How do I create user and group accounts?
Important: Only Neoserra administrators can create user accounts and groups.
A user account consists of a user name and password and a set of permissions. When someone logs into Neoserra, it is the user account that determines their level of access to the database. If you anticipate assigning the same set of permissions repeatedly to multiple users, you'll want to consider additionally creating a group account.
This article is divided into four topics:
- Creating User Accounts
- Creating Group Accounts
- Assigning Permissions to User and Group Accounts
- Best Practices for Permissions
Creating User Accounts
It is important to note that a user account is not the same as a counselor record. For example, administrative staff may be provided with a user account so that they can do data entry on behalf of one or more counselors, even though they themselves do not provide one-on-one counseling with a client and thus would not have a counselor record in the database. However, with that said, there is often a one-to-one correlation between a user account and a counselor which is why Neoserra allows you to create a new user account and counselor record simultaneously.
Note: If you have a counselor who will not access Neoserra but who does need a counselor record in the Neoserra database, then your Neoserra administrator will need to create the counselor record.
The steps for creating a user account (and, optionally, a counselor record) are outlined next:
- Enter administrator-mode.
- Select Administration|Accounts.
- In the upper right corner of the "Users" interface, click the "New" hyperlink.
- From the I want to create field, indicate whether you will be creating a new user account record only or both a new user account and new counselor record.
- From the Center field's drop-down menu, assign the center that the user is most closely affiliated with.
- In the First Name and Last Name fields, enter the new user's name.
- Enter a valid e-mail address for the user into the Email Address field. This e-mail address can later be used to identify the user account when a password reset is requested (assuming your database is configured to allow users to reset their own passwords).
- Next, assign the login and password that is required to access Neoserra.
- If you would like to assign your new user the exact same permission sets as an existing user, select the user from the Copy permission's from drop-down menu.
- Click the Submit button.
- You will now be prompted to send an email to the newly created user to provide them with their Neoserra username and password:
By default, this email template does not include your Neoserra database URL. It is strongly recommended that, as an administrator, you customize this email template and add your unique Neoserra URL to this email message template.
- If you indicated in step 4 that you are creating both a new user account record and counselor record, proceed to the next step. If you are creating a user account only, skip to step 13.
- On this second page, you are entering basic data that will be used to populate the new counselor record. Complete these fields as appropriate and click the Continue button when finished. Next, you will see the complete user account screen with some additional settings to be updated:
Each of these additional settings are described in more detail below:
Note: In most cases, you'll likely be creating both a user account and counselor record. However, there are two common scenarios in which you would need to create a user account only: (1) a counselor record already exists for the user or (2) you are creating a user account for someone other than a counselor, such as an assistant, who will be entering data on behalf of multiple counselors.
Note: This becomes the default current active center when the user logs in. Assuming you grant the user permissions to other centers, the user can switch centers at any time, but the center chosen here is considered by Neoserra to be the likely center for most of the user's activity.
Note: You'll notice that as you type the user's first/last name, Neoserra presents you with user account and/or counselor records that already exist in the database that could potentially be duplicates of the one you are creating. This is to help ensure that you don't create duplicates. If you had indicated, for example, that you were simultaneously creating both a user account and counselor record in step 4, but then discovered here that a counselor record already existed, you would want to change your prior selection to create just the user account and then associate the existing counselor record with the user account. Or vice versa.
Note: By default, Neoserra provides a common login format for the new user based on their first and last name, but you may override this. However, you may not include any extended characters in the login name. In other words, you should only include standard characters such as A-Z, 0-9 and !@#$%^&*();:'",.<>/?. Do not include accents in the login name or password.
Note: Passwords are case sensitive; logins are not. Since the data stored in the Neoserra database can be of a sensitive nature, it is important to choose a strong and secure password.
