User Management

Owned by Former user (Deleted)
Last updated: Jan 24, 2018 by Persia Xenopoulou (Deactivated)
18 min read

On this page

Overview

CRM.COM accounts are created and administered from the user management module.  User management defines the authentication policies necessary for system access and maintenance.

User management functionality 

  • Create user accounts to access CRM.COM through the user interface or Web API.
  • Create super user accounts with unrestricted access.
  • Create developer accounts with access to development tools.
  • Create multiple user accounts simultaneously by using templates.
  • Generate unique web keys for accounts accessing the system through Web API.
  • Import user accounts from Active Directory (AD).
  • Set password expiration policies and remind users to renew their passwords.
  • Limit user access to predefined IP addresses.
  • Block access after multiple failed login attempts.

Setting Up User Management

Foundation > User Management

User authentication settings

User authentication settings define policies regarding user credentials, login authorization and authentication. 

Unless the policies define otherwise, the settings apply to all user accounts.

All fields are mandatory.

If user authentication settings are not configured, only super users can access the system.


User authentication settings fields

The table describes the sections of the User Authentication Settings Data Entry page and explains how the fields in the page are used.

 Mandatory   Configurable

Password Policy

A set of criteria that user passwords must comply with:

  • Minimum Length
  • Minimum Number of Alphabetical Characters (a-z)
  • Minimum Number of Integers (0-9)
  • Minimum Number of Other Characters (Special Characters)
  • Validity

Valid for a Specific Number of Days: Default for all users. Enter a value to set the period.

Always Valid (passwords do not expire)

Exceptions: Add users whose passwords will always be valid.

Username Policy

A set of criteria that usernames must comply with:

  • Minimum Length
  • Minimum Number of Alphabetical Characters (a-z)
  • Minimum Number of Integers (0-9)
  • Minimum Number of Other Characters (Special Characters)

Authentication Policy

Active Directory/LDAP (AD/LDAP)

Use Active Directory/LDAP Authentication: Enable to import users from AD/LDAP and use their credentials during the authentication process.

Supply the following Active Directory (AD) server information:

  • Server Type: Select AD/LDAP
  • Domain
  • Port
  • Hostname: The system where the directory is installed.
  • Use SSL
  • Password Ageing Warning (in Days): Define how many days in advance CRM.COM should warn users regarding AD password expiration.
  • Username and Password must be valid and belong to a user who is authorized to connect to the AD Server.
  • Search Base: The location where the search should be done in the AD/LDAP Directory.  

Invalid Authentication Policy

Define the policy for handling invalid user authentication attempts.   The user must log in again for changes to take effect. 

  • Invalid Login Attempts: Maximum number of user attempts, allowed within a defined period.
  • Period Within X Minutes: If the maximum number of invalid login attempts is registered   within the supplied value (minutes) the users will be locked-out.
  • Lock-out Time After Invalid Login Attempts (in Minutes): The time that must pass before the user can try and log in again.
     

 If a policy is not specified only super users can log into the system.

IP Authorisation Rules

The rules define restrictions in the form of IP addresses from which access to CRM.COM is Allowed or Denied.

The State of an IP Authorisation Rule can be 'Active' or 'Inactive' (default). Inactive rules are disregarded. Active rules must include at least one IP address.

A restriction can take the form of:

  • A specific IP address
  • A range of IP addresses
  • An IP address pattern using asterisks (e.g., '10.*.*.*').

Allowed Organisational Units: The users, units, groups or communities to which an IP Authorisation Rule is applied. If none are defined, then the IP Authorisation Policy is applied to all.

 

The field Applies for Organisation Groups in all policies is automatically set to the group of the organization of the user logged in the database (not available through the UI).

Back to top

User templates

User templates offer a layout structured like the Users Data Entry page, facilitating the creation of new users.

User templates can be used for creating single users through the Manage Users Data Entry page or multiple users through the Generate Bulk Users process.

 

User template fields

The table describes the sections of User Template Data Entry page and explains how the fields in the page are used.

 Mandatory   Configurable

Template Name

State: Sets the state of the user when the template is used through the user's Data entry page and the Web API. The state can be 'Active' or 'Inactive'

System Language: The language used for all labels, tips, warnings and error messages across CRM.COM, including the values of select boxes, radio buttons and other elements consisting of fixed values. 

