Any individual that needs to interact directly or indirectly with your Issuetrak system is a User. Users that can log into your Issuetrak site may interact directly. Users that cannot log in may interact indirectly through other users and / or email. Every user must be given an Agent or End User designation from a dropdown. Any user granted an Agent designation can then be granted any of the Agent specific permissions.
Terminology
It’s best to be familiar with several terms going forward:
| Term | Definition |
|---|---|
|
User Record |
Used to associate who reported, who worked on, and who can view an issue. Each User Record has a record type, a user type, and permissions defining what that user can do. |
|
Record Type: User |
A user record that can have a role on an issue, view issues in searches and reports, be the site administrator, log in to the site, or send emails that create issues. |
|
Record Type: Template |
A user record used when creating another user account to pass setup information, permissions, and group membership. Templates can’t have a role on an issue or log into the site. |
|
User Type: End User |
A user in Issuetrak with no agent-level permissions. |
|
User Type: Agent |
A user able to be granted agent-level permissions including one or more of the following: can assign or be assigned issues, can assign or be assigned Next Action, can submit on behalf of another user, or handle the administration of the site. The number of users that can be designated as agents is controlled by your software license. |
|
User ID |
A unique identifier used to log into the Issuetrak site. Can contain letters and numbers, but no spaces. Only able to be changed using the User ID Maintenance section of the Administration menu by another user with administrative permissions. |
|
Allows you to associate users together. Members of a group inherit the permissions granted to the group. |
Creating Users
Users can be automatically added through authentication and Identity Management as well as incoming email messages using Incoming Email (IEM), or the optional Self-Registration feature.
Each of the above methods requires the use of templates to set the default permissions and group membership for the users. Templates are also utilized when agents need to create new users when submitting issues on behalf of a user that doesn’t yet exist on the site.
Users can also be manually added from:
- Navigate to the left menu > Entities > Users (List) > select Add on the right context menu.
- Navigate to the left menu > Entities > Users (List) > select Clone By ID on the right context menu.
- Submit New Issue screen
- API
Users may also be created through a user import process. This is done with the assistance of the Support team and may have a fee involved. For more information, please see our information about Data Services.
To see a demonstation of creating a user, click the Continue button to start the presentation below.
Click here to see more of our training videos.
The table below shows an overview of the information contained in User Records:
| Section | Description |
|---|---|
|
Basic Information |
End-User or Agent designation, user ID, password, name, email, phone, address, and time zone |
|
Security Details |
Authentication Type (on the Edit User screen), Password Satus, Last Login, "Manage Multi-factor Authentication" button, "Close User's Sessions" button |
|
Extended details |
Authentication Type (on the View User Details screen), Phone Number, Email Address, (Physical) Address, Organization, Department, Location, Time Zone, Information stored in User Defined Fields |
|
Attachments |
Documents or images in any electronic file format |
|
What the user can see or do when using Issuetrak |
|
|
Any larger entities the user belongs to |
All user records include a view issues link to a list of all issues submitted by and on behalf of the user. If Record all login attempts setting is activated in Defaults, they also include a history link to all login attempts by the user. If using the Asset Management (AM) Module, they also include a view assets link to a list of all assets related to the user.
From issue-related screens, a submitter's issue history can be accessed using the history link next to the Caller / Submitter field. An organization’s issue history can be accessed using the history link next to the Organization field.
Using Add option
The most common is by adding them through the Settings Lightbox. In this method, you can grant permissions directly to that specific user. Once created you can add the user to a group to more effectively manage permissions.
To add a new user with no pre-existing details or permissions:
-
Navigate to the left menu > Entities > Users (List) > select Add on the right context menu.
-
Select User as the Record Type.
-
Choose the appropriate User Type. If you have a Team license, then this step doesn't apply since the field will not be visible.
-
Enter the new User ID. The password can be set later if desired.
The User ID cannot be modified once the record is saved without going to User ID Maintenance. If no user ID is entered, a numeric user ID will be assigned by the system.
-
(Required) Enter their First and Last Names. The Display Name will automatically populate. However, you may enter a different display name if you choose.
-
If this user is allowed to log in, select Can Log In.
-
Under the "Security Details" header: Select the Authentication Type this user should have. Authentication types other than "Issuetrak" require additional configuration.
-
Under the "Extended Details" header: Enter their Phone number, Email address, and Mobile / SMS Email address.
-
If no system-generated email notifications should be sent to this user, select Suppress All Email.
-
Select the appropriate Organization memberships by clicking Select Organization(s) (this field is required). Keep in mind the following:
-
You must select a primary organization for this user (designated by a "Star" icon). This organization will determine a large degree of information visibility for the user.
-
If desired, you can add organization memberships beyond the primary organization. You can find organizations by typing part of their name into the "Search & Filter..." field.
If an organization's name contains the sequence of characters you entered, it will appear in the "Available Organizations" column.
For each organization membership you add can optionally add "Edit Issues" for this user (subject to "Can Edit Issues" permission), designated by the "Pencil" icon. Additionally, toggling the "People" icon on an organization membership will allow this user to have the ability to list users belonging to this organization.
You can add organization memberships...-
By clicking Add Visible, which will add every organization currently displayed in the "Available Organizations" column (up to its 100 organization limit) to the "Organization Memberships" column.
-
If there are more than 100 organizations in the site, the next available batch of previously-undisplayed organizations will populate the "Available Organizations" column. You can keep clicking Add Visible until all organizations have been added to the "Organization Memberships" column (up to 9500), if you wish.
-
-
By clicking and dragging the available organizations to the Organization Memberships column.
-
-
-
Select the appropriate Department and Location memberships, if applicable.
-
(Required) Select their TimeZone.
-
Enter their mailing Address.
-
Enter / Select any user-defined details, if applicable.
-
Under the "User Permissions" header: Select any Menu Options / Pages Allowed to display for these users.
-
Select the Default Home Page to display.
-
Select Redirect To screen to be displayed immediately after submitting an issue. This value defaults to a new submit screen. Choose between Submit screen, Issue View (displaying the newly entered issue), Dashboard, or Issue Hub screen.
For more detailed information about each of the available permissions described in the steps below, please access the following article.
-
If the user type selected was Agent, select Agent (license-related) Permissions.
-
An Agent license must be available for each user created from this template to have any of these permissions.
-
-
Select any administration-related permissions.
-
Select any data access-related permissions.
-
Select any task-related permissions.
-
Select any issue maintenance-related permissions.
-
Select any reporting-related permissions.
-
Select any email-related permissions.
-
Click Save.
-
Clicking Reset will clear all current entries and selections.
-
A confirmation message will appear when this process is complete.
Using Clone Option
Cloning an existing user brings over common information like organization, permissions, and group memberships.
When users are cloned, their permissions and details can be changed before their records are saved. However, no changes to the original user or user template will be applied to records already created from them.
