Managing Users

Creating a User

On the OneAccess administrator portal, you can create an organization for one user or create a user that belongs to multiple organizations.

If the created user belongs to multiple organizations, for example, organization A has the permission to access application C, organization B to application D, and the user has the permissions of both organizations A and B, the user can access applications C and D at the same time after logging in to the user center.

1. Log in to the administrator portal.
2. On the top navigation bar, choose Users > Organizations and Users.
3. On the Organizations and Users page, click the Users tab.
4. Click Create User and set basic user information by referring to Table 1.

   Table 1 Basic information

   Attribute	Description
   Username	You can determine whether this is mandatory by referring to Modifying User Attributes. If no username is specified, the system automatically generates a username. You can set the character and length by referring to Modifying User Attributes. The username of the new user cannot be the same as those of other users. The username is case insensitive.
   Organization	You can specify an organization to which the user to be added belongs. You can select one or more organizations. By default, the first selected organization is the main organization. For details about how to add an organization, see Adding an Organization. NOTE: If you select an organization in the organization tree on the left and then click Create User, the selected organization is the main organization by default. A user can have up to one primary and nine secondary organizations. You can click on the right of the username and select Change Organization. In the displayed dialog box, adjust the organization.
   Name	You can set whether this is mandatory and the length of the character string by referring to Modifying User Attributes.
   Cell phone number	You can set whether this is mandatory and the length of the character string by referring to Modifying User Attributes. This must be unique.
   Email	You can set whether this is mandatory by referring to Modifying User Attributes and the length of the character string. This must be unique.
   Area	Select the user's country or region. You can set whether this is mandatory by referring to Modifying User Attributes.
   City	Enter the city where the user is located. You can set whether this is mandatory and the length of the character string by referring to Modifying User Attributes.

   

   • The user can log in to the user portal using their username, mobile number, or email address.
   • If you manage the user's password, a password link will be sent to the email address or mobile number of the user.
   • If the user forgets the password, the user can reset it using the bound email address or mobile number.
   • Set a password for the user so that the user can log in to the user portal if no other login authentication mode is enabled.

5. To enable password login, click . Two ways are provided for login passwords for users:
   • Custom: You can customize the user login password.
     • If Reset password at first login is selected, users need to change the login password when logging in to the user portal for the first time.
     • If Reset password at first login is not selected, users do not need to change the login password when logging in to the user portal for the first time.
   • Automatic: A password is automatically generated. The system notifies the user of the initial password and the user must log in to the system within the validity period. If the initial password configuration is not enabled, configure it by referring to Password Initialization Settings.

6. If you want to add the work information of a user, click Enter more information on the Create User page and enter the work information by referring to Table 2.

   Table 2 Work information

   Information	Description
   Employee ID	Enter an employee ID. You can set whether the attribute is mandatory and the length of it by referring to Modifying User Attributes.
   Manager ID	Enter the immediate supervisor of the user. You can determine whether this is mandatory by referring to Modifying User Attributes.
   User Type	You can select the type, such as regular, intern, labor dispatch, and labor outsourcing.
   Hire Date	Set the enrollment time of a user. Specify whether this is mandatory and the time range by referring to Modifying User Attributes.
   Work Place	Set the working location of a user. Specify whether this is mandatory and the character length by referring to Modifying User Attributes.

   

   User information includes basic and work attributes. Set attributes on the User Attributes page. For details, see User Attributes.

7. Click OK.

Viewing User Details

In the user list, click a user to view its basic information, user groups, applications, and audit logs.

• Basic information

  Basic and extended attributes of the user.

• User groups
  • Information about the user groups to which the user belongs, including user group names, organization paths, and applications that the user has been authorized to access.
  • To add the user to more user groups, click Select Groups. For details, see Adding a User to One or More User Groups. If user group-based automatic authorization is enabled for an application, the user added to an authorized user group will be synced to the application. For details, see Configuring Authorization Policies for Application Accounts.
  • To remove the user from a user group, click Delete in the Operation column of the row that contains the group.

    If user group-based automatic authorization is enabled for an application, the user deleted in an authorized user group will be synced to the application. For details, see Configuring Authorization Policies for Application Accounts.

