User management
A user can be a member of any number of roles and can be assigned to any number of websites.
Default user accounts
The following default user accounts are available:
- Administrator – global administrator user with full permissions.
- Public – user that represents an anonymous visitor of the site.
Creating a new user
New user accounts are typically created when a user goes through registration on the live site. However, you can also create accounts manually in the Users application. Click New user and configure the properties.
User name |
The user’s user name, with which the user can sign in on the website. By default, it must be unique across all websites in the system. |
Full name |
User’s full name (first name, middle name and last name). |
|
User’s email address. |
Enabled |
Indicates if the user account is enabled and the user can sign in. |
Privilege level |
Sets the user’s privilege level (see the privilege level table). |
Password |
User’s password. |
Assign to website |
Allows you to quickly assign the new user to the current site. When a user is assigned to a site, they can work with it in the administration interface (if they have a sufficient Privilege level and permissions). Note: Assignment of users to sites only limits access to the system’s administration interface. Signing in on the live site may be possible even for users who are not assigned to the given site (depending on the system’s settings). |
User passwords
It is highly recommended to set a safe password for every user account to ensure the security of your website. Global administrators can monitor the list of users for accounts that have empty passwords, which are marked with a warning icon ().
You can add a password manually by editing the given users on the Password tab.
The system can be configured to require users to enter passwords matching specific strength requirements. For more information, see Password strength policy and its enforcement.
Each user account has a Privilege level:
Privilege level |
Description |
None |
The user cannot access the system’s administration interface. Ability to view pages and perform actions on the live site depends on the site’s security options and the roles assigned to the user. |
Editor |
The user can access the administration interface and on-site editing mode for all sites assigned on the Sites tab. The Editor privilege level does not grant any permissions – it only differentiates between site editors and registered users who are limited to the live website. To allow editors to access applications and perform actions, you need to assign roles. |
Administrator |
The user has unrestricted access to non-global applications for all sites in the system (administrators skip permission and UI personalization checks). However, administrators CANNOT:
|
Global administrator |
The user has full access to all parts of the system for all sites, and can perform any operations (regardless of permissions or other settings). Global administrators are the only users who have full access to all global applications. |
Editing user properties
To edit user properties, open the Users application. Click Edit () next to the required user.
General properties
You can set the following properties on the General tab:
User name |
The name used to sign in to websites and the system’s administration interface. By default, user names must be unique across all sites in the system. |
Full name |
User’s full name (first name, middle name and last name). |
First name |
User’s first name. |
Middle name |
User’s middle name. |
Last name |
User’s last name. |
|
User’s email address. |
Enabled |
Indicates if the user account is enabled and the user can sign in. |
Privilege level |
Indicates if the user is allowed to access the administration interface, and affects how the system checks permissions. See the privilege level table for details. |
Is external user |
This attribute is used when you are using an integration with an external user database. |
Is domain user |
Indicates if the user was imported from Active Directory. |
Is hidden |
If true, the user is not visible on the site (e.g. on-line user monitoring, repeaters displaying users, etc.). |
Preferred content culture |
Preferred culture in which the content is displayed to the user. |
Preferred user interface culture |
Preferred culture in which the users wants to see the administration interface. |
Created |
Date and time when the user account was created. |
Multi-factor authentication is required |
Indicates whether multi-factor authentication is enabled for the user. Only applies if multi-factor authentication is allowed in Settings -> Security & Membership -> Authentication -> Enable multi-factor authentication. |
Reset multi-factor secret |
Allows you to Reset the secret key that is shared with the user’s multi-factor authentication application. On the user’s next sign-in attempt, the system displays a new secret key, which the user needs to enter into their authenticator application. |
Last sign-in |
Date and time when the user last signed in. |
Last sign-in information |
Information about the IP address and browser user agent of the user’s last sign-in. |
Invalid sign-in attempts |
The number of unsuccessful attempts to sign in with a wrong password. You can reset the value to zero and unlock the user’s account by clicking the Reset & enable button. |
Password expires in |
The number of days left until the user’s password expires. You can reset the validity to the maximum value by clicking Extend validity & enable. |
Starting alias path |
Allows you to limit the user to a specific section of the content tree when using the Pages application. If you set a value, the user cannot see other parts of the website in the content tree. Note: This feature is only intended for better usability and does not ensure security control. If you need to establish access rights for a given user, grant appropriate page permissions on the Properties -> Security tab. |
Password
On this tab, you can change a user’s password. Kentico provides two ways to do this – generating a new password, or changing it.
This tab is hidden if the user being edited is authenticated using either an external user database or Active Directory, i.e., if the user has the Is external user or Is domain user property enabled on the General tab of the user editing interface.
