Authentication and Users
Overview
Authentication and user management control how people sign in, activate accounts, register MFA, choose a timezone, and receive role-based access to CMS.
Sign-In Options
CMS can show one or more sign-in options depending on platform settings:
- CMS username and password.
- Microsoft Entra sign-in.
- Google sign-in.
If an expected sign-in option is missing, a platform administrator should check the Authentication and Portal settings for enabled providers and configured provider details.
Account Activation
Some environments require users to activate their account before normal portal access.
Common activation actions are:
| Action | What happens |
|---|---|
| Send welcome email | Sends the user an activation link when email delivery is configured. |
| Reset activation | Generates a fresh activation code for an unconfirmed user. |
| Request a new activation code | Allows a user who can sign in but is not activated to request a new code. |
| Activate account | Confirms the activation code and allows the user to continue. |
MFA
When MFA is required, users are prompted to register MFA during sign-in. If a user loses access to their authenticator, an authorised administrator can reset MFA for that user.
After MFA is reset, the user registers MFA again the next time they sign in.
User Management
The Users page is available to administrators with the required organisation access.
The user editor includes:
- User properties.
- Scope and permissions.
- Authentication settings.
- Authentication information.
- Activation actions.
- MFA reset.
- Password reset.
- Timezone selection.
Role Assignment
Administrators can assign roles only inside their own permitted scope.
| Acting role | Typical assignment boundary |
|---|---|
| Platform administrator | Platform, distributor, partner, and tenant roles. |
| Distributor administrator | Distributor, partner, and tenant roles in distributor scope. |
| Partner administrator | Partner and tenant roles in partner scope. |
| Tenant administrator | Tenant roles in tenant scope. |
If a role is not available in the selector, confirm that the acting user has permission to assign that role and that the target user belongs to the correct organisation scope.
Timezone Preference
Users can set their own display timezone. If a user does not choose a timezone, CMS uses the system timezone setting. Operational records remain consistent while portal timestamps are shown in the user's effective timezone.
Email Templates
Administration > Notifications includes templates for account activation, welcome emails, invoices, delinquent payment reminders, budget alerts, and other notification types.
Access
Users only see user records and actions allowed by their role and organisation access. If a user cannot see the Users page, a user row, or an action such as password reset or MFA reset, confirm the acting user has the correct administrator role and relationship to the target user.