• Applications
  • Applications that the user has permission to use, including the logo, application name, and application account.
  • To grant the user access to more applications, click Authorize in the upper right. For details, see Granting Application Access to a User.
  • If application-side permission is enabled for an application, click Application Roles/Permissions in the Operation column to grant permissions to the user. The method of granting permissions is similar to that of granting permissions to an application account. For details, see Application Roles and Permissions. For details about how to configure permissions on the application side, see Application Permission Management.
  • To cancel application access of the user, click Delete in the Operation column of the row that contains the application.
• Audit logs

  Audit logs record the operations of enterprise administrators and the user.

  • Administrator logs

    Administrators' operations on the user, such as changing the password and authorizing application access. Set filter conditions to view desired logs.

  • User logs

    The user's operations (SSO login and logout) in the user portal and access to applications. Set filter conditions to view desired logs.

Modifying User Information

1. In the user list, move the cursor to the status bar on the right of the username and click . The Modify User dialog box is displayed.
2. Modify the basic information and additional details about a user. For example, whether the user belongs to one or more organizations.

   

3. Click OK.

Granting Application Access to a User

1. In the user list, move the cursor to the status bar on the right of the username and click . The Applications tab page is displayed. For details about how to add an application, see Integrating Enterprise Applications.

   

2. On the Applications tab page of the user details page, click Authorize.
3. Select the applications you want to authorize the user to access, and click Save. In the list of selected applications, set account names. To set other account attributes, click the application name. By default, the username is used as the application account name. For details about how to grant permissions to users in an application, see Authorization Management.

Changing the Organization of a User

By adjusting the organization:

• You can change the organization to which a user belongs.
• You can change a user that belongs to only one organization to multiple organizations.
• You can change a user that belongs to multiple organizations to just one.

1. In the user list, move the cursor to the status bar of the target user, click , and select Change Organization.
2. In the displayed dialog box, select a target organization. You can select one or more organizations. By default, the first selected organization is the main organization. If there are multiple organizations, you can click Set as home next to the target organization to set it as the main organization.

   

3. Click OK.
   

   If you have enabled automatic user authorization for an application, changing the organization of a user will change the user's access to the application. For details, see Configuring Authorization Policies for Application Accounts.

Adding a User to One or More User Groups

1. In the user list, click in the row that contains the target user and click Add to User Groups. The User Groups tab page is displayed.

   

2. On the user details page, click Select Groups.
3. Select user groups to which the user will belong, and click Save. To remove the user from a user group, click Delete in the Operation column of the row that contains the group.

Managing User Password

The password can be customized or automatically generated. You can change and reset the user password as needed. For details about how to set the password, see Managing Password Policies.

• Custom
  1. In the user list, click in the row that contains the target user and select Set Password.
  2. Select a password generation mode. The default is Set now. You can enter a custom password for user login.
     • By default, Rest password at first login is selected. When a user uses a new password to log in to the user portal for the first time, the user is required to change the password.
     • If Rest password at first login is not selected, the user does not need to change the password for the first login with the new password.

     

  3. Click Save. The user password management is complete.
• Automatically generated
  1. In the user list, click in the row that contains the target user and select Set Password.
  2. Select Automatically generated for Password Type.

     

  3. Select a notification method and language. Users will receive SMS or email notifications about password resetting based on the notification method you select, and use the new password to log in to the user portal.
     

     • After the password is reset, the user is required to change the password when logging in to the user portal for the first time. For details about the password requirements, see Managing Password Policies.
     • If you want to notify users by email, configure the email gateway. For details, see Email Gateway.
  4. Click Save. The user password management is complete.

Deleting a User

1. In the user list, click next to a user and click Delete.
2. Click OK.
   

   Deleted users can no longer access the user portal. To add them back, see Creating a User.

Deactivating a User

Deactivated users can no longer access the user portal. Exercise caution when performing this operation.

1. In the user list, click in the Status column of the row that contains the target user. By default, new users are active.

   

2. Click OK.

Activating a User

1. In the user list, click in the Status column of the target user.

   

2. Click OK.