User Management Module User Guide

THIS WIKI HAS BEEN UPDATED FOR VERSION 13 OF YOUR PBX GUI

Navigating to the User Management Module

  • Log into your PBX GUI

  • On the top menu click Admin

  • In the drop down click User Management

  • The Users tab should be active, and a list of all current users should be displayed.

    image2017-6-30_15-42-32.jpg

     

Users

The first view you will see when going to the User Management module is the listing of all of your users on the system

image2017-6-30_15-58-24.jpg

 

You can see users for a specific directory by changing the directory drop down to another directory

 

For more information on Users see User Management Users

Groups

Upon clicking the 'Groups' tab in the User Management module you will see the listing of all of your groups on the system

 

You can see users for a specific directory by changing the directory drop down to another directory

 

For more information on Groups see User Management Groups

Directories

A directory is a listing of Users and Groups. You can create multiple directories for your PBX, for example utilizing both Active Directory and local users that only exist on the PBX

 

For more information on Directories see User Management Directories

Settings

The settings tab lets you define global User Manager settings.

General Settings

 

  • Enable Sync Logs: Toggle to enable user management directory sync logs. If enabled, the logs will be available in the userman_sync.log file inside the default directory for Asterisks log files

Email Settings

 

  • Send Email on External New User Creation: Whether to send an email (using the 'Email Subject' and 'Email Body') to new users when they are created externally (not directly through User Manager)

  • Send Email as HTML: Whether Email Body will send as HTML or plain text to the user

  • Host Name: The hostname used for email. If left blank the default value of the address in your browser will be used

  • Email Subject: Text to be used for the subject of the welcome email.

    • Useable variables are:

      • fname: First name

      • lname: Last name

      • brand: FreePBX

      • title: title

      • username: Username

      • password: Password

  • Email Body: Text to be used for the body of the welcome email

    • Useable variables are:

      • fname: First name

      • lname: Last name

      • brand: FreePBX

      • title: title

      • username: Username

      • password: Password

      • services: provides details for the user to access various services when enabled, i.e. UCP login, etc.

Password Management

Password Management section is applicable to only PBX 16+ Systems.

 

Here system administrator can manage all the settings related to the user's password

 

Force reset the password on first time login

Force password reset upon first login refers to a security feature that requires users to change their password immediately after their initial login. Currently, the admin will create the login credentials and the user will use the same to log in to the admin panel or UCP.

Admin can set an option to force the user to reset the password on the first login. If the option is set to "Yes", the user will be forced to reset the password on the first login, and if set to "No", the user can use the same password.

This option is used to ensure

  1. That the user chooses a strong and distinctive password in cases when the initial password has been pre-assigned or created by the system administrator.

  2. To enhance the security of the system by preventing unauthorized access or misuse of the account. It is also a measure to ensure that the user is the person who is supposed to have access.

Password Expiry Reminder

A password expiry reminder is a notification or alert that reminds users to change their password before it expires. This is a security measure to ensure that passwords are regularly updated and to prevent unauthorized access to sensitive information. System administrator has to set this option to "Yes" to enable this feature to all the users.

Password Expirations Days

Password expiration days are the number of days a password is valid before it expires and needs to be changed. This is a safety precaution to guarantee password updates and guard against unauthorized access. The previous password will no longer be valid after the expiration days, and the user will be forced to reset their password during login.

The number of days before expiration can be set by the system administrator. It is a best practice to set reasonable expiration days, usually between 60-90 days, as it is not recommended to set it too long, as it can decrease the security level. By default this is set to 90 Days.

Password Expiry Reminder Days

Password expiry reminder days refers to the number of days before a password is set to expire that users will receive a reminder to change their password. By default this is set to 5 Days.

How Password Expiry Reminder Works?

Whenever an user logs in, Current date is compared with the last password changed date + password expiration days, and if current date is less than the password expiration date then a reminder prompt will be shown to the user to reset their passwords.

 

If the last password changed date exceeds the Password expiration days then the user has to change their passwords to continue

Authentication Settings

Here is where you can define user password thresholds. When a user logged into UCP attempts to change their password, it must meet the thresholds defined and enabled on this tab.

  • Password Length: Toggle to enable, and set minimum number of characters

  • Uppercase: Toggle to enable, and set minimum number of uppercase characters required

  • Lowercase: Toggle to enable, and set minimum number of lowercase characters required

  • Numeric: Toggle to enable, and set minimum number of numeric characters required

  • Special: Toggle to enable, and set minimum number of special characters required

  • Punctuation: Toggle to enable, and set minimum number of punctuation characters required

  • Threshold weak password: Toggle to enable. The integrated weak password detector will force the password to meet or exceed the value provided

  • Test: field for admin to experience what the user experiences with the policies as set

Return to Documentation Home I Return to Sangoma Support