To manage the CMP workflow effectively, an Account or Group can create multiple Users and delegate different Access Rights to the Users. Assigning the appropriate Access Rights effectively limits each User's abilities to the scope of their role within the organization. Account Administrators can also organize a collection of Users into Groups, to which Access Rights can also be assigned.

Note:

Users can represent various entities within an organization, such as an employee or a customer that requires access to the Enterprise Portal.

Users, User Groups, and their Access Rights can be managed in the CAS User Management application, however, Local Users can be managed via the Users module of the Enterprise Portal as well. Functions not available or applicable to Enterprise Users, like the management of ACL Templates, User Groups, or Context Access Policies, are only available via CAS User Management.

Users

The Users submenu of the Administration module allows Users to view all the Users of the currently selected context and one context level below, if applicable. Also, the management of Local Users is possible via the Users submenu of the Enterprise Portal.

Note:

Delegated Users are read-only and cannot be created or changed via EP.

Field	Description
Login	Login information of the User.
Status	Current status of the User.
Context Level	In CMP the following Context Types are available: Root Account Customer Since it is not possible to mix different context levels for a single User, Users can only be assigned to one level. This means a User can only be assigned to the Root context, or one or more Accounts, or one or more Customers.
Domain	Domains allow grouping Users into different categories with similar behavior or semantics. By default, CMP supports the following two user domains: CSP ENTERPRISE Because of User Domain determines which CMP Portal a User can access, the following limitations have been implemented: Users assigned to the Root context always have CSP user domain, one or more Account contexts can have either CSP or ENTERPRISE user domain, and Customer contexts always have ENTERPISE user domain. Combined with the Web Module Access User Right, the User Domain determines if a User can access a CMP Portal: CSP domain enables Users to access all CMP Portals. Exception: Account Users created with the CSP domain can only access EP and CAS UM since Account contexts are not supported in the other CMP Portals. ENTERPRISE domain only allows Users to access the Enterprise Portal.
Personal Information	User-defined personal information of the User.
User Category	Category of the User, that is defined by the Domain of the User. Local: Users authenticated and managed completely in the CAS environment. Delegated: Users authenticated via an external IdM (Identity Management System). The information of Delegated Users is read-only. Federated: currently not used
Last Login	Date and time of the last time the User has logged in.
Creation Date	Date and time of the creation of the User.

Search for a User

The search option of the Users module allows Users to retrieve a list of Users by entering text into the Search field.

Search results may be filtered with the criteria given in the Search bar.

Filters:

Creation Date Range
Status
User Category

The inserted search and filter criteria can be removed by clicking on the Clear search icon.

Create a User

Note:

Only Local Users can be created via the Enterprise Portal and sufficient Admin Rights as Account Admin or Portal Admin are required for User creation.

To create a User:

Click on the Add icon.
Define the information fields for the new User.
Fields marked by a red asterisk are mandatory.
Click Create to save the User.

Field	Description
Login Name	Login information of the User.
Domain	Domains allow grouping Users into different categories with similar behavior or semantics. By default, CMP supports the following two user domains: CSP ENTERPRISE Because of User Domain determines which CMP Portal a User can access, the following limitations have been implemented: Users assigned to the Root context always have CSP user domain, one or more Account contexts can have either CSP or ENTERPRISE user domain, and Customer contexts always have ENTERPISE user domain. Combined with the Web Module Access User Right, the User Domain determines if a User can access a CMP Portal: CSP domain enables Users to access all CMP Portals. Exception: Account Users created with the CSP domain can only access EP and CAS UM since Account contexts are not supported in the other CMP Portals. ENTERPRISE domain only allows Users to access the Enterprise Portal.
Personal Information	First and last name of the User.
Email	Email address of the User.
Phone Number	Phone number of the User.
Multi-factor Authentication	Multi-factor Authentication settings of the User. The values available for selection are dependent on the features enabled on the CMP instance. Disabled Token via Email Token via SMS Token via SMS and Email
Preferred Language	Language preferred by the User in the use of the CMP. Currently supported languages: English Spanish Portuguese Note: CMP supports English as a default language, the support of any additional language is available as an optional feature. Only languages licensed on the CMP instances will be available for selection as the preferred language.
Context Access and User Groups	Contexts and User Groups the User will be assigned to. Note: Context Access can only be assigned in case the User is created on the Root level, in case any User is created on the Account or Customer level the User is automatically assigned to the current Context. User Groups of multiple contexts can be assigned to the User at creation. However, only User Groups of the same context can be assigned at once.
External User ID	External identifier for the User that can be used to refer to the User outside of the CMP context.
Description	Comments/remarks regarding the User.

