Concepts

  • "User's" are individuals that are able to log in and use the web application (unless locked out or flagged "Pending"). However, User Management also manages users who are in "Pending" or "Locked" mode who cannot login.
  • Technically speaking, only users present in Alpha Anywhere's database table named websecurity_users are are allowed to login. You, as a Framework user, do not need to concern yourself with the technical details of security, or the various official Login tables names. Just maintain your users using the Framework and it will keep security in sync.

Online User Registration (Double Opt-in)

  • Users who register online provide their First Name, Last Name, UserID (Email Address) and Password and are initially added to the wt_users table with a status of "Pending" -- they cannot yet login at this point.
    • If you want to change what information the user enters, modify the wt_users_reg component.
  • The user will receive a confirmation email with a link used to complete the registration. When they click that link, they are added to security and their status is toggled to "Active" -- they can login at this point.
  • The most common reason for an incomplete registration process is that the user did not receive your confirmation or it was delivered to their junk folder.

Adding Users Manually

  • Add users by clicking New Records on the User List. Enter their first name, last name and a unique email address as the UserID.
  • Initially, this user will be flagged as Inactive.
  • Users who are added manually will initially be assigned a Status of "Inactive" and cannot login. You can toggle them to Active by clicking the Security link and creating a password and user groups for them. However, if you want the user to assign their own password, you can send an email to them using the Send Email to Users module.

Modifying User Records

  • If you remove a user's Security record, they will toggle from Active to Inactive.
  • If you delete a user from the User List, they will be deleted from Security as a result and cannot login.
  • If you modify the User ID in the User List, it will update that field in Security Framework. The other fields (name, dates, etc.) are not in Security Framework.

Managing Users

  • Go to Admin > Manage Users > Website User List to view users.
  • Click “Security” for any given user and modify their User ID and/or password.
  • Users can be:
    • PENDING -- this person has not completed their registration, not clicked the link in the confirmation email.
    • ACTIVE - normal user who can login.
    • INACTIVE - they were added manually and have not been assigned a password and/or security groups.
    • INVITE - the user was added manually or online but does not have a password.
  • By definition, a user with a Status of Active has a Security record and can login. If the user does not have a Security record you can add on including assigning a password and one or more Security Groups. This will toggle their account to Active and they can immediately log in. You can either tell the user their password, or have them click the Recover Password link on the Login page. There is no built-in method for you to email the user their password once a Security record has been set.
  • Other rules:
    • Export a list of users by clicking the "Excel" icon.
  • Possible Status values are:
    • ACTIVE - A normal user who can login. By definition, a user with a Status of Active has a Security record with a password and assigned to one or more Security Groups.
    • INACTIVE - User does not have a Security record and cannot login. User was either added manually or their existing Security record was deleted.
    • PENDING - User does not have a Security record and cannot login. They have started the registration process but not clicked the "confirmation link" in the email sent to them to confirm their registration. You can manually enter a Security record, or wait for them to confirm, or toggle them to Invite to send a reminder.
    • INVITE - User does not have a Security record and cannot login. Typically, these users were added manually and then toggled to Invite. Or they were Pending and toggled to Invite. You can send an "invitation" to all users with a status of Invite in the Send Email to User module. You can only send an invite to user who do not have a Security record. If the user was Pending, they will have entered their own password at registration. If the user was originally not Pending, they will not have a password set, so the Invite process will generate a new password for them, and include it in the invitation email.
    • LOCKED - A user who has been locked (cannot login) for an indefinite period of time. You can click Unlock to return them to Active status.