User Administrators cannot clone Agents, templates, user permissions, or users with non-Issuetrak authentication. Group memberships, however, will be cloned. If you are using a User Administrator account to clone a user account, it is necessary to use group memberships to manage the resulting account permissions.
The following field information is cloned:
- User permissions
(if performing the clone while signed in as a sysadmin or other admin that is not a User Administrator) - Record Type
- User Type
- Group memberships
- Organization
- Time Zone
- Address 1
- Address 2
- City
- State
- Zip Code
- Country
- Issue Hub screen display format
- Default Home Page
- Redirect to (Page) after submit
- Any custom email notification flags, such as:
- On Escalation of ANY/ALL Issues
- On Submission of ANY/ALL unassigned Issues
- When Note Added to ANY/ALL Issues
To add a new user by copying details and permissions from an existing user or user template:
- Navigate to the left menu > Entities > Users (List) > select Clone By ID on the right context menu.
- Enter the User ID of the existing user or template to copy and click Clone. (Clicking Reset will clear any current entry.) This will open the Add User screen with the details and permissions that have been copied.
OR
- From the View or Edit User screen of the existing user or template record to copy > View User Details > Clone beneath Edit User - <User ID> section on the right context menu.
- This will open the Add User screen with the details and permissions that have been copied.
- Verify that the User is selected as the User Type and enter the new user’s ID and password.
If you have a Team license, then the User Type field will not be visible.
The User ID cannot be modified once the record is saved without going to User ID Maintenance. If no user ID is entered, a numeric user ID will be assigned by the system.
-
Enter the user's first and last name (required). Their display name will automatically populate. However, you may enter a different display name if you choose.
-
Modify any appropriate details and / or permissions copied from the original record.
-
Click Save.
-
Clicking Reset will clear all current entries and selections.
-
A confirmation message will appear when this process is complete.
Using the Submit Issue Screen
Permissions for these users are based on the ‘New Caller’ default template defined in System Defaults. If no template has been defined, no permissions will be granted without editing these users and / or adding them to one or more groups.
To add a new user using the Submit Issue screen:
- Click the add link next to the Caller field. This will open the Add New Caller window.
You can also access this window from the user search by clicking on the Add New Caller link in the lower right of the Select User Record window.
-
Enter the new user's ID.
The User ID cannot be modified once the record is saved without going to User ID Maintenance. If no user ID is entered, a numeric user ID will be assigned by the system.
-
If name values were entered prior to clicking add, these values will be pre-filled when the window opens. If no value appears, enter their first and last name (required). Their display name will automatically populate. However, you may enter a different display name if you choose.
-
Enter/Select their Organization (required), Department, and Location memberships. The Organization may be prefilled for you if entered prior to clicking add.
-
Enter their phone number, email address, and mailing address.
-
Click Add New Caller. (Clicking Cancel will close the Add New Caller window.)
The message "The User ID of the caller is entered onto the Submit Issue page – This window will close in 5 seconds" will then appear in the Add New Caller window. This window will then close and you will be returned to the Submit Issue screen.
Managing Users
Users are maintained primarily from the Settings Lightbox menu. The Users Management menu includes Summary, List All, Clone By ID, Search, User Defined Fields, and User ID Maintenance sub-menu options. Users with Sys Admin, Can access and maintain Administration functions, or Allowed Read Only access to Administration information permissions may access these options, however, those with read-only access will not be able to add, edit or delete information.
| Menu Option | Description |
|---|---|
|
Summary |
From here, you may click on the number next to a specific summary item to open the item’s User Summary List. You may click on a column heading to sort the User Summary List by a column’s values. You may click on a user ID to view the user’s record. You may use the edit or del links next to a user ID to edit or delete the user. |
|
List all |
This menu option displays a list of all existing users and user templates available. From here, you may select a Search On option, enter a search value, and click Search to filter /search the list. The list will re-populate with users / templates matching the criteria. You may use the previous and next buttons to page through the list. You may click on a column heading to sort the list by the column’s values. You may click on a user ID to view the user’s record. You may use the edit or del links next to a user ID to edit or delete the user. |
|
Clone By ID |
This menu option will open the Clone User screen. User records may also be cloned directly from the View or Edit User screens as mentioned above. |
|
Search |
This menu option allows you to perform detailed user searches. |
|
If using one or more list user-defined fields in your user records, you can access these settings by performing the following steps:
This is where the drop-down values for these fields are maintained. Within the User Defined Fields sub-menu, select the option that corresponds to a field’s label to maintain its values. This will open the List screen. From here, you may select the Add option that appears below the field’s sub-menu option to add a new value to the field. You may use the edit or delete links next to an existing value to edit or delete the value. |
|
|
This menu option offers two utilities that allow you to Merge Duplicate Users and Change User's User ID. |
Existing user records can be manually edited to adjust contact details or individual permissions from
- Navigate to the left menu > Entities > Users (Search).
- If you need to add permissions to multiple users, you can create a Group to grant them. If you need to remove permissions from all users in a group, simply remove the permission from the group itself.
If you’re using the Identity Management module, then any changes to contact details must be done within your identity provider. Permissions must be changed either on the template used to do the import and update or on the groups that the user belongs to.
Deleting users is not recommended. When a user is deleted, any references are eliminated, causing missing data and errors on issues. This can also cause corruption in your database, and stop issues from reporting properly. If a user no longer needs access to your site or needs removal, the user record should be edited, and the “active” checkbox disabled.
Using Settings Lightbox > Users
As a best practice, you should always deactivate rather than delete any existing items within your system. To deactivate a user, edit the user and deselect the Active parameter.
To edit an existing user or user template using the Settings Lightbox and subsequently the right context menu:
- Navigate to the left menu > Entities > Users (List).
- Perform a Quick Search for the record by selecting a Search Users List option, entering a search value, and clicking Search. The list will re-populate with users / templates matching the criteria.
- Click the Edit link next to the user ID. The Edit User screen will then appear.
OR
- Navigate to the left menu > Entities > Users (Search).
- Perform an advanced search for the record by entering criteria, selecting the Output Option of Brief List, and clicking Search. The Users Search Result screen will then appear.
- Click the Edit link next to the user ID. The Edit User screen will then appear.
OR
- From the View User screen, select the Edit sub-menu option on the right context menu.
- To deactivate, unselect Active.
- To add or remove login permissions, select / unselect Can Log In.
- To grant full access to all System menu options, select Sys Admin.
- To add attachments, use the Attachments sub-menu option.
- Modify any other appropriate details and / or permissions.
- Click Update.
- Clicking Reset will return all entries to the values defined during the most recent save/update.
You will then be returned to the View User screen and the message User successfully updated will appear.
