available in the “License a user” article.

The [Rights delegation] tab

The tab contains the list of users, organizational structure elements and functional roles whose access permissions are delegated to the user.

Delegating access permissions can be used when you need to temporarily grant a user or a role the access permissions of some other user or role. For example, before going on vacation, a department manager can delegate their access permissions to one of the employees. To do this, open the required employee's page and add the user account or the role of the department manager to the [Rights delegation] detail.

More information is available in the “Delegate permissions” article.

The [Access rules] tab

The tab contains the range of IP addresses the user is allowed to use to access Creatio and the list of user sessions. On this tab, you can also set a session timeout for a specific user.


The tab settings are also available for organizational and functional roles.

Use the list of sessions to analyze the summary information about the number of hours spent in Creatio. You can also force the end of an active user session by clicking the [Finish session] button.


In Creatio, a session is a period of time between the login and logout events. Information on the detail cannot be edited and is based on the data about the exact time the users started and ended their sessions.

Session start

Shows the date and time when the user logged in to Creatio.

Session end

Displays the date and time when the session ended. A user can log out from Creatio by clicking the [Exit] button or by closing the browser window. When you click the [Exit] button, the current user session will terminate, and you will be redirected to the login page. When you close the browser window or when the Internet connection is lost, your session will terminate automatically (by default, the session timeout is 20 minutes).

User session timeout, min

Use this field to set up the individual timeout for a specific user if the user activities require a longer work session than it is specified by the general system timeout.


Setting up IP-based access rules involves editing the web.config file and activating the useIPRestriction parameter: useIPRestriction="true". Creatio cloud users need to contact technical support to make these changes.

In the [Operation permissions] section of the System Designer, open the [Ignore access check by IP address] operation and add users or user groups to the [Operation permission] detail. Clear the [Access level] checkbox for all users and user groups who are required to use IP-based access rules.


Add a system administrator user

Add a regular employee user

Import users from Excel

Assign a user role

License a user

Delegate permissions

System user (Supervisor)

See also

Organizational roles

Functional roles

Video tutorials

User and role management, access permissions

Did you find this information useful?

How can we improve it?