Note: Do you want users to be able to change or reset lost passwords? Do you want passwords to expire after a certain number of days, forcing users to keep passwords current? These settings, along with the ability to control password length and complexity, are available from the "General Settings" area Administration|Configuration settings, as discussed in the FAQ titled Can Neoserra users manage their own passwords?.
Note: If you intend to copy a user account multiple times for the purpose of creating several sets of identical permissions, you may want to consider creating a group account instead, as discussed in the Creating Group Accounts section of this article.
- If this user account is being set up for a temporary employee such as a student worker or volunteer, then you can set a date when the user account will automatically expire. This field can also be used when you have an employee who will be leaving on a certain date. By entering the day after their last day of employment you can ensure that their entire account will be locked at the start (i.e. midnight) of the expiration date. In other words, if you set the date to June 2, 2016 then the account will expire at 06-02-2016 00:00:00, or at first second of June 2nd, 2016.
- To grant the new user full access to every area of the Neoserra database, including the ability to create user accounts, select the Administrator? check box.
- From the Default Counselor field's drop-down menu, you can optionally assign the counselor that the user is most closely affiliated with. If you had chosen to create both a new user account and counselor record in step 4, this field automatically defaults to the new counselor record you just created.
- From the Default Funding Source and Default Sub-funding Source fields' drop-down menus, assign the funding and sub-funding sources that the user most commonly works under.
- There are two types of funding source locks that can be placed on a user account. Select either (or both) that apply:
- Lock funding source for data entry?. If you lock an account's funding source for data entry, the user will not be able to edit the Funding Source fields in any records that they create or modify, regardless of the add or edit permissions later assigned to the account. This lock does not apply to the Sub-funding Source fields.
- Lock funding source for reporting?. If you lock an account's funding source for reporting, the user will not be able to view or generate reports for any client activity records or conference records that are funded by a source other than their account's default funding source. This restriction applies to client activity and conference records only and only to the primary funding source, not the Sub-funding Source fields.
- If you would like to prevent the user from editing client IDs in existing records or overriding the system-defined client IDs automatically generated for new client records, select the Lock client IDs? option.
By default, all administrator accounts are assigned the highest level of read, edit, add, and delete permissions to the entire database and, therefore, there is no need to assign individual permissions or group memberships. In addition, there are many privileges that are only available to administrator accounts, as discussed in the companion FAQ titled What is administrator-mode?
Note: A counselor default is desirable if the new user represents a counselor or is solely affiliated with a single counselor because new records entered by the user will always default to the counselor chosen here. If the user enters data on behalf of many counselors, however, then it may be preferable to set "(No selection)" for this field.
Note: When creating a new client or conference record, the default funding assigned here automatically comes into play. However, if creating activity records (e.g. counseling session, award, investment, milestone records) for an existing client record, then it's likely that the default funding source already set for the client record will supersede the default funding source set for the user account. Whether a user account's default funding source or that of an existing client record takes precedence is dependent upon whether or not the Assign user account funding source in preference to client default? option is selected from the global configuration settings. There is one exception to this: if the user's default funding source is locked for data entry, as discussed in the next step, then the user account's default funding source always takes precedence, regardless of the status of the aforementioned global configuration.
If you did not copy any permissions over, you'll notice that your new user account has been set up with one single default baseline permission set that provides view, report, edit, and add permissions to all database areas for the center associated with the user account. To remove, edit, or further add to the permissions listed here, perform one of the following actions:
- Click the "New," "Edit," or "Delete" hyperlink in the "Permissions" table to update permissions for your newly-established user account, as discussed in the later section of this FAQ titled Assigning Permissions to User and Group Accounts.
- Click the "New" hyperlink in the "Memberships" table to quickly assign a previously-established set of permissions to the user (i.e. add your new user as a member of a group account), as discussed in the following section.
In the right hand panel, you have the ability to manage the scorecards assigned to the user's dashboard. For more information on scorecard dashboards, see the FAQ titled How do I display scorecards on the Neoserra dashboard?.
