A tenant admin uses the Manage Users page to add new users, delete users, edit the properties of existing users and download/upload a csv file containing user data. Click the Manage Users link to display the frevvo user list. To the right of each user name are icons described below.
If you are logged in as the superuser admin you must first click the Manage Tenants link to display the list of tenants. Then click the button to manage users/roles for the desired tenant. Then click the Manage Users link.
On this page:
Add New User
Create new tenant users on the Manage Users page.
Clickadd new user icon at the top of the user list.
- Complete the new user form.
User names can contain characters, numbers, dot (.), hyphen (-) and the underscore (_) and cannot start with a number. Max length is 50 characters.
- Change Password on Next Login is checked by default. frevvo recommends keeping this checked for best security practices. Users will be prompted to enter a new password that meets strength requirements on their first login.
- Assign roles to the user. NOTE: Assign the special role frevvo.Designer to any user who needs permission to create forms and workflows.
- You can assign multiple roles to any user by clicking the "+" icon
- Assign a reports to for any user who needs to route a form they fill in to their manager. For example a PTO request.
- Submit the form
The Reports To field is a ComboBox. Begin typing the userid of the person this user reports to and a list of matching users displays. Select the Role and Enabled field values from the Dropdown choices.
Add Tenant Admin
You can add additional tenant admins by clicking theicon. This creates a new user with the special permission required to login and manage the tenant. You cannot add this special tenant admin role to an existing user. This is the only way to to grant this special tenant admin permission.
If you want to disable a tenant admin, edit that user by clicking the button and add the frevvo.ReadOnly role. You can also delete all tenant admins except the initial tenant admin. The initial tenant admin is created when you create the tenant. One common case is that you need to remove admin access to a person who initially had that permission via the initial tenant admin. To do this:
- Create a new tenant admin
- Edit the original tenant admin and add the role frevvo.ReadOnly
Edit Admin Users
There is also a short-cut to edit the initial tenant admin – click the button above the alphabet list to go directly to the initial tenant admin's edit page. You can also distinguish the initial tenant admin from non-admins because the initial tenant admin cannot be deleted so it does not have the button. If you added additional tenant admins, the user list does not make it readily apparent that a user has that special admin access permission. Currently the way to distinguish an admin is click on each user's button and see if the user has the Manage Tenant functions.
CSV Upload of Users and Roles
frevvo customers that have a large number of users with assigned roles, may need to import these (userids/roles) into frevvo. frevvo provides the ability to perform a bulk import of user data.
Only tenant admins may import user data and associated roles. The upload/download users links are available for tenants using all security managers. This feature is useful when creating/migrating a tenant that uses the LDAP or SAML Security managers.
Download Users and Roles
- Make sure you are logged in as the tenant admin. Click the Manage Users link.
- Click the download users csv file icon.
- This downloads a complete comma separated file that includes the list of the users and their assigned roles in the current tenant. Roles that exist in the tenant but are not assigned to any users will not be included in the file.The fields are comma separated. The following is an example:
The first row contains the column names. Descriptions of the field/column names in the file are listed in the table:
|userId||The unique user id used for login. Required|
|tenant||The tenant identifier is optional. If not supplied, it defaults to the current tenant. Attempts to upload users for another tenant shows a validation error.|
|firstName||User's first name.|
|lastName||User's last name.|
|User's email address. Required|
|enabled||Set to 'true' to enable the user|
|reportsTo||The userId of the user that the user reports to, if any.|
|roles||A list of the user's roles, separated by the '|' character. Roles are inserted as necessary. Spaces are not allowed in role names. Role names cannot contain more than 100 characters.|
Either blank or 'DELETE'. If DELETE then the user will be removed. Otherwise, the user is updated if it exists or inserted as necessary.
|notifyIfNewUser||A value of 'true' will send an email to users prompting them to create a new password. A value of 'false' will not notify users.|
- To include a ',' (comma) in a field, escape it with a leading '\' character. To include a '|' (bar) in a role name, escape it with a leading '\' char.
- To delete a user, enter DELETE into the transaction column of the file for that user. The user id and tenant fields are required for successful deletion. The message "Attempting to delete non-existing userId. It will be ignored." displays if the user id does not exist.
- To delete all roles for a user, leave the roles column blank. See Updating Users and Roles using a CSV file for more information.
- Although csv files can be opened in other programs, they are best viewed through some kind of spreadsheet program. Here is the file when it is opened with Excel:
Upload Users csv file
Downloading the user csv file will provide you with the format needed to import users and their associated roles into frevvo. Once you have your csv file ready, follow these steps to upload it:
Make sure you are logged in as the tenant admin. Click the Manage Users link.
- Click the upload csv users icon.
- Browse to your users csv file and then click Validate. User data is validated prior to successful import. You will see "Validating..." until the validation process is completed. It is useful to report the status especially if you are loading a large csv file. Once validation has succeeded without error, the Load button is enabled to allow the upload. When you click on the Load button, you will see "Loading...".