Native Language: The language used for additional information displayed when the mouse is placed over labels. The organization's native language is set as the default.

Only the languages available under General Settings > Language Settings are available in the template.

Country of Residence (of the user)

Preferences

Home Page Preference: Select the page that will be displayed when the user logs in or clicks on the Home icon.

Settings

Security Profile: Defines rights and restrictions and determines the actions that a user can perform in the system.

IP address (that the user is authorized to log in from)

View User Authentication Settings for information on IP authorization rules.

Domain: Used in the Bulk Users Creation process when using the template.

The domain defined in the template is used for new user email addresses created using the 'Username@Domain' format.

Super Users have access to all areas and features, including Network and Security Management, and can view more elaborate error messages.  Super users are appointed by other super users.

Developers have access to development tools embedded in CRM.COM, available in all Summary pages, Data Entry pages, the analytics section and dashboards. Developers are granted the same Network Management and Security Management permissions as general users.  Developers are appointed by super users. 

CTI Enabled users have access to the embedded CTI tools, accessible through the communication center screen.

Units

Users created through a template are automatically assigned to units.  Units determine the records that the users can access.  A user can belong to more than one unit. Users log in under their default unit and can SWITCH UNIT using the button available in the Top menu bar.  


WEB API keys

A system-generated WEB API key is used instead of a username and password for the authentication of users that access CRM.COM through   Web API.  Each key is assigned to a specific user and results in an authorization token that can also be used for subsequent API calls.  Tokens expire automatically after two hours, even if they are not used.

Back to top

Related configuration areas

The following mandatory modules must be configured for the user management module to work.

Manual LinkAreaDescription
Network ManagementUnitsSet up the units (departments) that the user will have access to when logging into CRM.COM.
Security ManagementSecurity ProfilesSet up the user security profile which defines access rights, such as menu and process options.

Managing Users

Foundation > User Management > Manage Users

Users log into CRM.COM through the user interface (UI) or WEB API. There are three types of user accounts:

  • General users are subject to security and network access rights.
  • Super users have unrestricted access.
  • Developers can access the development tools available through the UI.

Super user and developer accounts are created as general accounts and are subsequently granted additional permissions.

Refer to Changing User Settings for more information.  

User fields

The table describes the sections of User Data Entry page and explains how the fields in the page are used.

 Mandatory   Configurable

Main Information

State: Whether a user is 'Active' or 'Inactive'. A user must be active to access the system and be used for assignments by system entities. Information on previously active users is available. 

User Template: A layout facilitating the creation of new users. New user attributes are supplied by entering new or modifying existing values.

Username (used to log into CRM.COM)

First Name, Last Name, Title, Email: Automatically copied to the contact information when creating or modifying an existing user.

System Language: The language used for all labels, tips, warnings and error messages across CRM.COM, including the values of select boxes, radio buttons and other elements that consist of fixed values. 

Available languages are the ones supported by CRM.COM and the Organization's System Language set in General Settings

Native Language: The language used for additional information displayed when the mouse is placed over labels. The organization's native language is set as the default.

Available options include all languages supported by CRM.COM and the Organization's Native Language set in General Settings.

The Gender, Date of Birth and Name Day of each contact is automatically copied to contact information when creating a new or editing an existing user.   You can optionally ADD MORE INFORMATION through the respective link.

Password: Required when creating or updating a user.  Must comply with the password policy defined in the User Authentication Settings. The tooltip displays password rules.

Password Expiration Date: Set if a validity period is defined in the User Authentication Settings Password Policy as long as the user is not included in the Password Policy's Exceptions (list of users whose passwords never expire). Expired passwords must be reset to log in again.

Preferences

Home Page Preference: Select the page that will be displayed when the user logs in or clicks on the Home icon.

Settings

Security Profile: Determines the actions that a user can perform in the system.

IP address (from which the user is authorized to log in)

View User Authentication Settings for information on IP authorisation rules.

Domain: Retrieved for users imported through LDAP integration or created from a template.