Using issue-related screens
To edit an existing user using issue-related screens:
- Click on the user's name from any of the following screens:
- View Issue
- Add Note
- Assign Issue
- Next Action
- Close Issue screen
- A popup window will then open with the user’s details. Click Edit User in the lower right. The Edit User screen will then appear.
- Modify the appropriate details and/or permissions.
- Click Update.
- Clicking Reset will return all entries to the values defined during the most recent save/update.
You will then be returned to the View Issue screen and the message User successfully updated will appear.
User ID Maintenance
The User ID field is protected during routine user record edits as it is used by many other records throughout the system. This utility offers two options that allow you to update a User ID.
If a user has been duplicated and you would like to merge two records with different User IDs into one record,
- Click on the Merge Duplicate option beneath the Maintenance section on the right context menu.
- Enter the User ID for the user you wish to keep as the primary user. This User ID will be used to replace all occurrences of the secondary User ID, effectively transferring all of their records to the primary User. While all records such as issue submissions and assignments will be transferred to the primary user, the user records themselves will not be modified.
- If you wish to delete the secondary user record after the transfer, check the Delete after Processing option.
- Click the Merge button.
The Change User’s ID option is more likely to be used if an employee has a name change or if the User ID was entered incorrectly. In this case, all records containing the old value will be updated to the new User ID value. The user record is then updated with the new User ID value.
User Memberships
What a user can see and do can be influenced by their Memberships within larger entities. You can add a user to a number of other entities, including:
| Entity | Description |
|---|---|
|
Organization |
A primary organizational unit (companies, subsidiaries, etc.) |
|
Department |
The functional unit (accounting, administration, marketing, IT, etc.) |
|
Location |
Physical/geographic unit (cities, sites, buildings, offices, rooms, etc.) |
|
Group(s) |
Role-based unit (end users, managers, technicians, etc.) |
These entities structure the user base to provide the overall framework for capturing and reporting information related to users and issues within your system.
Users and organizations are the only entities required in all systems since every issue must have a submitting user and every user must belong to an organization. The use of departments, locations, and / or groups is optional.
Using entities to influence a user’s experience is also optional. For example, users that belong to a certain organization may see a different Site Title and Site Colors. Users that belong to a certain department may see only issues submitted by or assigned to other members of their department. Users that belong to a certain group may see additional Issue Templates, Issue Types, and Tasks that cannot be seen by other users.
The table below shows the field and object filters that can be controlled at the entity level.
|
You can define user access to specific... |
Based on Organization |
Based on Department |
Based on Location |
Based on Group |
|---|---|---|---|---|
|
Issue Types & Subtypes |
✔ |
✖ |
✖ |
✔ |
|
Issue Templates |
✔ |
✖ |
✖ |
✔ |
|
Tasks |
✔ |
✖ |
✖ |
✔ |
|
Assets |
✔ |
✖ |
✖ |
✖ |
|
Users |
✔ |
✖ |
✖ |
✖ |
|
Issues |
✔ |
✔ |
✖ |
✖ |
|
Global Issues |
✔ |
✖ |
✖ |
✖ |
|
Knowledge Base Articles |
✔ |
✖ |
✖ |
✔ |
|
Projects |
✔ |
✖ |
✖ |
✖ |
|
Site Title and Logos |
✔ |
✖ |
✖ |
✖ |
|
Site Colors |
✔ |
✖ |
✖ |
✖ |
As you decide which entities to use in your system, keep in mind that how the system responds to issues can be automated based on these values. This includes Auto Assignments, Subscribers, Workflows, Service Contracts, and Service Level Agreements.
Notes on User Authentication
Third Party Authentication
Users that authenticate to Issuetrak via a third-party identification provider (AD Federation Services, Entra ID, OAuth 2.0 / OpenID Connect) will have some extra fields displayed when viewing their account in Issuetrak:
- Domain: This is the domain they are authenticated to.
- Authentication User ID: This is the key identifier (such as email or SID) used by the identification provider to uniquely identify this user.
Multi-factor Authentication (MFA)
MFA has its own article to inform and show you what's involved with configuring it.
Closing Thoughts
If you have any questions or would like the assistance of our product experts, please do not hesitate to contact us with any questions.
A Group can be defined as a set of multiple users that all need to interact with your Issuetrak system in the same way. Groups allow you to establish and control role-based Permissions collectively without manually granting individual users the same permissions over and over.
Terminology
It’s best to be familiar with several terms going forward:
| Term | Definition |
|---|---|
| Group | Allows you to associate users together. Members of a group inherit the permissions granted to the group. |
| Group Membership Type: Any | Any user record may belong to this group. This group cannot be granted any agent-level permissions. |
| Group Membership Type: Agent | Only users with the type of Agent can belong to this group. This group can be granted agent-level permissions. |
| Group ID | A unique identifier for your group. Can contain letters and numbers, but no spaces. It’s recommended to include the term “group” or “team” within the ID for it to remain clear when selecting or searching. The Group ID cannot be changed without the assistance of the Support Team. |
Purposes of Groups
Groups have four main purposes that are all related to linking users together. Users can be associated with one or more groups. The users within a group inherit the permissions from that group. If a user belongs to several groups, then the user receives the permissions from all of the groups. While groups are not required, they can be a powerful tool.
The use of Groups is optional. However, controlling common permission sets at the group level instead of the user level makes user administration easier and more consistent. In addition, Group Restrictions allow you to control access to specific Issue Templates, Issue Types, Tasks, Knowledge Base articles, and other values based on group membership(s). We strongly recommend using groups whenever possible.
Example:
Create a Managers group with permissions to run reports, view all issues and administrative information, as well as assign issues and tasks.
Create a Technicians and CSRs group with permissions to view and submit issues for other users, create and maintain Knowledge Base articles, as well as be assigned issues and tasks.
Create a Customers group with permissions to only view and submit their own issues and access your Knowledge Base.
When working with your site, think about what your users need to do within Issuetrak. Do they need different permission levels? Do you need to assign issues or tasks to more than a single person? Do you need to notify specific users when certain things happen? Do certain Knowledge Base articles, issue types, or Issue Templates need to be restricted? These questions help you decide what groups to create and which users should belong to each group.
Role-Based Groups
Some users have a specific purpose in the site or require a certain set of permissions. Every site normally has an End User group for users that may only need to login, submit, and view their own issues. You may have managers that need to view all issues, access the Dashboard, or run reports. You might create a group to grant agent-level permissions to all your agents. It’s important to include only the necessary permissions, keeping the permissions for each group to a minimum. Users can be associated with multiple groups. Additional permissions can be granted by adding the user to more granular groups. This can cover the different roles that each user needs to play on your site.