The image shows the the result of a validation that resulted in errors. Users data cannot be uploaded until the errors are corrected. The table showing the validation data is scrollable vertically when loading a large csv file.
notifyIfNewUser determines when a password reset notification is sent to a user.
- 'true' will notify new users and any current user that does not have a password
- 'false' will not send a notification, even if the user is new or does not have a password. This allows tenant admins to set up and manage users in a test tenant, and notify them for access later.
- Click the Load button, the system uploads the same data again from the file. Another validation is performed and if still no error, the users are loaded individually or deleted if specified in the transaction column of the file. Roles are also inserted as necessary.
You will see this message with the number of roles and users that were created: "Users Loaded successfully. 3 Added, 1 Updated, 0 Deleted, 4 Roles Added." Uploading an empty users file displays the message "Users file is empty".
Updating Users and Roles using a CSV file
Once your csv file has been uploaded, it is very easy to update User and Role information. It is not necessary to reload your entire csv file every time you need to make changes. Simply create a csv file, with the proper format, that contains only the information that you want to change.
Existing users will be updated with the new information if you upload modified versions of your csv file.
For example, let's say you have 19 users in your tenant. You want to change the last name of an existing user, and add a new user (mary) who will have the new role of (Coordinator).
- Create a csv file with the changes - change the last name of a user and add a new line for a new user (mary) with the role of Coordinator.
- When you upload the modified file, you will see this message: "Users Loaded successfully. 1 Added, 1 Updated, 0 Deleted, 1 Roles Added". The existing user will be updated with the new last name, the role of Coordinator will be created and new user Pat will be added with that role.
- notifyNewUser for mary is set to TRUE, so Mary will receive an email to create her password.
- If you leave the roles column blank in the csv file you are using for updates, the existing roles for that user will be deleted. Be sure to add the roles relevant to the users you are updating so the existing roles are not cleared.
- The warning messages "Update of user failed" or "Users Loaded successfully with some issues. See detailed results for details." is no longer displayed if users in the csv file you are uploading do not have any roles assigned to them.
- Customers who have automated csv uploads via the API (set up on versions earlier than v9.0) should be aware that passwords are no longer supported in csv upload and will be ignored.
CSV Upload Considerations
The manual CSV upload has some considerations you should be aware of, especially if you need to upload a large number of users/roles.
- The CSV upload can handle up to 1,000 rows in a given upload action. If you need to upload a large number of users, we recommend breaking them up into multiple CSVs of 1,000 users or fewer.
- Return to the Manage Users page and click Upload Users again after each successful upload operation.
- The "Reports To" column can only contain existing users. You should upload all of your users first, then re-upload the CSV(s) with the Reports To column filled.
- If you have a large number of users, the Manage Users page may display a user count of -1. This is a known issue we plan to resolve in a future release.
Current Tenant Validation Error
If the csv file contains a name that is different from the current tenant, a validation error message displays. Upload the file again with the tenant field empty.
Spaces in Role Names
If there are spaces in the role names in your csv file, the message "role [the name of the role that contains the space for example: V P] - format not permitted (must start with a letter or _, max 16 chars from the set: a-zA-Z0-9_- ). Remove the spaces then upload the file again.
View User List
Click on a capital letter (A to Z) to display a list of users whose name begins with that letter. Click All to display all current users.
- Click at the top of the user list to add a new user.
- Click at the top of the user list to add a new tenant admin user.
- Click to display that user's home page.
- Click to edit that user's management functions.
- Click frevvo as that user. to log into
- Click to edit a user's profile including password, e-mail address, max upload attachment size, disable the user.
- Click to remove a user from the server.
If you use LDAP or a delegating or custom security manager to define your frevvo users and their roles or groups, you do not see the New User icon on the Manage Users page.
You should not assign any roles (such as Manager, Supervisor, etc.) to a tenant admin user, as this can adversely affect the execution of tasks and activities in work flows. A tenant admin with roles may be accidentally assigned a task actually intended for other non-admin users who have the same role, and the tenant admin could perform the task and thereby disrupt or compromise the work flow or its data.
The superuser admin, whose username is "admin" can add new superusers to the special d (default tenant). Note to login as the superuser enter the username admin@d (admin is the username and @d specifies the special default tenant). New Users added to the default tenant automatically become new superusers. This allows you to name additional superusers and then if you want you can disable the built-in superuser. To disable the build-it superuser named "admin" click the button above the alphabet list. This brings you directly to the build-in superuser admin's edit page, or you can click the icon to the right of the admin name in the user list. Set the Enabled dropdown to false. This will prevent further logins by the built-in superuser named "admin". Note you cannot delete the built-in superuser named "admin". You can however delete any additional admin user you have created.
The tenant admin can add/manage signature images for frevvo users that is applied to all forms/flows this user signs in place of his or her first and last name.
To upload a signature image for a user:
- Click the
- Browse to the location of the signature image file and select it.