Super Users have access to all areas and features, including Network and Security Management, and can view more elaborate error messages.  Super users are appointed by other super users.

Developers have access to development tools embedded in CRM.COM, available in all Summary pages, Data Entry pages, the analytics section and dashboards. Developers are granted the same Network Management and Security Management permissions as general users.  Developers are appointed by super users. 

CTI Enabled users have access to the embedded CTI tools, accessible through the communication center screen.

  • Phone extension: the extension number of the phone installed on the user's PC through which they access CRM.COM.

Only super users can appoint Developers, CTI Enabled and other Super Users using the dedicated action available from the Data Entry or Summary page. 

Refer to Changing password and user settings for more information.

Units
Users created through a template are automatically assigned to units.  Units determine the records that the users can access.  A user can belong to more than one unit. Users log in with their default unit and can SWITCH UNIT using the button available in the Top menu bar.  


Back to top

Creating and processing users

Validations take place before an action is initiated (prerequisite) or after it is submitted (postcondition).

Searching and creating users

Navigate to Manage Users and specify the criteria that match the user you are interested in, or click on NEW from the Actions menu to create a new user. Provide the information defined as mandatory in the User Fields table and SAVE.

Logging into CRM.COM using system user accounts

Active users can log into the system from the CRM.COM login page using their username and password.

Logging in under different units

Users that belong to multiple units must select a unit when logging in.  A different set of data might be available for each unit, depending on the unit's permissions.  Users that belong to multiple units can SWITCH UNIT using the button in the Top menu bar.


User information panel

The user information panel located under ACCOUNT in the CRM.COM Top menu bar displays the group and unit of the logged in user.  Clicking on the user name takes you to the user information Data Entry page.

 


Back to top

Changing passwords

There are three ways to change a password:

  • Before login (old password required)
    From the Login screen, click on Change Password, provide your username, current password and new password and confirm the new password. Click on SUBMIT.


  • After login (old password required)
    1. From the Top menu, click on ACCOUNT and the username to go to the user information Data Entry page.
    2. From the Actions menu, click on Change Password.
    3. Provide the Old and New Password (following the password rules shown in the tooltip), confirm the password and SAVE.



  • Changed by administrator (old password not required)
    1. Navigate to Manage Users and go to the Data Entry page of the user you wish to change password
    2. From the Actions Menu click on Actions > Change Password
    3. Provide a New Password (following the password rules as shown in the tooltip) and confirm before you SAVE



User Login Check for LDAP users

  • If the password of an AD mapped user is updated the change is only done in AD account; on login the system will authenticate the user, based on the AD credentials. 
  • If an AD mapped user with an expired AD password tries to login, they will fail. The password can be changed from the CRM.COM login screen and the change will be reflected on their AD User account (i.e. the current password is modified, and the password expiration date is updated).

Back to top

 

Changing user settings

User settings are used to define access of the user to system data and system areas as well as define whether they have access to CTI. Settings cannot be manually set when creating new users, but they have to be explicitly defined using the respective action which is accessible only to Super users. There are three settings:

  • Super User: Authorised to access all areas and features of the software while Network Management and Security Management restrictions are not applicable them. Can also view more detailed error messages than the rest of the Users.
  • Developer: Have access to the development tools embedded in CRM.COM, and which are available in all Summary pages, Data Entry pages, Analytics and Dashboards. 
  • CTI Enabled: Used for users that must access the embedded CTI tools through the Communication Centre screen, and the extension of each

To change the settings:

  1. Navigate to 'Manage Users' and go to the Data Entry page of the user you wish to update settings. 
  2. Click on Actions > Change Settings from the Actions Menu and enable or disable settings accordingly before you SAVE


Changing user state

A user's state denotes whether the user account can be used to log in the system. Inactivate user accounts of users that are no longer using the system (i.e. left the company) while only users with an active state can be used to login the system.

  1. Navigate to Manage Users and go to the Data Entry page of the user you wish to update settings
  2. From the Actions Menu click on Actions > Set as active /Set as Inactive
  3. Enable or disable settings accordingly before you SAVE


Changing state and settings for multiple users

Settings and state of multiple users can be updated simultaneously using the respective action from the 'Manage Users' Summary page. Select the user account you wish to update by checking the box on the left of the record  and then select the respective action from the Actions menu.

