Authentication and Users

Authentication and Users

Overview

Authentication and user management control how people sign in, activate accounts, register MFA, choose a timezone, and receive role-based access to CMS.

Purpose

Use the Users area to create and maintain user accounts, assign roles, manage organisation scope, reset authentication factors, and help users regain access when needed.

Sign-In Options

CMS can show theseone or more sign-in options whendepending configured:on platform settings:

Option	What users see
CMS login	Usernameusername and passwordpassword. Microsoft Entra sign-in.
Microsoft Entra	Microsoft sign-in button.
Google	Google sign-inin. button.

If an expected sign-in option is not visible,missing, a platform administrator should check the Authentication and Portal settings.settings for enabled providers and configured provider details.

Account Activation

Some environments require users to activate their account before theynormal canportal useaccess.

the

Common portal.activation actions are:

Action	ResultWhat happens
Send welcome email	Sends the user an activation link when email delivery is configured.
Reset activation	CreatesGenerates a newfresh activation code for an unconfirmed user.
Request a new activation code	LetsAllows a user who can sign in but is not activated to request a freshnew code from the sign-in flow.code.
Activate account	Confirms the activation code and allows the user to continue.

When creating users, check whether your environment expects an administrator to send the welcome email after saving the account.

MFA

When MFA is required, users are askedprompted to register an authenticatorMFA during sign-in. If a user loses access to MFA,their authenticator, an authorised administrator can reset MFA for that user.

After MFA is reset, the user registers MFA again on the next MFA-requiredtime sign-they sign in.

User Management Workflow

The Users page is available to administrators with the required organisation access.

The user editor includes:

• Open Users.
• Create or select a user.
• Enter userUser properties.
• Choose scopeScope and permissions.
• ConfigureAuthentication authentication settings where required.settings.
• SaveAuthentication the user.information.
• SendActivation activation or welcome email if required by your process.actions.

MFA reset.

Password reset.

Timezone selection.

Role Assignment

Administrators can assign roles only inside their own permitted scope.

Acting role	Typical assignment boundary
Platform administrator	Platform, distributor, partner, and tenant roles.
Distributor administrator	Distributor, partner, and tenant roles in distributor scope.
Partner administrator	Partner and tenant roles in partner scope.
Tenant administrator	Tenant roles in tenant scope.

If a role is not available,available in the selector, confirm that the acting user has permission to assign itthat role and that the target user belongs to the correct organisation.organisation scope.

Timezone Preference

Users can set their own display timezone. If noa timezoneuser isdoes selected,not choose a timezone, CMS uses the system timezone setting. TimestampsOperational records remain consistent while portal timestamps are shown in the portal are shown using theuser's effective timezone.

NotificationEmail Templates

Administration > Notifications includes templates for account activation, welcome emails, invoices, overduedelinquent invoicepayment reminders, budget alerts, and other notification types. Review templates before relying on them in a customer process.

Access

Users only see user records and actions availableallowed toby their assigned role and organisation access. If a user cannot see the Users page, a user row, or an action such as password reset or MFA reset, confirm the acting user'suser has the correct administrator role and relationship to the target user.