Assigning security credentials and staff access
System administrators (SysAdmin) can grant access to certain areas of content for different users. System administrators are super users with access to everything in the system, including the following:
- Assign logon credentials and user type (Public or Full)
- Add roles and groups
- Assign access for staff users
- Assign the System Administrator role to other users
- Disable user accounts
Note
Staff users do not have the access levels and permissions necessary to assign staff access. See Overview of security throughout iMIS for more information.
To perform any of the above, navigate directly to the contact’s account page, then click the Security tab. Alternatively, go to Community > Security > Users and search for the desired user.
User credentials
If the contact listed in the Contact information area is not an iMIS user, the fields in the User credentials area are empty. Click the red icon (X) to delete or change the username.
The following fields appear in the User credentials area:
- Logon – Displays this authentication record's logon name (user name). No user selected displays when the authentication record is not linked to a user record. Click the add icon (+) to create user logon credentials.
- Password/Confirm password – Input fields for changing an existing password. By default, passwords must contain at least seven characters with at least one numeric character and at least one alphabetic character.
Note
iMIS provides enhanced password hashing to secure all user login passwords. This enhanced password security complies with PCI 3.2 guidelines.
- Email – When you create a new authentication record, if the iMIS contact record includes an email address, iMIS populates the Create User Logon window with that address. However, the value that is displayed in this area of the Users window is always the value that is stored in the ASP.NET authentication store.
- Locked out – Indicates whether this authentication record is temporarily blocked from gaining access to iMIS. By default, iMIS locks out an authentication record after five failed attempts to log on.
- User Class – Specifies the license to apply to this user, which controls all subsequent authorization.
- Password Reset – System administrators can send the user an email with a link to reset their password. At least one active public site with Everyone Full Control access is required to use this feature. For more information, see Resetting passwords.
Note
Only those contacts with the user class of Full staff user or Casual staff user are able to see the Staff Access areas. Only Full staff users can be assigned to the On behalf of role.
User information
NoteStaff users do not have access to update any of the areas under User information.
The User information area displays after user credentials are entered.
The following fields are displayed in the User information area:
-
Disabled – Select this option if you do not want the selected user account to be used immediately.
-
Effective date – Enter the date when these credentials become valid.
-
Expiration date – In iMIS, the Expiration date for an account is a rolling date based on the last login (sign-in) date. By default, the expiration date is five years from the last login date, and this date is reset after every login.
Changing the Expiration dateDo the following to configure the account expiration date based on the last login date:
-
Go to Settings > Contacts > Account Management.
-
Specify a new value in the Default expiration date, in years from last login field. Whenever a user signs in, their account expiration date is reset to that login date plus the number of years specified in the Default expiration date, in years from last login field. For example, if this value is 3, and a user signs in on January 1, 2018, their account expiration date is set to January 1, 2021.
NoteThe value entered into the Default expiration date, in years from last login field must be greater than 0.
-