Typically, access to the Administration menu is required to add and manage user records on iPassport. The system role, Administration Editor provides all the necessary permissions but also includes high level access to system settings. Therefore, it is possible to create a clerical administration role that allows creating other users on the system but doesn’t provide full access to the Administration menu.
The permissions directly related to user accounts are:
|Desktop:Show Users Menu Item||Show the Administration > Users menu item|
|User Accounts:Create User Accounts||Allow a user to create user accounts|
|User Accounts:Edit Roles||Allow a user to edit roles|
|User Accounts:Edit User Accounts||Allow a user to edit user accounts|
|User Accounts:Enable/Disable||Allow a user to enable and disable user accounts|
|User Accounts:Link to Records||Allow a user to create links to and from user accounts|
|User Accounts:Log Users Out||Allow a user to log other users out|
|User Accounts:Preference Report||Allow a user to report on all user preferences|
|User Accounts:Remove Links||Allow a user to remove links attached to user accounts|
|User Accounts:Reset Passwords||Allow a user to reset passwords|
|User Accounts:Set Minimum Password Length||Allow a user to change the minimum password length|
|User Accounts:Set View Only||Allow a user to set another user as view only|
|User Accounts:View History||Allow a user to view the change history for user accounts|
|User Accounts:View Roles||Allow a user to view roles|
|User Accounts:View User Accounts||Allow a user to view user accounts|
These permissions are only included in the system role, Administration Editor.
When assigning a ‘Home OU’ to new users, an administrator will only be able to choose OUs in which they have the permission, “User Accounts:Create User Accounts”. On the new user creation page, the field, Home OU, will only show the OUs where the administrator has this permission. If the administrator has the permission in their own home OU, the field will default to that OU.
As a special condition, the permission, “User Accounts:Create User Accounts” automatically grants (user account) viewing and editing rights in the OUs where it is applied. This is to ensure administrators can always access the user records they have created.
There are some system preferences which influence the way user accounts behave. A description of relevant options which appear in the Miscellaneous Settings section of the System Preferences tab is offered here and further detail is available in the System Preferences user guide.
To adjust any of the preferences below:
The default setting for the user record field, ‘Can Contact Support?’ is governed by the preference, “Allow new users to contact Genial Compliance iPassport Support by default”. It can be disabled if new users should generally be prevented from contacting iPassport support and be limited to seeking internal assistance. The setting can be toggled in the field, ‘Can Contact Support?’ when a new user account is being created. When a user is allowed to contact iPassport support through this setting, the Contact iPassport Support tab in the Help area becomes visible to them.
Once a user account is created, the user’s Timezone can be adjusted. If left as ‘Not Set’, the user will be assigned the Default Time Zone declared in the Miscellaneous Settings area.
The option, Enable Simple View allows specifying whether simple view should be available in the account. Simple view offers a cut back iPassport interface without all the header menus, ideal for users who just need to complete tasks and search for content. By default users can easily switch between simple and detailed views but the user’s account can be edited to restrict them to only access iPassport in simple view.
Each user record includes a Signature tab where an image of the user’s signature can be uploaded so it can then be displayed, for example, in prints of documents which the user has authorised. The option, ‘Require password to upload new signature’ provides additional security so that not anyone can upload a given user’s signature.