 

Password expiration & history

A user password can be 'valid' for a limited period. If a password is expiring in the next seven days, the system informs the users about the Number of days left upon login, so that it can be updated before it expires. The same password can never be selected by the same user.

The process is also available for Active Directory users
The system informs users about expiration providing the Expiration Date retrieved through Active Directory.

 

Protecting against unauthorised access

Protect data kept in the system by controlling the IP addresses that users can login from, or respectively the ones to which access will be denied.

You can define rules which include allowed or denied IP addresses, ranges of IP addresses or IP patterns. For each IP Authorisation Rule you can provide the users units groups or communities that the restrictions are applied. To do so configure the 'IP Authorisation Rules' section  available through the User Authentication Settings.

 

Handling invalid login attempts

Protect against unauthorized access, by locking the system to a user account after multiple consecutive invalid login attempts.

It is possible to define the maximum Number of failed attempts allowed within a specified period. If the Number of failed attempts is reached, user access to the system is denied for the duration of a 'Lock-out Period'. The user is allowed to log in again when:

  • A super user cancels the lock-out period
    or
  • The lock-out period ends (The lock-out period is configurable).

Refer to User Authentication Settings. to learn how to set it up.

Cancelling the lock-out period

Super users can reset locked-out users by cancelling the lock-out period. 

  1. Navigate to Manage Users and go to the Data Entry page of the locked-out user
  2. From the Actions Menu, click Actions > Cancel Lock-out Period

Back to top

Bulk user creation using templates

If you are planning to create multiple users with common characteristics, such as access rights or common email domain, instead of creating them one by one through the 'Manage Users' Data Entry page, save yourself some time and generate multiple users simultaneously using values and settings (e.g. email, password) from a pre-defined user template .

 

Generate bulk users fields

The table describes the sections of Generate Bulk Users Data Entry page, and explains how the fields in the page are used

 Mandatory   Configurable

Input Settings

User Template: Select the template which will be used as a starting point for the generation of new user accounts.

Number of Users: the Number of user accounts to be created.

Password Settings: Determines how the user password will be set on new user accounts, selecting between:

  • Fixed: Manually set the Password for each new User account.
  • Username as Password: Use together with the Set Password action once the username is provided to set the username as the password.

Email Settings: Determines how the user email will be set on new user accounts, selecting between:

  • Fixed: To manually set the email for each new User account.
  • Username@Domain: Use together with the Set Email action once the username is provided to set the email using the username and the domain supplied from the selected template.

Users to be Generated

A list of User accounts which will be generated once submitted

Username: The username of the User, which is used to log into CRM.COM.

First Name, Last Name , Email which are automatically copied to the Contact Information as soon as the User is created.

Password: The password which is used to authenticate the user. Check Password Settings above for more information.

Phone Extension Number: The phone extension of the user must be defined in case the Template creates a CTI enabled User account.

 

Generate bulk users process

  1.   Navigate to Generate Bulk Users and provide the information for the users to be created.
  2. Go to the Users To Be Generated tab and click on Create, to create the Number of users defined in the 'Input Settings' tab.
  3. Use Add to add more users if required.
  4. Provide a 'Username', 'First Name' and 'Last Name' for each user.
  5. Provide an 'Email' and 'Password' if they were defined as 'Fixed' in the 'Input Settings', otherwise select them (from the list) and click on the Set Email and Set Password actions, to generate them based on username and domain. 
  6. Select the users that should be activated and click on the Set as Active Action.
  7. Click on SUBMIT from the Top menu to generate the defined users.

Back to top


Importing users using LDAP

Foundation > User Management > LDAP Integration

If you are an already established organisation (with hundreds of users) and already using Microsoft's Active Directory (AD), you have the option to import registered users from AD directly to CRM.COM and map them to CRM.COM user accounts. Mapping AD user accounts to CRM.COM accounts, provides the possibility to:

  • Authenticate users during login to CRM.COM, using their AD accounts.
  • Inform users about their AD password expiration.
  • Prevent user login once the User's AD password expires.

