Version

    Users

    In CloverDX Server user records can be created or modified in the Users section under the Configuration menu in the Server Console. The Users section is also the core of access control: by assigning users to user groups, administrators can control the level of access the users have. For more information about groups and permissions refer to the Groups chapter.

    After default installation with an empty database, the clover admin user is created automatically, and is assigned to the internal clover domain.

    Table 24. Admin user
    User name Password Note

    clover

    clover

    Since this user has admin rights, the password should be changed after installation.

    Note that users who should have access to the Users section need to be assigned to a user group that has the List user permission enabled. Depending on the other user-related rights setup, the Users section of the Configuration menu allows users to perform the following:

    Create new user

    Edit user records

    Change credentials

    Disable / enable user

    Unlock user

    Send welcome email

    Invalidate user’s password

    Assign users to groups

    Create new user

    Only users assigned to a user group that has the Create user permission enabled can create new users. To create a new user, click on the New user button. See below for a list of required and optional user attributes and additional options when creating new user records:

    Table 25. User attributes
    Attribute Description Required

    Username

    A common user identifier. Must be unique, should contain only letters and numbers.

    Yes

    Domain

    Domain to which the user is assigned. By default, only the internal clover domain is available. If LDAP or SAML authentication is enabled, LDAP and SAML domains will be available to be selected.

    Yes

    First name

    User’s first name.

    No

    Last name

    User’s last name.

    No

    E-mail

    Email address which can be used by CloverDX administrator or by CloverDX Server for automatic notifications. See Send an email for details.

    No

    Send welcome email

    Sends an email to the newly created user. When SMTP is configured under Configuration > Setup > Email, this option will be turned on by default. If SMTP is not configured, this option will not be available.

    No

    Password

    • Password must be at least 8 characters long and must contain at least 1 letter and 1 number.

    • Maximum character length is 1024 characters.

    • Passwords are case-sensitive.

    Passwords are stored in an encrypted form for security reasons, which means that they cannot be retrieved from the system database. If a user forgets their password, it needs to be changed by a user who has the appropriate permissions to perform this action. See the Change credentials section for more information.

    Yes

    Verify password

    Verify the entered password.

    Yes

    Require password change

    If selected, the newly created user must change their password at the next sign-in. This option is turned on by default.

    No

    Edit user records

    Only users assigned to a user group that has the Edit user permission enabled can edit any existing user record. Users with only the Edit own profile and password permission can edit just their own user records.

    To edit a user record either click on the button at the end of the user record that needs to be edited and select the Edit option or click on the user record to display the Overview tab and click on the Edit icon there.

    The following can be changed when using the Edit option:

    • Domain

    • First name

    • Last name

    • Email address

    Change credentials

    Only users assigned to a user group that has the Change passwords permission enabled can perform this action for any user record. Users with only the Edit own profile and password permission can change their credentials in their user profile.

    Credentials can only be modified for users associated with the clover domain. Users with the LDAP or SAML authentication have this option disabled.

    To change credentials of a user either click on the button at the end of the user record and select the Change credentials option or click on the user record to display the Overview tab and click on the Change credentials icon there.

    The following can be changed when using the Change credentials option:

    • Username

    • Password

    Note that when changing a username, a new password must be entered at the same time.

    Changing a user’s credentials will automatically log out the affected user from all their active sessions and force them to log in again.
    Disable / enable users

    Since user records have various relations to the logs and history records, users cannot be deleted but can be disabled. This means that their user record will not be displayed in the list of users by default, and they will not be able to log in. Only users assigned to a user group that has the Delete user permission enabled can disable and enable users.

    To disable or enable a user either click on the button at the end of the user record and select the Disable (for enabled users) or Enable (for disabled users) option or click on the user record to display the Overview tab, then click on the button there and select the Disable or Enable option there. Disabled users are automatically logged out from all their active sessions.

    To display disabled users in the list of users, click on the Display Disabled button in the right upper corner of the Users section. Disabled users come up in grey font in the user list.

    users groups display disabled
    Unlock user

    To protect against brute force attacks on users' credentials, CloverDX Server enforces a policy that will lock users after a certain number of failed login attempts. To learn more about this feature and how to update its default configuration, refer to the User lockout configuration section.

    Once a user’s account is locked, you will see a little yellow lock icon next to their username in the Users tab of the Configuration section, and you will also be able to see the number of failed login attempts.

    Locked user

    To unlock a locked user, click on the button in the respective row, click on Unlock and confirm your action.

    Unlock locked user
    Send welcome email

    Welcome emails can be sent automatically during user creation if SMTP connection is set up under Configuration > Setup > Email. For existing user records, welcome email can be sent manually by clicking on the button at the end of the user record and selecting the Send welcome email option.

    Invalidate user’s password

    This option will invalidate a user’s current password after logging in and force them to change it. To invalidate a user’s current password, click on the button at the end of the user record and select the Invalidate password option.

    Invalidating a user’s password will automatically log out the affected user from all their active sessions and force them to log in again.
    Assign users to groups

    Assignment to User groups gives users appropriate permissions. Only users assigned to a user group that has the Groups assignment permission enabled can access this form and assign users to user groups. To learn more about groups and permissions, see Groups. Note that if your Server environment is configured to use LDAP for user authentication and user synchronization, assignment to groups is controlled by the LDAP server and it cannot be overriden manually.

    Any change in user assignment to groups will automatically log out the affected users from all their active sessions and force them to log in again.