Assignment-Based Groups
The purpose of these is to assign an issue or task to more than one user. For example, if you have six people in your customer service department, you could create a customer service group with all six people as members. When an issue is assigned to your customer service group, all members of the group are notified and responsible. You may have agents with multiple areas of responsibility. In that case, you can use groups to create queues used for automatic assignment and reporting. We recommend using the word “group” or “team” in your group names. This makes it easier to differentiate between users and groups when assigning issues, in searches, or in dropdown lists.
Email Distribution Groups
These are for creating Issue Subscribers on your site. As an example, let's say that you need to set up workflow or issue notifications to go to a number of managers. Rather than add each one individually, create a group to add them all at once. This is especially helpful in times of staff turnover, or position changes. Instead of needing to update every notification list, you can simply update the group.
Restriction Groups
The purpose of these is to set “restrict to” values on issue types, subtypes, and Issue Templates when submitting issues. These groups effectively limit which values a user may select when submitting or maintaining issues. This does not impact the overall visibility of the issue. A group can also be used to restrict knowledge Base articles and categories. It’s also important to remember that these are "restrict to" values, not "restrict from" values. "Restrict to" means that if you’re a member of the group, you can see the item or value.
Group Permissions
Users can inherit all of their permissions through group membership(s). Or, inherit additional permissions to those already applied through a template or selected in their user records.
As users are added to a group, their inherited permissions will appear in a read-only format on their user records. These permissions cannot be changed without changing the entire group’s permissions or removing the user from the group.
Permission options on group records are almost identical to those on user records. However, there are additional properties that must be considered.
A group cannot log in or submit issues as if they were an individual user. But a group can:
| Permission | Description |
|---|---|
| Be assigned issues | The individual group members may be assigned issues if they have Can be assigned issues permission. |
| Be assigned Next Actions | The individual group members may then be assigned Next Actions; if they have Can be assigned Next Action permission. |
| Be assigned Tasks | The individual group members may also then be assigned Tasks; if they have Can be assigned Tasks permission. |
| Be added to Subscribers | The individual group members will then be sent notifications to the email address in their user record. Notifications will also be sent to the address in the group record if one has been defined. |
| Be added as Project members | The individual group members will then be included in the project. |
Groups are not valid for the assignment of Issues, Next Action, or Tasks without having active members added.
Group Restrictions
You may allow members of certain groups (or organizations) to view and select additional values not available to other users through Group Restrictions. This includes:
-
KB Articles
-
KB Categories
-
Issue Types
-
Issue SubTypes 1-4
-
Tasks
-
Task Groups
-
Issue Templates
Some examples of restrictions in practice are:
Restricting the Issue Template New Hire to your Manager Group. Then no employee other than a member of management can view and select it on issues.
Restricting the subtype Server to your IT Group. Then no employee other than a member of IT can view and select it on issues.
Restricting the Task Group QA Analysis to your Development Group. Then no employee other than a member of development can view and select it on issues.
Maintaining Groups
In order for a group to work, it must contain at least one active user. Users can only be added to a group from the Edit Group screen. Groups can be added and edited by any user with the Sys Admin parameter or Can access and maintain Administration functions permission.
Adding a Group
Steps:
-
From the left menu, click Entities > Groups > click on Add beneath Groups on the right quick menu. The Add Group screen will then appear.
-
Select the Membership Type.
-
Enter a Group ID. It cannot be modified once a record is saved. If no group ID is entered, a numeric group ID will be assigned by the system.
-
Enter a Display Name (required).
-
(Optional) Fill in the phone, email, and SMS email values. These are for informational purposes only and have no bearing on email notifications.
-
If no system-generated email notifications should be sent to any member of this group, select Suppress All Email.
-
-
Select a default Organization (required). Keep in mind the following:
-
You must select a primary organization for this group (designated by a "Star" icon). This organization will determine a large degree of information visibility for the user.
-
If desired, you can add organization memberships beyond the primary organization. You can find organizations by typing part of their name into the "Search & Filter..." field.
-
If an organization's name contains the sequence of characters you entered, it will appear in the "Available Organizations" column.
-
For each organization membership you add can optionally add "Edit Issues" for this group (subject to "Can Edit Issues" permission), designated by the "Pencil" icon. Additionally, toggling the "People" icon on an organization membership will allow this group to have the ability to list users belonging to this organization.
You can add organization memberships...-
By clicking Add Visible, which will add every organization currently displayed in the "Available Organizations" column (up to its 100 organization limit) to the "Organization Memberships" column.
-
If there are more than 100 organizations in the site, the next available batch of previously-undisplayed organizations will populate the "Available Organizations" column. You can keep clicking Add Visible until all organizations have been added to the "Organization Memberships" column (up to 9500), if you wish.
-
-
By clicking and dragging the available organizations to the Organization Memberships column.
-
If the organization(s) selected is marked as Internal Only, then only issues, users, and other groups within this organization will be available to members on issues and in reporting mechanisms. If this group has members outside of this Internal Only organization, then these users will be allowed to see issues pertaining to this group only.
-
-
-
(Optional) Select a Department value for the group.
-
Any assignments made to the group will show up in reporting for the department selected. If the department selected is marked Internal Only, then only issues, users, and other groups within this department will be available to members on issues and in reports. If this group has members outside of this Internal Only department, then these users will be allowed to see issues pertaining to this group only.
-
-
(Optional) Select Round Robin Assignments, if desired.
-
Select any Menu Options/Pages Allowed to display to all members of this group.
-
Select any permissions that all members of this group are to inherit.
-
A license must be available for each member to have any Agent permissions.
-
-
Click Save.
-
Clicking Reset will instead clear all current entries and selections.
-
A confirmation message will appear when this process is complete.
Editing a Group
Steps:
-
From the left menu, click Entities > Groups. This will open the Group List screen.
-
Perform a Quick Search for the record.
Once you're on the Edit Group screen, you can perform the following changes as needed:
-
To deactivate, unselect Active.
-
To add or remove members, use the View/Maintain Member List link.
-
Modify any other appropriate details and/or permissions.
-
Click Update.
-
Clicking Reset will instead return all entries to the values defined during the most recent save/update.
-
You will then be returned to the Group List screen and the message "Group successfully updated" will appear.
As a best practice, you should always deactivate rather than delete any existing items within your system. To deactivate a group, unselect Active as described in step 1.
Group ID Maintenance
The Group ID field is protected during routine group record edits as it is used by many other records throughout the system. This utility offers two options that allow you to update a Group ID.
If a group has been duplicated and you would like to merge two records with different Group IDs into one record:
-
From the left menu, click Entities > Groups.
-
Click on the Merge Duplicate Groups beneath the Maintenance section option on the right quick menu.
-
Enter the Group ID for the group you wish to keep as the primary group. This Group ID will be used to replace all occurrences of the secondary Group ID, effectively transferring all of their records to the primary Group. While all records such as issue submissions and assignments will be transferred to the primary group, the group records themselves will not be modified.
