User Management Module User Guide
- Nathaniel Halbrooks
- Lorne Gaetz (Unlicensed)
THIS WIKI HAS BEEN UPDATED FOR VERSION 13 OF YOUR PBX GUI
Navigating to the User Management Module
Log into your PBX GUI
On the top menu click Admin
In the drop down click User Management
The Users tab should be active, and a list of all current users should be displayed.
Users
The first view you will see when going to the User Management module is the listing of all of your users on the system
You can see users for a specific directory by changing the directory drop down to another directory
For more information on Users see User Management Users
Groups
Upon clicking the 'Groups' tab in the User Management module you will see the listing of all of your groups on the system
You can see users for a specific directory by changing the directory drop down to another directory
For more information on Groups see User Management Groups
Directories
A directory is a listing of Users and Groups. You can create multiple directories for your PBX, for example utilizing both Active Directory and local users that only exist on the PBX
For more information on Directories see User Management Directories
Settings
The settings tab lets you define global User Manager settings.
General Settings
Enable Sync Logs: Toggle to enable user management directory sync logs. If enabled, the logs will be available in the userman_sync.log file inside the default directory for Asterisks log files
Email Settings
Send Email on External New User Creation: Whether to send an email (using the 'Email Subject' and 'Email Body') to new users when they are created externally (not directly through User Manager)
Send Email as HTML: Whether Email Body will send as HTML or plain text to the user
Host Name: The hostname used for email. If left blank the default value of the address in your browser will be used
Email Subject: Text to be used for the subject of the welcome email.
Useable variables are:
fname: First name
lname: Last name
brand: FreePBX
title: title
username: Username
password: Password
Email Body: Text to be used for the body of the welcome email
Useable variables are:
fname: First name
lname: Last name
brand: FreePBX
title: title
username: Username
password: Password
services: provides details for the user to access various services when enabled, i.e. UCP login, etc.
Password Management
Password Management section is applicable to only PBX 16+ Systems.
Here system administrator can manage all the settings related to the user's password
Force reset the password on first time login
Force password reset upon first login refers to a security feature that requires users to change their password immediately after their initial login. Currently, the admin will create the login credentials and the user will use the same to log in to the admin panel or UCP.
Admin can set an option to force the user to reset the password on the first login. If the option is set to "Yes", the user will be forced to reset the password on the first login, and if set to "No", the user can use the same password.
This option is used to ensure
That the user chooses a strong and distinctive password in cases when the initial password has been pre-assigned or created by the system administrator.
To enhance the security of the system by preventing unauthorized access or misuse of the account. It is also a measure to ensure that the user is the person who is supposed to have access.
Password Expiry Reminder
A password expiry reminder is a notification or alert that reminds users to change their password before it expires. This is a security measure to ensure that passwords are regularly updated and to prevent unauthorized access to sensitive information. System administrator has to set this option to "Yes" to enable this feature to all the users.
Password Expirations Days
Password expiration days are the number of days a password is valid before it expires and needs to be changed. This is a safety precaution to guarantee password updates and guard against unauthorized access. The previous password will no longer be valid after the expiration days, and the user will be forced to reset their password during login.
The number of days before expiration can be set by the system administrator. It is a best practice to set reasonable expiration days, usually between 60-90 days, as it is not recommended to set it too long, as it can decrease the security level. By default this is set to 90 Days.
Password Expiry Reminder Days
Password expiry reminder days refers to the number of days before a password is set to expire that users will receive a reminder to change their password. By default this is set to 5 Days.
How Password Expiry Reminder Works?
Whenever an user logs in, Current date is compared with the last password changed date + password expiration days, and if current date is less than the password expiration date then a reminder prompt will be shown to the user to reset their passwords.
If the last password changed date exceeds the Password expiration days then the user has to change their passwords to continue
Authentication Settings
Here is where you can define user password thresholds. When a user logged into UCP attempts to change their password, it must meet the thresholds defined and enabled on this tab.
Password Length: Toggle to enable, and set minimum number of characters
Uppercase: Toggle to enable, and set minimum number of uppercase characters required
Lowercase: Toggle to enable, and set minimum number of lowercase characters required
Numeric: Toggle to enable, and set minimum number of numeric characters required
Special: Toggle to enable, and set minimum number of special characters required
Punctuation: Toggle to enable, and set minimum number of punctuation characters required
Threshold weak password: Toggle to enable. The integrated weak password detector will force the password to meet or exceed the value provided
Test: field for admin to experience what the user experiences with the policies as set