Once Active Directory users are imported you have 2 options; either map them to existing users registered in CRM.COM or create new CRM.COM users. Mapped AD accounts can also be un-mapped and remapped to other CRM.COM user accounts.

LDAP Integration fields

The table describes the sections of LDAP Integration Data Entry page, and explains how the fields in the page are used

 Mandatory   Configurable

Main Information

Read-only information associated to the AD accounts imported to CRM.COM

Users Imported, Users Mapped, Users Activate

Security groups imported

Domains Used

Domains Imported

Latest Import Date

Person Name

LDAP Users

Username: The username of the user in AD

Person Name

Security Group Name: The AD user's security Group (available through AD).

CRM.COM Username: The AD user's username in CRM.COM.

Is Mapped: Indicates whether the AD user is mapped to a user account in CRM.COM.

Is Active: Indicates whether the AD user is 'Active' or not.

 Back to top

 

Import Users

Start by importing AD user accounts

  1. Navigate to LDAP Integration and from the Actions menu click on Actions > Import Users. From the 'Import LDAP Users' modal select the 'Security Group' by clicking on the drop down list.
  2. Click on SUBMIT.
  3. Once the users are imported in CRM.COM they can be viewed in the LDAP-USERS Tab. 

Additional Information

Prerequisites

Authentication policy must be configured in 'User Authentication Settings'

 

 

Mapping imported users to CRM.COM users

Navigate to LDAP Integration and explore existing LDAP Users via the respective tab. Use the search criteria to search for the user to update. Select the users you would like to map by checking the box on the left of the username and apply one of the following actions:

Once the LDAP Users are imported and become available in CRM.COM they can be mapped to CRM.COM Users one by one 

  1. Navigate to LDAP Integration and go to the LDAP-USERS Tab. Select the user you want to map 
  2. From the Menu click on Actions > Map
  3. Using the modal window, search for the CRM.COM User to be mapped to the LDAP User
  4. Click on SUBMIT.


Additional Information

Prerequisites

  • Authentication policy must be configured in 'User Authentication Settings'
  • Users are already imported from AD.
  • There are un-mapped AD user accounts present in the system.

 

 

Creating new CRM.COM Users from imported users

If there are no CRM.COM users for each imported LDAP user you can create them. The process enables the creation of multiple users simultaneously by utilizing the Bulk user creation process unlike the map process which can only map one user at a time.

  1. Navigate to LDAP Integration and go to the LDAP-USERS tab. Select the AD user accounts for which you want to create CRM.COM user accounts
  2. Click on Actions > Create Users.
  3. Follow the process as described in Bulk Users Creation.

 

Additional Information

Prerequisites

  • Authentication policy must be configured in 'User Authentication Settings'
  • Users are already imported from AD.
  • There are un-mapped AD user accounts present in the system.

 


Un-map users

Un-mapping users gives you the option to map them to another CRM.COM user account. In case of un-mapping AD users are no longer able to login to CRM.COM using AD credentials and have to use their CRM.COM user accounts credentials.

  1. Navigate to LDAP Integration and go to the LDAP-USERS Tab. Select the user you want to un-map 
  2. From the Menu click on Actions > Map 


Additional Information

Prerequisites

  • Authentication policy must be configured in 'User Authentication Settings'
  • Users are already imported from AD.
  • LDAP Users are mapped to CRM.COM user accounts. 

 

Back to top

Active Directory password ageing warning

As aforementioned, AD user accounts can be managed through CRM.COM.  The system is responsible for informing users about AD password expiration The expiration date is retrieved through Active Directory
upon logging in, and consequently CRM.COM displays a warning message informing the user of the Number of days left until their password expires. 
Users can then follow one of the processes available for updating their passwords. Change is reflected to Active Directory.