-
If you wish to delete the secondary group record after the transfer, check the Delete after Processing option.
-
Click the Merge button.
The Change Group’s ID option is most likely to be used when the Group ID was entered incorrectly. In this case, all records containing the old value will be updated to the new Group ID value. The group record is then updated with the new Group ID value.
Permissions control what users can do or access within Issuetrak. With over 50 permissions available, it can be challenging to understand what separate permissions do and how to best manage them. These guidelines are meant to assist you in managing the permissions for your user accounts.
User Type
Every user must be designated as either an Agent or an End User. This determines what permissions your users have access to. Certain permissions require a user to be an agent, while others can be granted to either agents or end-users.
Permissions, Parameters and Access Rules
Permissions, parameters, and access rules may control what a user is able to access in Issuetrak.
- Permissions – Control what each user can do within Issuetrak.
- Parameters – Determine whether the user is active, can log into the site, and whether the user is a System Administrator (Sys Admin).
- Visibility Rules – Establish which issues and users can be seen on the site.
Permissions can be:
-
Applied from a default User Template based on how the record is created.
-
Copied from an existing user or user template through Cloning.
-
Inherited through one or more Groups.
-
Selected directly on a user record.
When Active Directory authentication is enabled for an Issuetrak site, permissions cannot be set by editing user records unless they have the No AD Authentication setting enabled (pre-11.13) OR Issuetrak authentication selected (11.13 and later). Active Directory users only receive permissions by Group and Template inheritance.
The following users can manage permissions
-
System Administrators – a designated agent user with the parameter “Sys Admin” is granted almost all permissions by default. A System Administrator has unlimited access to every area of the site and can change system-wide settings. No restrictions set within the site apply to the System Administrator.
-
Admin/Administrator users – a designated agent user with the permission “Can Access and maintain Administration Functions”. These users have the same default permissions as System Administrators except they are not allowed access to most of the settings beneath the System portion of the Settings Lightbox. This prevents them from making changes that enable or disable features and functionality within the site. As with System Administrators, no restrictions set within the site apply to Administrators.
-
User Administrators - These users have been granted “Can access and maintain users in this user's Organizations”. They can manage the permissions of the users in their own organization. These users can only manage permissions by changing group memberships for the users that they maintain.
Best Practices
-
Define your Groups to match the roles your users will have on your site. Customer, End User, Technician, Customer Service Rep, Administrator, Managers, Supervisors, Help Desk, and Service Desk are common examples.
-
Grant as few permissions as possible to the individual user account. It’s recommended to grant only “Issue Hub” to the individual user and let the groups control all other permissions.
-
If you are manually creating new users, it helps to clone existing users. By cloning an account, the permissions and group memberships are brought over to the new account. This allows users with similar functions to have the correct permissions with little overhead.
-
Use a good naming convention for templates. It’s suggested to give a template the last name “Template”. This allows for easier searching and identification.
-
Active Directory setups need to only use one template for all users. Additional permissions should be granted through Issuetrak groups.
-
There are two permissions that reference read-only access: Allowed Read Only access to Administration information and Allowed Read Only access to Asset Management information. These permissions allow users to view the specified areas, but not to add, edit, or delete values.
-
If these permissions are mixed with Can access and maintain Administration functions or Can access and maintain Asset Management Module functions, then the ability to change any information is overridden. Permissions cannot be set on the individual user account. These conflicting permissions could be inherited by membership in two separate groups.
-
-
There is another scenario where permissions can contradict each other, and it involves Can access and maintain users in this user's Organizations, which is the permission that enables User Administrator. The following two permissions cannot be set on an account with the aforementioned permission:
-
Can access and maintain Administration functions
-
Allowed Read Only access to Administration information
-
Parameter-based Permissions
| Permission | Description |
|---|---|
| Active | An active user can interact with the Issuetrak site. A user that is not active will not be able to log into Issuetrak, and will not appear in selectable user lists in the application. Active users count toward user counts. |
| Can Log In | If enabled, then this user can log into Issuetrak. A user can be active and still not be able to log in. |
| Sys Admin | If enabled, then this user can view the Administration menu option and view/use ALL of its sub-menu options. They can also view the Billing, Asset Management, and Surveys menu options and view/use all of their sub-menu options when these modules are activated. Regardless of membership within an Organization or Department marked Internal, they can also view ALL issues in the system in any of their reporting mechanisms. |
| Show Debug | If enabled, then this user can view specific information when needed by Issuetrak Technical Support. This should only be selected if specifically requested by Issuetrak Technical Support. |
| No AD Authentication (Only present in pre-11.13 releases) |
This permission is only used when Active Directory is enabled. A user record with this permission is not verified with Active Directory. All permissions are granted through other means. In addition, the password for this user account is controlled in the application.; It is recommended that at least one Sys Admin account uses this permission in the event that there is a problem or change with Active Directory that requires updating Issuetrak's Active Directory settings. |
| Issuetrak Authentication (11.13 and later) |
User records with this selected only authenticate against the credentials stored in the Issuetrak database, and are not governed by Active Directory. It's a good idea to have at least one Sys Admin account with this authentication selected, in case problems arise with authenticating to AD. |
Agent Permissions
| Permission | Description |
|---|---|
| Can assign issues | If enabled, then this user can manually assign issues to users/groups with "Can be assigned issues" permission. |
| Can be assigned issues | An active user can manually and automatically be assigned issues. With "Activate link allowing self-assignment of next available issue in an unassigned queue," they can use a link on the Issue Hub screen to assign unassigned issues to themselves without Can Assign Issues. |
| Can submit issues on behalf of other users | If enabled, then this user can submit issues in which they are the Enterer and another user is the actual Submitter. |
| Can access and maintain Administration functions | Except for License and System Settings, view the Administration menu option and view/use all of its sub-menu options. Regardless of membership within an Organization or Department marked Internal, they can also view ALL issues in the system in any of their reporting mechanisms. |
| Can assign Next Action | Provides the ability to assign Next Actions to users/groups with Can be assigned Next Action. |
| Can be assigned Next Action | Enables the ability to manually and automatically be assigned Next Actions. |
| Can authenticate with the API v2 | Grant this user the ability to interact with and authenticate to API v2. Only visible if API v2 is enabled. Not visible if API v2 is merely installed. |
| Can create/manage/use own Quick Notes and use shared Quick Notes | Provides the ability to use and interact with Quick Notes. |
Administration Permissions
| Permission | Description |
|---|---|
| Can access and maintain Billing Module functions | If enabled, then this user can view the Billing menu option and view/use all of its sub-menu options when the Billing Module is activated. |
