The system settings for managing data regarding Users and their accounts are complex; one setting may not fit every employee. In User Policies, you can set up specifications about logging-in options, sessions, password expiration, and much more. Then you assign each User wished User Policy that will apply to him.
Initial setup
- Name – name of the policy, used only to differentiate between the policies
- Active? – non-active policies will not be available to use
- Authentication method – a method that can be used to authenticate each User. You can choose Password, LDAP, SAML, or a combination of them
General setup
- Search users – enables to search in Active Directory
- Expire user accounts after – time after which the inactive User will be deactivated
- Notify days before expiration – how long before the expiration will the User be notified about his planned expiration
- Notify daily – if checked, the notification about expiration will be sent every day, starting the day you set in the previous setting
- Session timeout – after how much time of inactivity will the User be logged out
- Max session time – after how much time the User will be logged out – even active User (the Users will be forced to log in e.g. every 5 hours)
- Allow multiple sessions – if checked, the Users will be able to have multiple sessions in different devices or browsers at the same time (e.g. can be logged in on their computer and mobile phone at the same time. This causes less security)
Users Management
- Allowed editable rowable fields – Users with this Policy will be allowed to edit fields from Definitions listed in this JSON. However, this requires a little bit of coding, so please, contact your IT administrator to set this up for you.
- Managed users – these Groups can see the Users tab in the left menu, add new Users and edit several attributes of Users assigned to this Policy
- Creates user with groups – when creating a User under this Policy, they will automatically be assigned to here specified Groups on the background. This is to force some Groups on the Users which cannot be changed by the one who is creating the User.
- User form – List groups allowed – Groups that can be assigned with this user. You can limit if you do not want manager to assign e.g. Administrator Group
- Impersonate permissions – Groups that are allowed to impersonate Users in this User Policy. These Groups must be also part of the “Managed groups” above, otherwise, they won’t have access to see the User tab in the left menu and will only be able to impersonate Users in the Transaction details after hovering on the User’s name
User Locking
- Maximum attempts login – maximum number of attempts to log in. After exceeding this amount, the User will be locked and Flowis administrator will have to unlock his account in the Users section
- Lock the user account by –
Password Authentication
- Enable 2FA authentication – if checked, new Users will have two-factor authentication turned on by default
- Enforce 2FA authentication – if checked, the two-factor authentication cannot be deactivated
- Allowed 2FA methods – either Google Authenticator, e-mail, or a combination of these two. Google Authenticator requires the User to have the application downloaded in his smartphone and paired with his Flowis account; E-mail authentication is great for those Users that do not own a smartphone
- Expire user password after – time after which the User will be forced to change his password. The default is 90 days. If you do not want the passwords to expire, type 0.
SAML Authentication
This section sets up the SAML Authentication method – it allows Users to log in with Microsoft login information. If needed, contact your IT administrator to set up this section for you.
LDAP Authentication
This section sets up the LDAP Authentication method. If needed, contact your IT administrator to set up this section for you.
Azure users
This section sets up the connection for Active Directory. Contact your IT administrator to set up this section for you.
E-mail templates
Flowis can send Users e-mail notifications when something happens with their account. You can either select system templates for these notifications, or you can set up your own in the System E-mail Templates section in the left menu. You can set up e-mails for these situations:
- Initial password – when the User is asked to set up his first password ever – can be generated in Users using the “Send initial password link” bulk action
- New location – notification about a login from a new location
- Notify before expiration – notification about the password expiration will be sent in advance depending on the time frame you set up in the “General setup” section
- Password reset – when the User asks for password reset on the login screen or the Flowis administrator resets his password in the Users section using the “Send reset password link”