Each bpm’online user has a unique name and password to log in to the system. A user account is linked to a corresponding contact record and each contact record can only be linked to one user account.
To manage users in bpm’online, use the [System users] section. User settings determine what operations users can perform, what data they can see and how they can work with these data.
Note
By default, only system administrators have access to the [System users] section.
To access the [System users] section, click -> [System users] (Fig. 1).
The section has a usual structure, where each record corresponds to a bpm’online user. One notable exception is that views in the section are used to switch between managing different types of administration units:
[System users]
Common data
Information on a user page is presented in the table below.
Contact | The field contains the name of the contact that this user will represent in the system. It is editable only when adding a new record. |
Type | You specify the system user type (company employee or portal user) when you add a new user record. The [Type] field on the user page is populated with the selected value automatically and remains grayed-out until you save the record. After you save the record and reopen the new user page, you will be able to edit the type. |
Home page | Select the section that will open by default when a user logs in. |
Active | Select the checkbox to activate the user account. If the [Active] checkbox is cleared, then this user account cannot be used to log in to the system. The [Active] checkbox will be selected automatically if the [LDAP Authentication] option is selected. Learn more in the “Setting up LDAP integration” article. |
Culture | The language of the user interface. |
The [General information] tab
The tab contains data for user authentication.
Select the [bpm’online authentication] option if the current user should not be synchronized with LDAP. The [Username] and [Password] fields will become editable.
Username | The user’s login for authenticating in bpm’online. |
Password, Password confirmation | Specify the password for authenticating in bpm’online. The password entry is encrypted. |
Password expiration date | The password expiration date is set automatically when a user changes the password. The date is calculated based on the “Password validity term, days” system setting by adding the specified number of days to the date when the password was last changed. |
Reset password | Select the checkbox to force the resetting of a user's password. If the checkbox is selected, when logging in to the system for the next time, the user will be notified that the password is expired and must be changed. Once the password is changed, the checkbox will be automatically cleared. |
Select the [LDAP authentication] option to synchronize the current user with an LDAP user. When this option is selected, only the [Username] field becomes editable. In this field, you need to select a value from the LDAP lookup containing the users that have not yet been synchronized with bpm’online.
The [Roles] tab
The tab contains the list of functional roles that have been added manually and the list of organizational roles that the current user is included in. Read more in the “Organizational roles” and “Functional roles” articles.
The [Licenses] tab
The tab displays the list of bpm’online licenses as well as the licenses available for users. Read more is available in the “License a user” article.
The [Rights delegation] tab
The tab contains the list of users, organizational structure elements and functional roles whose access permissions are delegated to the user.
Delegating access permissions can be used when you need to temporarily grant a user or a role the access permissions of some other user or role. For example, before going on vacation, a department manager can delegate their access permissions to one of the employees. To do this, open the required employee's page and add the user account or the role of the department manager to the [Rights delegation] detail.
More information is available in the “Delegate permissions” article.
The [Access rules] tab
The tab contains the range of IP addresses the user is allowed to use to access bpm’online and the list of user sessions. On this tab, you can also set a session timeout for a specific user.
Note
The tab settings are also available for organizational and functional roles.
Use the list of sessions to analyze the summary information about the number of hours spent in bpm’online. You can also force the end of an active user session by clicking the [Finish session] button.
NOTE
In bpm’online, a session is a period of time between the login and logout events. Information on the detail cannot be edited and is based on the data about the exact time the users started and ended their sessions.
Session start | Shows the date and time when the user logged in to bpm’online. |
Session end | Displays the date and time when the session ended. A user can log out from bpm’online by clicking the [Exit] button or by closing the browser window. When you click the [Exit] button, the current user session will terminate, and you will be redirected to the login page. When you close the browser window or when the Internet connection is lost, your session will terminate automatically (by default, the session timeout is 20 minutes). |
User session timeout, min | Use this field to set up the individual timeout for a specific user if the user activities require a longer work session than it is specified by the general system timeout. |
Attention
Setting up IP-based access rules involves editing the web.config file and activating the useIPRestriction parameter: useIPRestriction="true". bpm’online cloud users need to contact technical support to make these changes.
In the [Operation permissions] section of the System Designer, open the [Ignore access check by IP address] operation and add users or user groups to the [Operation permission] detail. Clear the [Access level] checkbox for all users and user groups who are required to use IP-based access rules.
Contents
•Add a system administrator user
See also
Video tutorials