| Can access and maintain Asset Management Module functions | If enabled, then this user can view the Asset Management menu option and view/use all of its sub-menu options when the Asset Management Module is activated. |
| Can access and maintain Surveys Module functions | If enabled, then this user can view the Surveys menu option and view/use all of its sub-menu options when the Surveys Module is activated. |
| Can access and maintain all Projects | If enabled, then this user can view/add/edit any Project, including those marked Exclusive. |
| Can access and maintain users in this user's Organizations | Activate the User Administrator functionality for this user. |
Data Access Permissions
| Permission | Description |
|---|---|
| Allowed Read-Only access to Administration information | Except for License and System Settings, view the Settings Lightbox options and view/use limited sub-menu options related to existing settings. Regardless of membership within an Organization or Department marked Internal, they can also view ALL issues in the system in any of their reporting mechanisms. This permission will override other Administration permissions granted to a user. |
| Allowed Read-Only access to Asset Management information | If enabled, then this user can view the Asset Management menu option and view/use limited sub-menu options related to existing Asset Management information when the Asset Management Module is activated. This permission will override other Administrator permissions granted to a user. |
| Can view and add Private Notes in issues | If enabled, then this user can view Notes marked Private in issues, email notifications, and any of their reporting mechanisms. They can also add Private Notes on issues. |
| Can view and enter content in Private User Defined Fields | If enabled, then this user can view User Defined Fields marked Private in issues, email notifications, and any of their reporting mechanisms. They can also select/enter values for Private User Defined Fields on issues. |
| Can view and select from Private Issue Templates when submitting issues | If enabled, then this user can view/select Issue Templates marked Private on the Submit Issue screen. |
| Can view Assigned To information in issues and email notifications | If enabled, then this user can view Assigned To and Next Action field and value in issues, email notifications, and any of their reporting mechanisms. |
| Can view issues submitted by other users | Except for issues filtered by membership within an Organization and/or Department marked Internal, view issues in which they have no role in any of their reporting mechanisms. |
| Can view Private Knowledge Base Articles | If enabled, then this user can view Knowledge Base Articles marked Private. |
| Can add, edit and delete Knowledge Base Articles | If enabled, then this user can add/edit/delete Knowledge Base Articles. With "Can view Private Knowledge Base Articles," they can also add/edit/delete Knowledge Base Articles marked Private. |
| Can add, edit and delete Knowledge Base Categories and Sub Categories | If enabled, then this user can add/edit/delete Knowledge Base Categories and Subcategories. |
| Can add, edit and delete Custom Record Table records | If enabled, then this user can add/edit/delete Custom Record Table records when the Custom Record Table feature is activated. |
| Can change their own password | If enabled, then this user can reset their Issuetrak password. If authenticated by AD, they will need to contact their organization's support team to have their AD password reset. |
Tasks Permissions
| Permission | Description |
|---|---|
| Can be assigned Tasks | If enabled, then this user can manually and automatically be assigned Tasks. |
| Can view Tasks in issues | If enabled, then this user can view Task Manager details in issues, email notifications, and any of their reporting mechanisms. |
| Can assign Tasks | If enabled, then this user can manually assign Tasks to users/groups with "Can be assigned Tasks." |
| Can edit Tasks in issues | If enabled, then this user can edit task details for any task the user has access to. |
Issue Maintenance Permissions
| Permission | Description |
|---|---|
| Can add Notes to closed issues | If enabled, then this user can add Notes on issues after they have been closed. |
| Can close issues | If enabled, then this user can close issues. |
| Can close issues: Limit to issues submitted by this user | If enabled, then this user can close only issues the user has submitted |
| Can delete issues and issue related attachments | If enabled, then this user can delete issues and issue attachments. |
| Can edit issues | If enabled, then this user can edit issues, including changing Class values, delete attachments, add/edit notes, change Subject and Description fields, change UDF values, status, substatus, and labor hours. |
| Can enter Labor Hours when entering Notes/completing Tasks | If enabled, then this user can add/edit Labor Hours for Notes and Tasks on issues. |
| Can enter Line Items from Billing Module in issues | If enabled, then this user can add/edit/delete Line Items and view/print Work Orders on issues when the Billing Module is activated. |
| Can modify submitted date when submitting Issues | If enabled, then this user can edit the submitted date as issue is being entered. |
| Can modify Closed Date in issues | If enabled, then this user can edit Close Date on the Close Issue screen. Close Dates cannot be modified after issues have been closed. |
| Can modify First Response Time entered in SLA issues | If enabled, then this user can edit First Response Time on SLA-related issues when the Service Level Agreements feature is activated. |
| Can select Priority when submitting and maintaining issues | If enabled, then this user can select Priority on issues. |
| Can select Severity when submitting and maintaining SLA issues | If enabled, then this user can select Severity on issues. |
| Can select Substatus when submitting and maintaining issues | If enabled, then this user can select Substatus on issues. |
| Can view and select from Assets when submitting and maintaining issues | If enabled, then this user can view/select Asset on issues. |
| Can view and select from Issue Templates when submitting issues | If enabled, then this user can view/select Issue Template on the Submit Issue screen. |
Reporting Permissions
| Permission | Description |
|---|---|
| Can add, edit and run shared Saved Searches | If enabled, then this user can mark their own Saved Searches as Shared, and edit Saved Searches created by other users marked Shared. Note, that you may only view shared searches created by members of your own organization. |
| Can add, edit and run Report Writer Reports | If enabled, then this user can view/use the Report Writer sub-menu option. |
| Can run built-in Summary Reports | If enabled, then this user can view/use the Summary Reports sub-menu option |
Email Permissions
| Permission | Description |
|---|---|
| Will receive an email notification on Escalation of ANY/ALL issues | If enabled, then this user can be notified via email of every Escalation event. |
| Will receive an email notification on Submission of ANY/ALL unassigned issues | If enabled, then this user can be notified via email of every Submission event in which an Assignment does not occur. If a manual assignment of an issue is made, then the user with this permission will not receive an email. |
| Will receive an email notification when Note Added to ANY/ALL issues | If enabled, then this user can be notified via email of every Add Note event. |
Everything a user can do within the system is determined by permissions and their End User / Agent designation. User Templates are a predefined set of menu options and End User permissions that the system uses to create new user records.
The User Template will be used to assign these predefined menu options and End User permissions for users created by the below processes:
- Submit Issue screen
- Login screen using the Self-Registration feature
- Authentication and imports from AD using the AD Module
- Incoming email sent to the system using IEM
You may also set up different templates based on each of these processes.
When users are created from these processes, their initial permissions cannot be changed before their records are saved. If a default template is not set up, no permissions will be applied. If a default template is set up, only the permissions on the template will be applied. In both cases, users must be edited or added to a group to change their initial permissions. In addition, no changes to a default template will be applied to records already created from them.
If Agent permissions are needed, Group membership should be used after editing the user and changing the User Type from End User to Agent. Please reference the Granting permissions to Agents article for more information.
