User management

A user can be a member of any number of roles and can be assigned to any number of websites.

Each user account has a Privilege level:

Privilege level Description
None The user cannot access the system's administration interface. Ability to view pages and perform actions on the live site depends on the site's security options and the roles assigned to the user.
Editor

The user can access the administration interface and on-site editing mode for all sites assigned on the Sites tab.

The Editor privilege level does not grant any permissions – it only differentiates between site editors and registered users who are limited to the live website. To allow editors to access applications and perform actions, you need to assign roles.

Administrator

The user has unrestricted access to non-global applications for all sites in the system (administrators skip permission and UI personalization checks).

However, administrators CANNOT:

  • Use global applications that affect the entire system
  • Perform certain actions restricted only to global administrators
  • Upgrade the privilege level to global administrator for their own account
  • Grant users the administrator privilege level
  • Edit the user accounts of other administrators
Global administrator
_________________

The user has full access to all parts of the system for all sites, and can perform any operations (regardless of permissions or other settings). Global administrators are the only users who can work with global applications.

On this page

Related pages

Default user accounts

The following default user accounts are available:

  • Administrator – global administrator user with full permissions.
  • Public – user that represents an anonymous visitor of the site.

Creating a new user

New user accounts are typically created when a user goes through registration on the live site. However, you can also create accounts manually in the Users application. Click New user and configure the properties.

User name The user's user name, with which the user can sign in on the website. By default, it must be unique across all websites in the system.
Full name User's full name (first name, middle name and last name).
E-mail User's e-mail address.
Enabled Indicates if the user account is enabled and the user can sign in.
Privilege level Sets the user's privilege level (see the privilege level table).
Password
Confirm password
User's password.
Assign to website
__________________

Allows you to quickly assign the new user to the current site.

When a user is assigned to a site, they can work with it in the administration interface (if they have a sufficient Privilege level and permissions).

Note: Assignment of users to sites only limits access to the system's administration interface. Signing in on the live site is possible even for users who are not assigned to the given site.

User passwords

It is highly recommended to set a safe password for every user account to ensure the security of your website. Global administrators can monitor the list of users for accounts that have empty passwords, which are marked with a warning icon ().

You can add a password manually by editing the given users on the Password tab.

Editing user properties

To edit user properties, open the Users application. Click Edit () next to the required user.

General properties

You can set the following properties on the General tab:

User name The name used to sign in to websites and the system's administration interface. By default, user names must be unique across all sites in the system.
Full name User's full name (first name, middle name and last name).
First name User's first name.
Middle name User's middle name.
Last name User's last name.
E-mail User's e-mail address.
Enabled Indicates if the user account is enabled and the user can sign in.
Privilege level

Indicates if the user is allowed to access the administration interface, and affects how the system checks permissions. 

See the privilege level table for details.

Is external user This attribute is used when you are using an integration with an external user database.
Is domain user Indicates if the user was imported from Active Directory.
Is hidden If true, the user is not visible on the site (e.g. on-line user monitoring, repeaters displaying users, etc.).
Preferred content culture Preferred culture in which the content is displayed to the user.
Preferred user interface culture Preferred culture in which the users wants to see the administration interface.
Created Date and time when the user account was created.
Multi-factor authentication is required Indicates if the Multi-factor authentication is enabled for the particular user, if the Enable multi-factor authentication is SELECTED and the Multi-factor authentication is required globally is CLEARED.
Reset token ID Resets the user's token ID, which is used to pair the user account with the mobile application.
Last sign-in Date and time when the user last signed in.
Last sign-in information Information about the IP address and browser user agent of the user's last sign-in.
Invalid sign-in attempts The number of unsuccessful attempts to sign in with a wrong password. You can reset the value to zero and unlock the user's account by clicking the Reset & enable button.
Password expires in The number of days left until the user's password expires. You can reset the validity to the maximum value by clicking Extend validity & enable.
Starting alias path

Allows you to limit the user to a specific section of the content tree when using the Pages application. If you set a value, the user cannot see other parts of the website in the content tree.

Note: This feature is only intended for better usability and does not ensure security control. If you need to establish access rights for a given user, grant appropriate page permissions on the Properties -> Security tab.

Password

On this tab, you can change a user's password. Kentico provides two ways to do this – generating a new password, or changing it.

This tab is hidden if the user being edited is authenticated using either an external user database or Active Directory, i.e., if the user has the Is external user property enabled on the General tab of the user editing interface or if Is domain user is enabled and the application is configured to use Windows authentication.