A group account is similar to a user account, except that it doesn't possess a login name or password. It only contains permissions. Group accounts exist as an efficient way of assigning the same core set of permissions to more than one user. In addition, edits to group account permissions automatically cascade down to all group members, saving you the trouble of individually editing each user account when global updates need to be made.
The steps for creating a group account are outlined next:
- Enter administrator-mode.
- Select Administration|Accounts.
- In the upper right corner of the interface, select Filter|Groups from the list.
- Next, click the "New" hyperlink, which is also located in the upper right corner.
- Enter a group name and a short name (i.e. abbreviated name) for your new group account record. The short name is used in various columnar summary views.
- Click the Save button to save your new group account.
- Click the "New" hyperlink in the far right column of the header row of the "Permissions" table to create permissions for your newly-established group account, as discussed in the later section of this FAQ titled Assigning Permissions to User and Group Accounts.
- Click the "New" hyperlink in the far right column of the header row of the "Members" table to add a member (i.e. existing user account) to the new group account. Repeat this step for each member you would like to add.
Note: In addition to adding members from a group account record, you can also assign group membership from an account record.
When you assign permissions to a user or group account, it's important to note that each set of permissions is applied in combination to create the most aggressive permissions possible. For example, if you create one set of permissions that allows a user access to every single area of the database, but then create a second set of permissions that denies access to one single area of the database, Neoserra will not respect the second set of permissions.
Similarly, if a user is a member of a group, that user's personal permissions combine with the group's permissions to create the most aggressive permissions possible.
Important: Before following the set of steps below to assign permissions to a user or group account, we strongly recommend that you first review the FAQ titled How do user account permissions impact my ability to access Neoserra? so that you have a thorough understanding of the exact impact each permission type will have on the user's ability to interact with Neoserra.
The steps for assigning permissions to a user or group account are outlined next:
- Open, in view mode, the user or group account that you would like to assign permissions to.
- Click the "New" hyperlink in the far right column of the header row of the "Permissions" table.
- Select the center(s) and database area(s) that the current permission set will apply to.
- Decide which type of read and edit permissions you want to assign to the center/database area combination previously selected.
- Determine whether the user or group will have add or delete permissions for the center/database area combination previously selected.
- Click the Save button to save the permission set.
- Repeat steps 2-6 to create as many permission sets as necessary.
Note: If you assign the ability to edit center ownership, be sure that the account also has the ability to add records to another center's database. Otherwise, the account will not be able to successfully change a record's center ownership.
Neoserra has a flexible permission structure allowing you to finely control the capabilities of each individual user. Permissions play an important role in maintaining the integrity of your Neoserra database. You don't want to grant powerful permissions (e.g. delete or edit) to users who should not be able to signficantly impact the database. However, you also don't want to restrict permissions to the point that users aren't able to do their jobs correctly.
For this reason, OutreachSystems has several "best practices" recommendations to maintain a healthy Neoserra database:
- As a general rule of thumb, OutreachSystems recommends that you do not make every user in your database a system administrator!
- Administrators who work in the database in administrator-mode should be aware that they have special permissions in the database, and they can change/delete records that have technically been "locked".
- We strongly recommend that you provide as a minimum View & Report permissions to every user for as many database areas and centers as possible. This goes a long way toward preventing duplicate records.
- We also recommend that you provide Edit and Add permissions to as many users as possible, for as many database areas and centers as possible to allow full collaboration across the database.
- But perhaps the most important thing to remember is to inactivate users that are no longer with your program. User accounts that are no longer used can pose a security risk to your database. Please refer to this FAQ to see how you can inactivate user accounts and transfer the corresponding counselor's clients to another counselor. Neoserra will perform a Data Maintenance check on all user accounts that have not been used in the last 180 days.
How do users know their permissions?
Some users may want to know what permissions have been assigned to them. If your users want to see their permissions, they can go to their personal preferences page and click on the Permissions link found there:
Want more? Browse our extensive list of Neoserra FAQs.