 

User Management Business Examples

Create new user

New super user account

Scenario 1

Company ZX wants to set up a user account for their Marketing Manager with the following requirements:

  • The language in the system should be English, but Finnish terms should also be available when the User hovers over labels with the mouse.
  • Access Rights: Full Access rights. Any restrictions and rules defined in any CRM.COM module should not be applied to this User.
  • On logging in the system the manager should view dashboards

Solution

Create New User

  • Main Information:
    • Username, First Name, Last Name
    • Email
    • System Language: English
    • Native Language: Finnish
    • Password
    • Native Language: Finnish
    • Country of Residence: Finland
  • Preference:
    • Analytics
  • Settings
    • Security Profile: Team Managers
    • State: Active
  • Units:
    • Marketing Unit

The user account must then be set as' super user' so that the manager will have full access to all the data kept in the system.

  1. From the Actions menu click on Actions > Change Settings
  2. Enable 'Super User' and SAVE

Back to top

User account templates 

Call Centre Templates

Scenario 2

Company ZX has a very big call centre and new user accounts are created evry month for new hirings. They wish to speed up and standardise the process of creating user accounts for new call centre agents.

  • Country: Finland.
  • The language in the system should be English, but Finnish terms should also be available when the User hovers over labels with the mouse.
  • On logging in the system the agents should view Communication Centre

CRM.COM Solution

Configuration

Template

  • Main information:
    • Template Name: Customer Service English
    • System Language: English
    • Native Language: Finnish
    • Country of Residence: Finland
  • Preferences:
    • Communication Center
  • Settings:
    • Security Profile: Call Center Agents
    • State: Active
    • Check: CTI Enabled
    • Domain: www.companyTV.com
  • Units:
    • Call Centre (set as default)

Creating a new call centre user account

  • Main information
    • Template: Customer Service English
    • Username: m.jones
    • Full Name: Maria Jones
    • Email: m.jones@companyTV.com
    • Password: (make sure the password meets the System requirements)
  • Settings
    • Phone Extension: 2175

Create multiple users using template and bulk user process

Creation of multiple users

Scenario 3

 Company ZX created a new call centre in Helsinki and needs10 new user accounts for their call center operators using an existing Template:

Solution

Template

  • Main information:
    • Template Name: Customer Service English
    • System Language: English
    • Native Language: Finnish
    • Country of Residence: Finland
  • Preferences:
    • Communication Center
  • Settings:
    • Security Profile: Call Center Agents
    • State: Active
    • Check: CTI Enabled
    • Domain: www.companyTV.com
  • Units:
    • Call Centre (set as default)

Bulk Users Creation

  1. Navigate to Bulk Users Creation
    1. Select Template: Customer Service English
    2. Define Number of Users: 10
    3. Password Settings: Same as Username
    4. Email Settings: Username@domain
  2. Go to 'Users to be Generated' tab
    1. Click CREATE
    2. For each user row specify:
      1. Username
      2. First Name
      3. Last Name
      4. Phone
    3. Select all user accounts
    4. Click Set Email
    5. Click Set Password
    6. Click Set as Active
  • Click SUBMIT

 

Notes

  • If you are using a previous release, view CRM.COM Release Changes.
  • Use the User Management WEB API to create and manage User Management from an external system, such as a customer portal. View the User Management WEB API for a complete list of actions available through the WEB API.

 

Glossary  

CRM.COM TermDefinition
Active Directory

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server Operating Systems as a set of processes and services.  

An AD domain controller authenticates and authorises all Users and computers in a Windows domain type network—assigning and enforcing security policies and installing or updating software. For example, when a User logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the User is a system administrator or a normal User.  

Active Directory makes use of Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS.

Lightweight Directory Access Protocol (LDAP) Lightweight Directory Access Protocol is an Internet protocol which is used to access and maintain a distributed organised set of records such as an email or telephone directory through web applications.
Organisation GroupIn case a company consists of multiple organisations (i.e. multiple databases), the organisations can be grouped under a single Group.
OrganisationThe database you connect to during login.
Security Groups (AD)Active Directory Security Groups enable the administrator to group Users according to their rights and permissions.
Security ProfileSecurity Profiles are used to control User access to various features of the software. Access can be allowed or denied for each CRM.COM module individually. Each User is assigned to only one Security Profile.
UnitA Unit represents a body of Users which belong to the same team and follow the same business processes; Users belong to Units.
User Domain (AD)An IP Address or a string representing an IP Address. This IP Address is assigned to the personal computer of the User. Multiple IP Addresses can exist under the same domain.

 

Back to top