Skip to content

Managing users

Administrators create and manage the people (contacts/users) at a company from the contact directory (/contact/list) and each contact's profile.

Requires: the profile's admin actions show to admin users on the same site; Switch to user shows to superusers. See the caveat on enforcement below.

Creating and editing a user

  1. From a company or the directory, add or open a contact.
  2. Edit the fields: first/last name, phone/mobile, email (and secondary emails), job title, tags, branch, and the security permission (role/permission group).
  3. Save. New users get an auto-generated password — there is no password field; use Reset password (below) to let them set their own.

Assigning permissions

The permission field on the edit form assigns the contact's security role/permission group, which determines what they can access. Use Remove permissions on the profile to clear a contact's assigned groups. The role tokens this produces are described in the permissions matrix.

Archiving and deleting

  • Archive user deactivates the account (keeps the record; removes them from digests and listings); Restore user reactivates it. This is the normal way to remove access.
  • A hard delete also exists but archiving is preferred.

Resetting a password

Reset password on a profile emails the user a reset link (valid for a limited window) so they can set a new password themselves. It does not set or reveal a password directly.

Switching to a user (impersonation)

Switch to user logs you in as that contact so you can see the platform exactly as they do — useful for support.

Forcing re-login

An action exists to boot a user (push a notification that forces their session to re-authenticate), e.g. after a permission change.

If it fails

  • No admin buttons on a profile — you are not an admin on that contact's site (Switch to user needs superusers).
  • A reset email didn't arrive — check the address and the site's mail configuration; the link expires, so request a fresh one if stale.

Enforcement caveat

The contact write actions (create, save, archive, delete, remove permissions, reset password) have no server-side role check — they require only a valid login. The Switch to user endpoint's superuser guard is commented out in the code.