To modify the existing EndUser Template or add a new template, a user must have the “Sys Admin” parameter or “Can access and maintain Administration functions” permission.
Editing a User Template
Issuetrak comes with an EndUser Template that can be modified to grant everything your basic users need when created from AD. The template can be modified using the steps below.
Steps:
- From the left menu, click Entities > Users (Search).
- Change the Record Type from User to Template.
- Click Active Records Only.
- Click Search.
- Click Edit for the EndUser template.
- Adjust the menu options, permissions, and group memberships as necessary.
- Click Update.
A confirmation message will appear when this process is complete.
Adding a User Template
If you don’t want to use the built-in template, you can create a new template using the below steps.
Steps:
- From the left menu, click Entities > Users (List).
- In the right quick menu, click on Add beneath Users.
- Change the Record Type to Template.
- Enter a name for the template in the User ID field.
- If you do not enter a name in the User ID field, Issuetrak will automatically assign a number as the user ID.
- Enter a generic first and last name (e.g. “EndUser / Template,” “External / User”).
- To allow users created from this template to log in – select Can Log In.
- To prevent users created from this template from being sent system-generated email notifications – select Suppress All Email.
-
Select the appropriate Organization memberships by clicking Select Organization(s) (this field is required). Keep in mind the following:
-
You must select a primary organization for this template (designated by a "Star" icon). This organization will determine a large degree of information visibility for the users derived from this template.
-
If desired, you can add organization memberships beyond the primary organization. You can find organizations by typing part of their name into the "Search & Filter..." field.
If an organization's name contains the sequence of characters you entered, it will appear in the "Available Organizations" column.
For each organization membership, you add can optionally add "Edit Issues" for this template (subject to "Can Edit Issues" permission), designated by the "Pencil" icon. Additionally, toggling the "People" icon on an organization membership will allow users derived from this template to have the ability to list users belonging to this organization.
You can add organization memberships...-
By clicking Add Visible, which will add every organization currently displayed in the "Available Organizations" column (up to its 100 organization limit) to the "Organization Memberships" column.
-
If there are more than 100 organizations in the site, the next available batch of previously-undisplayed organizations will populate the "Available Organizations" column. You can keep clicking Add Visible until all organizations have been added to the "Organization Memberships" column, if you wish.
-
-
By clicking and dragging the available organizations to the Organization Memberships column.
-
-
- Select a Department (optional).
- Select a Location (optional).
- Select a default Time Zone (required).
- Adjust the menu options, permissions, and group memberships as necessary.
- Click Save (Reset will clear this screen of all current entries / selections.).
A confirmation message will appear when this process is complete.
Defining the New Submitter default template
Steps:
To define a default template for new users added from the Submit Issue screen:
- Click the gear icon in the upper right > click Defaults beneath System.
- Scroll to the New Submitter Defaults section and click the template search ( 🔍 ) next to Create From -OR- Defaults.
- Select the appropriate template in the Select User Record window that appears. This window will then close and you will be returned to the System Defaults screen.
- Click Update.
-
Reset will reset this screen to the values defined during the most recent update.
-
A confirmation message will appear when this process is complete.
Defining the Self Registration default template
Steps:
- Click the gear icon in the upper right > click Features beneath System.
- Scroll to the Self Registration section and select Activate Self Registration.
- Click the template search ( 🔍 ) next to Create From.
- Select the appropriate template in the Select User Record window that appears. This window will then close and you will be returned to the Features screen.
- Click Update.
A confirmation message will appear when this process is complete.
Active Directory Module considerations
-
As a best practice, we recommend mapping all Active Directory users to the same basic User Template, then assigning User Groups within your site to manage additional permissions.
-
The User Template will be re-applied whenever a user logs in or they are re-imported via AD Imports. Any menu options or permissions that are not granted by either a User Group or the User Template will be lost.
This article explains the various methods a password reset can be performed for a user’s account.
There are three methods with which a password can be changed depending on the configuration of the Issuetrak site and the permissions granted to the users and/or administrators.
- Using Active Directory, a user can reset their password using the company-approved password reset method, once reset, the user will be able to log in with the new password.
- An Administrator or User Admin can perform a password reset from within the Issuetrak site. Please see the steps below to perform this procedure.
- The user can perform a Self-Help Password Reset if the feature is enabled.
If you are using Active Directory or AD FS for your authentication, only the first option will be available for use.
Permissions and Requirements
In order to have the ability to perform a Self-Help Password Reset the following requirements must be met:
- The user permission Can change own password must be enabled on the user profile.
- The user must have a valid email address populated in their profile.
- The user’s profile must not be set to suppress all emails.
- The site must have the Outgoing Email enabled.
- The site must have the setting Activate Self Service Password Reset enabled.
In order to be able to change a password on behalf of another user, the Administrator must have one of the following permissions enabled for their account:
- Sys Admin
- Can access and maintain Administration functions
- Can access and maintain users in this user's Organizations
Administrator Password Reset
Administrators and Organization Administrators have the ability to perform a password reset on behalf of a user or can also send an email to have the user perform their own password reset.
Steps:
- From the left menu, click Entities > Users (Search).
- Locate and edit the user’s account.
- On the right context menu, there is a link to Change Password.
You will be presented with 2 options for a password reset.
Option 1: Set a password manually.
- Fill out the New Password and Confirm New Password fields, paying attention to the password requirements fields that will change from red to green as the requirements are met.
- Confirm that you want to change the user’s password by entering the password for the administrator’s account that is currently performing the password reset in the Authorize Password Change box.
- Once all 3 fields are filled out, click on Continue to change the password.
A confirmation message will appear once the process is complete.
Option 2: Send an email to the user.
- Select the option Let the user change their password (sends an email).
- Click on Continue.
- This will send the email and the user would follow the same steps as the Self-Service Password Reset as though they had clicked on the Forgot / Reset your password? option on the login screen.
A confirmation message will appear once the process is complete.
To see this section and have the option to send an email, the User must have permission Can change own password, have an email address populated on their user profile, and the system setting for Self-Service Password Reset must be enabled.
This article is intended to inform administrators on how to configure MFA in Issuetrak. If you are not an administrator, then you should instead view the steps for configuring MFA as a user in the My Settings article.
Issuetrak natively supports multi-factor authentication (MFA) for users that use Issuetrak authentication.
There are two supported methods of MFA. You may select only one method to use per user account:
- Time-based One-Time Passcode (TOTP) - An app such as Google Authenticator or Authy generates a 6-digit passcode that the user must enter in addition to their issuetrak credentials.
- Email-based one-time passcode - Upon entering their credentials, they will be emailed a one-time passcode that must additionally be entered to access Issuetrak. This requires that the user has a valid email address and that Issuetrak has Outgoing Email configured and functional.
