Skip to main content

Authentication and Users

Authentication and Users

Overview

Authentication and user management control how people sign in, activate accounts, register MFA, choose a timezone, and receive role-based access to CMS.

Purpose

Use the Users area to create and maintain user accounts, assign roles, manage organisation scope, reset authentication factors, and help users regain access when needed.

Sign-In Options

CMS can show one or morethese sign-in options dependingwhen on platform settings:configured:

  • OptionWhat users see
    CMS usernameloginUsername and password.password
  • sign-in.
    • Microsoft EntraMicrosoft sign-in.in
  • button.
    • GoogleGoogle sign-in.in button.

    If an expected sign-in option is missing,not visible, a platform administrator should check the Authentication and Portal settings for enabled providers and configured provider details.settings.

    Account Activation

    Some environments require users to activate their account before normalthey portalcan access.

    use

    Commonthe activation actions are:portal.

    Action What happensResult
    Send welcome email Sends the user an activation link when email delivery is configured.
    Reset activation GeneratesCreates a freshnew activation code for an unconfirmed user.
    Request a new activation code AllowsLets a user who can sign in but is not activated to request a newfresh code.code from the sign-in flow.
    Activate account Confirms the activation code and allows the user to continue.

    When

    Manualcreating Reviewusers, Required:check Userwhether creationyour preparesenvironment activationexpects details,an but operators may still needadministrator to send the welcome or activation email fromafter saving the user actions menu.account.

    MFA

    When MFA is required, users are promptedasked to register MFAan authenticator during sign-in. If a user loses access to their authenticator,MFA, an authorised administrator can reset MFA for that user.

    After MFA is reset, the user registers MFA again on the next timeMFA-required they sign sign-in.

    User Management Workflow

    The

      Users
    1. Open pageUsers.
      2. is
    2. Create availableor toselect administratorsa withuser.
      3. the required organisation access.

      The

    3. Enter user editor includes:

      • User properties.
      • ScopeChoose scope and permissions.
      • AuthenticationConfigure settings.authentication settings where required.
      • AuthenticationSave information.the user.
      • ActivationSend actions.activation or welcome email if required by your process.
      • MFA reset.
      • Password reset.
      • Timezone selection.

    Role Assignment

    Administrators can assign roles only inside their own permitted scope.

    Acting role Typical assignment boundary
    Platform administrator Platform, distributor, partner, and tenant roles.
    Distributor administrator Distributor, partner, and tenant roles in distributor scope.
    Partner administrator Partner and tenant roles in partner scope.
    Tenant administrator Tenant roles in tenant scope.

    If a role is not available in the selector,available, confirm that the acting user has permission to assign that roleit and that the target user belongs to the correct organisation scope.organisation.

    Timezone Preference

    Users can set their own display timezone. If ano usertimezone doesis not choose a timezone,selected, CMS uses the system timezone setting. OperationalTimestamps recordsin remain consistent whilethe portal timestamps are shown inusing the user's effective timezone.

    EmailNotification Templates

    Administration > Notifications includes templates for account activation, welcome emails, invoices, delinquentoverdue paymentinvoice reminders, budget alerts, and other notification types.

    Implementation Gap: Some templates may be available before they are connected to an active portal action. Review templates before relying on them forin a customer process.

    Access

    Users only see user records and actions allowedavailable byto their assigned role and organisation access. If a user cannot see the Users page, a user row, or an action such as password reset or MFA reset, confirm the acting user has the correct administratoruser's role and relationship to the target user.

Back to top