Generating a new password
You can generate a completely new password by clicking the Generate new password button. The affected user receives an email, based on the Membership - Changed password email template, containing the generated password and a recommendation to immediately change it. This password complies with the set password policy (a string of 8 characters containing at least one non-alphanumeric character by default).
Changing an existing password
If you want to change an already existing password manually, you can type a new one into the Password and Confirm password fields. The Password strength indicator gives you an estimate of the password’s complexity. Clicking Change password sends the affected user an email, based on the Membership - Password reset confirmation email template, notifying them of the password change. This email does NOT contain the changed password.
Settings
On the Settings tab, you can edit the following properties of the user:
User nick name |
Nick name of the user used in website forums, on the user’s profile, etc. |
User picture |
User’s avatar image. The image appears in forums and on the user’s profile. You can either upload an image or select a pre-defined avatar. |
User signature |
User’s signature that will be used below the user’s forum posts. |
Description |
Optional text describing the user. |
URL referrer |
URL from that the user came to the site when they performed registration. |
Campaign |
If the given user arrived on the website through a campaign before registering, this field will store the name of that campaign. See Campaigns for details. |
Time zone |
User’s time zone; if set, this time zone will be used where applicable instead of the site time zone. |
Badge |
User’s badge; depends on the number of gained activity points. |
User activity points |
Number of user’s activity points; these points are gained for forum posts, message board posts, blog posts and blog post comments. |
Live ID |
User’s Live ID token; this is a hexadecimal number that the user is identified by when signing in via Windows Live ID. |
Facebook user ID |
User’s Facebook user ID; it is used when the user is signing in via Facebook Connect. |
OpenID |
User’s OpenID; it is used when the user is signing in via OpenID. |
LinkedIn ID |
User’s LinkedIn ID; it is used when the user is signing in via LinkedIn authentication. |
Activation date |
Date of the user’s account activation. |
Activated by user |
User who activated this user’s account. |
Registration info |
User’s IP and browser agent detected on registration. |
Gender |
User’s gender. |
Date of birth |
User’s date of birth. |
Skype account |
User’s Skype account. |
Instant messenger |
User’s instant messenger; format of values of the field is not strictly required, you may use any string of characters according to your specific needs. |
Phone number |
User’s phone number; the number may be entered in any format, no validation is applied. |
Log activities |
Indicates if the system logs on-line marketing activities for the user. |
Waiting for approval |
If checked, the user account is not active yet and is waiting for an administrator’s approval. |
Show welcome tile |
Indicates whether the application dashboard displays the welcome tile that introduces the basics of the administration interface to new users. |
Forum posts |
Number of user’s forum posts. |
Forum comments |
Number of user’s forum comments. |
Blog comments |
Number of user’s blog comments. |
Message board posts |
Number of user’s message board posts. |
Custom fields
Here you can edit the values of custom user fields. The custom fields can be defined in Modules -> Membership -> Classes -> User -> Fields.
Sites
Here you can specify the sites that the user can work with in the administration interface. To assign the user to a site, click Add sites, check the appropriate boxes in the displayed dialog and click Select.
The sites assigned here primarily limit access to the system’s administration interface. This is intended to allow the separation of access privilege for content editors responsible for different websites.
If the Share user accounts on all sites setting is enabled in Settings -> Security & Membership, signing in on the live site is possible even for users who are not assigned to the given site.
Roles
Here you can manage the roles to which the edited user is assigned. Depending on the permissions available for individual roles, the user will be authorized to perform various actions on the website or in the administration interface. Refer to Role management for further information about roles.
Notifications
On this tab, you can see a list of all notification subscriptions of the currently edited user. You can Delete () subscriptions in the list, which unsubscribes the user from receiving notifications.
Categories
This tab displays a list of the user’s custom categories. Categories are topic-related groups to which pages can be assigned. By clicking New category, you can create new categories.
Subscriptions
On this tab, you can manage the user’s subscriptions to newsletters, blog posts (comment notifications), message boards, forums and reports.
Languages
On this tab, you can specify which cultural versions of pages can be edited by the user. You have the following options:
- User can edit all languages - if selected, the currently edited user can edit pages in all language versions of all sites in the system
- User can edit following languages - if selected, you can specify which language versions can be edited by the user by selecting the check boxes in the list of language versions; this can be set separately for each site in the system using the Select site drop-down list
Memberships
Here you can manage special types of website membership assigned to the edited user. Each membership represents a collection of roles. When a membership is assigned to a user, it automatically authorizes that user to perform any actions allowed for all contained roles. Refer to Membership management to learn more.