- Click the Upload/Delete button. A successful upload displays for the userid
- To delete an existing signature file, check the Delete Signature checkbox then the Upload/Delete button.
If uploaded signatures do not display properly, try to open the image with the browser (Open With for Windows) off the filesystem. The signature image may have errors.
Click the button next to any user in the users list to edit that user. You can perform functions such as adding/removing roles, resetting paswords, configuring the Max Attachment size per user, etc.
- The default maximum size for attachments in the frevvo Cloud is 20 MB or 20971520 bytes. In-house customers can use the frevvo.attachment.maxsize property to configure the maximum size for attachments.
- The Reports To field is a ComboBox. Begin typing the userid of the person this user reports to and a list of matching users displays. Select the Role and Enabled field values from the Dropdown choices.
Maximum Size for Attachments
There are three places to set the maximum size of attachments in frevvo.
- The frevvo server can be configured with a configuration property to specify the maximum size for attachments. The upper limit for attachments in the frevvo Cloud is 20 MB. Uploading attachments greater than this value shows this error message:
- The tenant admin can by editing their profile. Add the value in bytes to the Max Attachment Size field on the screen.
The value in this field overrides the max size value configured on the server level, as long as it does not exceed that value. For example, if the Server was set for 20 MB and the user profile was configured for 15 MB, the user sees this error message when trying to upload a 30 MB attachment:
- Designers can specify the max file size per the Max Size property of individual Upload Controls. The image shows a 5 MB Max Size property specified for an Upload Control.
If a user uploads a file larger than 5 MB to this control, they will see this error
The value of the Max size property of individual Upload controls overrides the value per user which overrides the max size property on the server level. All values must be specified in bytes. If a maximum file size is specified at the server level, the values in the user profile Max Attachment Size field and the Upload Control Max Size property cannot exceed the server max size.
The superuser or tenant admin can disable a user. Disabling a user prevents that user from logging into the form server. If the user has the role frevvo.Designer (aka. was a designer user) the users' forms will become inaccessible to other users. Even if the forms were public users will get the error "This resource belongs to a disabled user". To disable a designer user but keep the form accessible, change the user's role from frevvo.designer to frevvo.readonly and set the Enabled dropdown back to true. In this case when the user tries to login they will get the error "Login is currently disabled".
To disable a user click the icon to the right of the user's name in the user list. Set the Enabled dropdown to false. If this user is already logged into the form server they will be able to continue using the form server until they logout. At that point future logins will be blocked with the error "Your account is disabled".
Use caution when deleting users. Deleting a designer user who has forms, workflows or other resources will also delete those resources, including all submissions. Deleting users with pending tasks will require reassignment (or other admin management) of those tasks.
You can delete users from the Manage Users page by clicking theCSV Upload method by entering DELETE into the transaction column for the user(s). However, frevvo recommends using caution with this process. Here are some best practices to keep in mind.Remove User icon beside their name, or you can delete users using the
- Before deleting a user, check that they do not have the frevvo.Designer role. You can check individually by editing the user from the Manage Users page. You can also use the CSV Download to see the roles for all users in a single document. You can also create a simple form with a business rule like this example to view all users with just the frevvo.Designer role in your tenant.
- You should also search the Task List as the Tenant Admin for tasks assigned to that user. If there are any pending tasks, you may wish to reset, reassign or abort them. See the Searching the Task List documentation for details. Note that if you perform this step after deleting the user, you can still search by user but you must type in the userid exactly - the Locked by User search field will not recognize partial text and offer this user as an option.
- After deleting a user, you will still be able to see submissions submitted by that user. Their user ID and name will appear in the submissions table, and their signatures are still visible on Submission Detail View. You can also search the submissions repository by that userid.
- If you have workflow step(s) assigned to the user, you must edit the workflow step(s) and change the assignment to a valid user. The forms will not show an error in edit mode, but any future instances will cause an Invalid Task Assignment notice to be sent to the tenant/workflow admin. The tenant or workflow admin will need to reassign that task. Keep in mind that if you have dynamic step assignments in your workflows, you may need to check these to ensure this user can no longer be selected. For example, you may have a list of users are set as dropdown options, and the step assignment is set based on the value of the dropdown at run time. If the deleted user is selected from the dropdown and a step is assigned to them, you will receive an Invalid Task Assignment.
- If the user has Access Control assignments on forms/workflows, those will still be visible. They are not valid, since the user no longer exists, but will not cause an error. You can remove such Access Control assignments at your convenience.
- Keep in mind that there may be other places in forms/workflows that you referenced this specific user, such as business rules, email messages, etc. If you think this may be the case you will need to look at each form/workflow to remove or change that information.
Deleting a Designer User
Avoid deleting users with the frevvo.Designer role. If a designer user has resources such as forms, workflows, scripts, spaces, etc. those will also be deleted, including submissions, when the user is deleted. If you must delete a designer user, you can download their resources and upload them to another designer user. In this case, you will not be able to move submissions. You will also need to update any published share links to those resources.