Authentication and Users
Authentication and Users
Overview
Authentication and user management control how people sign in, activate accounts, register MFA, choose a timezone, and receive role-based access to CMS.
Purpose
Use the Users area to create and maintain user accounts, assign roles, manage organisation scope, reset authentication factors, and help users regain access when needed.
Sign-In Options
CMS can show these sign-in options when configured:
| Option | What users see |
|---|---|
| CMS login | Username and password sign-in. |
| Microsoft Entra | Microsoft sign-in button. |
| Google sign-in button. |
If an expected sign-in option is not visible, a platform administrator should check Authentication and Portal settings.
Account Activation
Some environments require users to activate their account before they can use the portal.
| Action | Result |
|---|---|
| Send welcome email | Sends an activation link when email delivery is configured. |
| Reset activation | Creates a new activation code for an unconfirmed user. |
| Request activation code | Lets a user request a fresh code from the sign-in flow. |
| Activate account | Confirms the code and allows the user to continue. |
When creating users, check whether your environment expects an administrator to send the welcome email after saving the account.
MFA
When MFA is required, users are asked to register an authenticator during sign-in. If a user loses access to MFA, an authorised administrator can reset MFA for that user.
After reset, the user registers MFA again on the next MFA-required sign-in.
User Management Workflow
- Open Users.
- Create or select a user.
- Enter user properties.
- Choose scope and permissions.
- Configure authentication settings where required.
- Save the user.
- Send activation or welcome email if required by your process.
Role Assignment
Administrators can assign roles only inside their permitted scope.
| Acting role | Typical assignment boundary |
|---|---|
| Platform administrator | Platform, distributor, partner, and tenant roles. |
| Distributor administrator | Distributor, partner, and tenant roles in distributor scope. |
| Partner administrator | Partner and tenant roles in partner scope. |
| Tenant administrator | Tenant roles in tenant scope. |
If a role is not available, confirm the acting user has permission to assign it and that the target user belongs to the correct organisation.
Timezone
Users can set their own display timezone. If no timezone is selected, CMS uses the system timezone setting. Timestamps in the portal are shown using the effective timezone.
Notification Templates
Administration > Notifications includes templates for activation, welcome emails, invoices, overdue invoice reminders, budget alerts, and other notification types. Review templates before relying on them in a customer process.
Access
Users only see user records and actions available to their assigned role and organisation access. If a user cannot see the Users page, a user row, or an action such as password reset or MFA reset, confirm the acting user's role and relationship to the target user.