Additionally, you may decide to require all of your users to use MFA. Note that once you set the option to require MFA in your site, all Issuetrak-authenticated users with valid email addresses that haven't configured MFA will then be enrolled in email one-time passcode MFA. Users who do not have MFA set up and don't have an email address will not be able to log in.
Time-Based One-Time Passcode (TOTP)
One of the available MFA options is to configure a mobile device to provide a new six-digit one-time passcode every 30 seconds, which users will enter on a screen following the usual Issuetrak login prompt.
How to Configure
You can assist an Issuetrak-authenticated user with configuring TOTP if they are able to visit your workstation in person, or if you are able to share your screen.
Steps:
- Sign into Issuetrak as an administrator.
- From the left menu, click on Entities > Users (Search).
- Find and view the user account that needs TOTP configured.
- Under the Security Details header, click on Manage Multi-Factor Authentication.
- In the pop-up that appears, under the Authenticator header click on Configure. Note that if Email one-time passcode is already configured, you'll receive a pop-up asking for you to confirm that you are invalidating that MFA method for this user.
- Have the user open their chosen MFA app on their phone (Google Authenticator, Authy, etc) and scan the QR code that appears on your screen.
- Have the user provide the 6 digit number from the app. You will need to enter it on the screen underneath the Verify header, then click on Pair Device.
- The screen will pause for a moment and then display this user's Backup Codes. Each backup code can be used once to bypass the MFA prompt. Provide these codes to the user and ask them to keep these in a safe place.
- (Optional) Have the user test the functionality: They should authenticate to Issuetrak as they normally would. Once they enter their credentials and click Sign In, another screen will appear and they will be prompted to enter the 6-digit number from their authentication app. After successfully entering that number, they should be presented with their Issuetrak home screen.
Backup Codes
At the end of configuration in step 9 above, the user is presented with ten backup codes. The purpose of these is to be used in place of the app-generated passcode. A backup code can only be used once. If all backup codes get used for a user account, then it will be necessary to configure MFA for that user account again to generate new codes.
Email One-Time Passcode (OTP)
The other available MFA option is to have your Issuetrak instance generate and email each user a one-time passcode when they correctly enter their Issuetrak credentials at the login prompt. After successfully entering their Issuetrak credentials, they will be presented with an MFA screen prompting them to enter the code they were emailed to complete the login process. This process will re-occur every time they sign into Issuetrak.
How to configure
It is only possible to use Email OTP if Outgoing Email is properly configured in your site, and the target user has a valid email address associated with their user account. You can assist an Issuetrak-authenticated user with configuring an email OTP by triggering an initial passcode email to the user and then getting in touch with them to obtain the passcode.
Steps:
- Sign into Issuetrak as an administrator
- From the left menu, click on Entities > Users (Search).
- Find and view the user account that needs TOTP configured.
- Under the Security Details header, click on Manage Multi-Factor Authentication.
- In the pop-up that appears, under the Email header click on Configure. Note that if an Authenticator App one-time passcode is already configured, you'll receive a pop-up asking for you to confirm that you are invalidating that MFA method for this user.
- Have the user provide you with the passcode they were just emailed.
- Enter the passcode and click Verify.
- If successful, their account is now configured to email them a new passcode each time they successfully authenticate to Issuetrak.
- (Optional) Have the user test the functionality: They should authenticate to Issuetrak as they normally would. Once they enter their credentials and click Sign In, another screen will appear and they will be prompted to enter the one-time passcode from their email. After successfully entering that passcode, they should be presented with their Issuetrak home screen.
Remember Me (30 days)
When users are entering their MFA code to sign into Issuetrak, they can choose to check the box next to Remember me (30 days). Selecting this option will prevent Issuetrak from prompting the user for an MFA code for the next 30 days.
There are scenarios where it is advantageous to have a user with limited administrative capabilities in Issuetrak, without needing to take up an agent license to do so. Beginning with Issuetrak 11.2, it is possible to give permission to an end-user account for the limited administration of other users within their organization. When a user is provided with this permission, we then refer to them as a User Administrator or User Admin. The User Administrator is capable of limited provisioning of new and existing users in Issuetrak.
In summary, a User Administrator:
- Does not take up an Agent license
- Has the ability to create non-AD user accounts within their own organization memberships, add them to groups, and set their password
- Is limited to viewing and editing End User accounts that have primary membership in common with the User Admin's own organization memberships
- Does not have the ability to edit or set user permissions directly, but can grant group membership
Necessary Permissions
The only necessary permission to make an account into a User Admin is Can access and maintain users in this user's Organizations.
However, there are two permissions that the account cannot have if they are a User Admin:
- Allowed Read Only access to Administration information
- Can access and maintain Administration functions
If either of the above permissions is selected for a user that already has Can access and maintain users in this user's Organizations permission, then Issuetrak will warn that the permissions are mutually exclusive.
Abilities
User Admins can perform the following actions on users within their own organization:
- Edit user data within their own organization memberships
- Manage membership for group types of Any within their own organization
- Clone user accounts
- Set and change passwords for end-users in their organization
- Create new End User accounts
- View user permissions
- View user type
- Create user administrators via group membership
- Configure MFA methods
Limitations
User admins cannot:
- Search AD
- Clone AD-authenticated users
- Change whether users are authenticated via AD
- Clone, grant, or edit user permissions
- Delete users
- Change user types
- Edit a Sys Admin or users with Can access and maintain Administration functions permission
- Add a user to a group outside their organization
- View users outside of their own organization
- Close user sessions
Additional Limitations
- All users created by a User Admin will have the No AD Authentication checkbox (pre-11.13 releases) or Issuetrak Authentication (11.13 and later) dropdown set on their account.
- User Admins will only be able to add users to groups that already belong to the same organizations that the User Admin is a part of.
- Although User Admins will have access to the Settings Lightbox it will have access to Users beneath Entities.
- After clicking on the Users item from the Settings Lightbox, the items List All, Add, and Search will appear in the right quick menu.
- When viewed by a User Admin, the User Summary page will be filtered to display only those users that have membership in their Organization.
- The Subscriptions link is not shown on the User View screen.
- The ability to Email to User List and Email Survey Invitations User List options will not be present on the User Search screen.
You may include electronic documents as attachments in user records if Attachments have been enabled on your site.
If you need assistance enabling Attachments on your site, please refer to the Attachments section in About the Features Screen.
Adding Attachments
- From the left menu, click Entities > Users (Search).
- Search for the user you want to add an attachment to.
- Click Edit once you have the user selected.
- Click Attachments on the righthand menu.
- Click Choose File.
- Browse to where the file is located using the pop-up window.
- Select the file and click Open.
- Click Save.
A confirmation message will appear when this process is complete.
There is no limit to the number of attachments that can be added. By default, there is also no limit to the size of individual attachments. However, if storage space on the Web server is a concern, a Max Size can be defined on the Features screen where this feature is activated.