Generating a new password

You can generate a completely new password by clicking the Generate new password button. The affected user receives an email, based on the Membership - Changed password email template, containing the generated password and a recommendation to immediately change it. This password complies with the set password policy (a string of 8 characters containing at least one non-alphanumeric character by default).

Changing an existing password

If you want to change an already existing password manually, you can type a new one into the Password and Confirm password fields. The Password strength indicator gives you an estimate of the password's complexity. Clicking Change password sends the affected user an email, based on the Membership - Password reset confirmation email template, notifying him of the password change. This email does NOT contain the changed password.

Settings

On the Settings tab, you can edit the following properties of the user:

User nick name Nick name of the user used in website forums, on the user's profile, etc.
User picture User's avatar image. The image appears in forums and on the user's profile. You can either upload an image or select a pre-defined avatar.
User signature User's signature that will be used below the user's forum posts.
Description Optional text describing the user.
URL referrer URL from that the user came to the site when they performed registration.
Campaign If the given user arrived on the website through a campaign before registering, this field will store the name of that campaign. See Campaigns for details.
Messaging notification e-mail Notifications about new messages received in the messaging application will be sent to this e-mail address.
Time zone User's time zone; if set, this time zone will be used where applicable instead of the site time zone.
Badge User's badge; depends on the number of gained activity points.
User activity points Number of user's activity points; these points are gained for forum posts, message board posts, blog posts and blog post comments.
Live ID User's Live ID token; this is a hexadecimal number that the user is identified by when signing in via Windows Live ID.
Facebook user ID User's Facebook user ID; it is used when the user is signing in via Facebook Connect.
OpenID User's OpenID; it is used when the user is signing in via OpenID.
LinkedIn ID User's LinkedIn ID; it is used when the user is signing in via LinkedIn authentication.
Activation date Date of the user's account activation.
Activated by user User who activated this user's account.
Registration info User's IP and browser agent detected on registration.
Gender User's gender.
Date of birth User's date of birth.
Skype account User's Skype account.
Instant messenger User's instant messenger; format of values of the field is not strictly required, you may use any string of characters according to your specific needs (e.g. ICQ: 123456789).
Phone number User's phone number; the number may be entered in any format, no validation is applied.
Log activities Indicates if the system logs on-line marketing activities for the user.
Waiting for approval If checked, the user account is not active yet and is waiting for an administrator's approval.
Show welcome tile Indicates whether the application dashboard displays the welcome tile that introduces the basics of the administration interface to new users.
Forum posts Number of user's forum posts.
Forum comments Number of user's forum comments.
Blog comments Number of user's blog comments.
Message board posts Number of user's message board posts.

Custom Fields

Here you can edit the values of custom user fields. The custom fields can be defined in Modules -> Membership -> Classes -> User -> Fields.

Sites

Here you can specify the sites that the user can work with in the administration interface. To assign the user to a site, click Add sites, check the appropriate boxes in the displayed dialog and click Select.

The sites assigned here primarily limit access to the system's administration interface. This is intended to allow the separation of access privilege for content editors responsible for different websites.

If the Share user accounts on all sites setting is enabled in Settings -> Security & Membership, signing in on the live site is possible even for users who are not assigned to the given site.

Roles

Here you can manage the roles to which the edited user is assigned. Depending on the permissions available for individual roles, the user will be authorized to perform various actions on the website or in the administration interface. Refer to Role management for further information about roles.

Notifications

On this tab, you can see a list of all notification subscriptions of the currently edited user. You can Delete () subscriptions in the list, which unsubscribes the user from receiving notifications.

Categories

This tab displays a list of the user's custom categories. Categories are topic-related groups to which pages can be assigned. By clicking New category, you can create new categories.

Friends

On this tab, you can manage the currently edited user's friends.

Subscriptions

On this tab, you can manage the user's subscriptions to newsletters, blog posts (comment notifications), message boards, forums and reports.

Languages

On this tab, you can specify which cultural versions of pages can be edited by the user. You have the following options:

  • User can edit all languages - if selected, the currently edited user can edit pages in all language versions of all sites in the system
  • User can edit following languages - if selected, you can specify which language versions can be edited by the user by checking the check-boxes in the list of language versions; this can be set separately for each site in the system using the Select site drop-down list

Memberships

Here you can manage special types of website membership assigned to the edited user. Each membership represents a collection of roles. When a membership is assigned to a user, it automatically authorizes that user to perform any actions allowed for all contained roles. Refer to Membership management to learn more.


Was this page helpful?