Edit and Delete Users

Any User in status Draft, Active, or Inactive can be edited, however, only Users in status Inactive can be deleted.

Click the Edit icon to modify the settings seen in the User creation.
Click the Delete icon to delete a User. Deleting a User anonymizes its data without deleting the User from the database. References to anonymized User records (e.g. audit log information) are kept.
Note: Deleted Users cannot be reactivated.

Reset User Password

Users with the appropriate Access Rights (e.g. Account Administrators, CSP Users) can reset any User's password via the Enterprise Portal's User Management section.

Enterprise Portal provides two options to reset passwords.

To reset passwords from the Users grid:

Select an active User from the grid.
Click on the Reset Password icon.
Click Confirm to finalize the password reset.

To reset passwords from the Edit dialog:

Select an active User from the grid.
Click the Edit icon.
Click Reset Password.
Click Confirm to finalize the password reset.

Password Reset by Admin Email Template

"Dear <defined login name>,

Password reset has been requested by an Administrator.

Your login name is: <defined login name>

Please use the following link to reset your password: reset password link"

Update User Status

Users exist as Draft, Active, Inactive, and Deleted in the CMP. A User must be activated before it can access the CMP modules according to its authentication and authorization settings.

Click the Discard icon to remove information entered for a User in DRAFT status from the database.
Click the Activate icon to change the status from DRAFT/INACTIVE to ACTIVE.
Click the Deactivate icon to change the status from DRAFT/ACTIVE to INACTIVE.

Send Welcome Email

At activation, a welcome email can be sent to new Users.

To send a welcome email:

Select a User in DRAFT or INACTIVE status.
Click the Activate icon.
Select the Send welcome email checkbox.
Click Activate to finalize the process.

Welcome Email Template

"Dear <firstname> <lastname>/<login-name>,

Welcome to the CMP platform.

Your login name is: <login name>

Please click the following link to set your new password: New Password"

User Extended Details

User Profile

The User Profile section gives a quick overview of the basic User information defined at User creation for the selected User.

The avatar of the User can be changed by clicking on the Edit User Avatar icon under the current profile picture or deleted by clicking on the Delete User Avatar icon.

Context Access

The Context Access section allows Users to view and manage the list of all the Contexts the selected User currently belongs to.

Note:

Assignment of Context Access is only available on Root level.

To assign a Context Access to User:

Click on the Add icon.
Select a Context Access from the available options in the dropdown list.
Click Assign to apply your selection.

To remove a Context Access from a User click on the Delete icon.

User Groups

The User Groups section allows Users to view and manage the list of User Groups the User currently belongs to.

To assign User Groups to a User:

Click on the Add icon.
Select one or multiple User Groups from the available options in the dropdown list.
Note: The list of available User Groups is filtered by the Context Access.
Click Create to apply your selection.

To remove a User Group from a User click on the Delete icon.

Effective Rights

If a User has access to a specific function (described by an ACL), in a given context (Root or Account context), the evaluation of several User Rights related concepts is required. The result of the evaluation defines the Effective User Rights of a given User in a given context. Note, that the Effective User Rights only make sense in combination with a context.

Effective User Rights are calculated every time the User logs into a CMP module or the context of the User has been switched. The following are the steps of the calculation of the Effective User Rights of a User in a given context:

In case the given context has a context Access Policy defined, transfer the setting of it to the Effective User Rights list of the User. These Access Rights will remain valid unless overwritten in one of the next steps.
In case the User is assigned to one or many User Groups, write the settings to the Effective User Rights list of the User.
For more than one User Groups the evaluation will follow the alphabetical order of the User Group Names, later Access Rights will overwrite earlier User Group Rights, or context Access Policy Rights remaining from step 1.
Access Rights assigned to a CAS User directly overwrite the Effective User Rights calculated in steps 1 and 2.
Note: This step is not used currently.

For each of the Effective User Rights, the Source Type and Source Name of the Effective Right's source is displayed.

Source Type

Context Access Policy
User Group ACL
User assigned right (for future use)

Source Name

Name of the corresponding Context, or User Group (see Source Types above).

The name is empty for Source Type User assigned right.

In the case of an Account Level User, the displayed set of Effective Rights depends on the selected Account.

The information displayed in this tab is read-only.

The tab allows Users to filter the listed rights by Context Access, Module, ACL Type, and Source Type, and to search User Rights by Name.