User Accounts and Access Privileges - Secure Passwords

Modified on Mon, Apr 22 at 8:38 PM

NOTE: The following article describes features applicable to Connected 10.3 or greater.


Connected user accounts and access privileges can be managed differently by making a selection of either "Standard" or "Secure" Password Management.


Secure password management, which is covered in this article, requires each user profile to have an email address, which also becomes the logon name. Administrators can add user profiles but cannot view, add, or change passwords, unlike "Standard" password management.   A password policy requiring a minimum of ten characters and containing at least one uppercase, lowercase, and numeric character is enforced.  


Related Topics:

Introduction to Passwords, User Accounts, and Access Privileges

User Accounts and Access Privileges - Standard Passwords 


The following topics are covered in this help article:


Related: Activating and Using Change Logs


Selecting Secure Password Management


"Secure" password management is OFF by default in all new Connected data files. To enable Secure Password Management:


WARNING:  Enabling "Secure" Passwords will automatically remove the visibility and value in each user profile for Password.  It is strongly recommended to both take a backup and thoroughly understand how this change works before turning it on.


TIP: It is much easier to configure Secure Passwords if each user account is verified to have an email address before enabling.


1) Select File -> Company Setup -> General Setup, as shown in the following screen.



2) Click the "Password Management" tab, which will display the current setting, as per the following screen.



3) Click the "Secure Password Management" option. The following OK message will appear regarding unique email addresses for each user.


TIP: Once Secure Password Management is enabled, all Logon Names revert to the user's email address.  The previous logon name(s) will no longer be visible or valid.



A sample of how the User Privileges window appears immediately after "Secure" passwords are enabled is shown below.  All users are in green require a password reset while users listed in gray are "inactive" because they are missing an email address. The Logon name field, used in "Standard" passwords is removed and Passwords (if present) are masked.



4) Click OK and proceed to enter a "Reset Password", as shown in the following screen. This is password that will be used temporarily by each user account when in password reset mode. Once Secure Password Management is enabled ALL user accounts are in reset mode. As a System Administrator, it is advisable to note this value in a secure location or external password manager.



5) Click OK to exist the General Company Setup window with the changes active.  If any users did not have an email address specified, the following message will appear indicating that those accounts have been made inactive.



WARNING: Make sure that you do not forget your System Administrator name and password and/or the Reset Password. If you are unable to find this information you will be required to send your data file to the Connected Support team so that they can provide a Reset Password.  Additional charges and personnel validation will apply to perform this unlock.



Password Resets


It is most likely that Secure Password Management will be enabled on existing data file with existing user accounts. Once enabled all accounts will be in password reset mode.   Understanding this process is critical to ensure uninterrupted access to your Connected company data file(s)


The following section describes a Password Reset, which will be required for the following scenarios:

  • After enabling "Secure Password Management"
  • When adding new users with the "Secure Password Management" enabled
  • When marking a user "Active" after being "Inactive"
  • When a user has forgotten their password and the System Admin does a password reset


TIP: Only a System Administrator can request a Password Reset.


To reset a password on initial or subsequent logins for a given email address login:


1) At the Connected Log On window, enter the account Email Address and Password.  Since this is a reset, the password entered must be the one from "Reset Password" field, as provided by the System Administrator.  Click the display password icon to unmask the field and ensure the value is correct.



2) Click Log On and the following message will appear



3) Click OK to proceed to the "Password Reset" window.  Enter the new "Password" using the min length and complexity of ten characters and least one upper case, lower case, and numeric characters.  Click the display password icon to unmask the field and ensure the value is correct.  



4) Repeat the password in the "Confirm Password" field and click Set Password to complete the process.  This option is only available when the two fields are identical.



Adding New User(s) - Secure Password Management 


Only users with access to the User Privileges window can add, edit, and reset user passwords.  Typically, these are users marked as "System Administrators".  When adding a new user, it is necessary to configure the access settings for all areas of the program.  For example, if the user is to have access to Accounts Payable, the "A/P" tab in the User Privileges window is selected window and the options that they will have access to are granted.


NOTE:  By default, a new user is not granted access to any features.  All privileges must be assigned, unless the user was cloned from another.


To add a new user:


1) Select "User Privileges" from the "File" menu.



2) User Privileges will open with "Users" listed on the left side.  

3) Click Add.  The "Log On Email" field will become blank, as shown below.



Enter a unique email address.  If the email is not unique, the following message will appear and block the user entry on Save.



4) The "Password" field will not allow an entry, it is completed through the password reset.

5) Select the "System Administrator" checkbox if the user should have this level of access.

6) Enter a Title (optional), First Name, and Last Name. Either a first name or last name is required (both recommended) so the transaction "Record Info" and Notes (including reminders) include the correct identification.


Reference:

Connected Reminders and Notifications

Transaction "Record Info" (aka Audit Trail)


7) Click Save to complete the new user setup or move to the next section to begin granting access to screens, reports, and other options.


New users, unless added from a Clone or marked as System Admin, will default to have no access to any screens/reports/options. Enabling access is explained in the following sections. 


TIP: Before completing the password reset, access to screens, reports, and other options can be completed.



Granting User Access to Screens, Reports, and other Options


As mentioned in the previous section, new users will default to have no access to any screens/reports/options, unless Cloned from an existing user or marked as a System Administrator.


To grant a user access to screens/reports/options:


1) Click on the user on the left hand side and click Modify to edit an existing user account. If the user is being added for the first time, continue to Step 2.

2) Click on the tab for a module, A/R for example, and select the options for the new user.  The screen below shows an example of a user's configuration for the A/R module. 



3) To grant a user access to all privileges shown under the active tab, A/R as shown in the screen below click the Action menu in the top left corner and select "Grant All Privileges Shown".  



4) Click the "Reports" checkbox to see and select available reports for that user/module, as shown in the following screen.



5) Click the "Other" checkbox to see and select available options, like posting and importing, for that user/module, as shown in the following screen.



6) Press ENTER or click save to update the user's access privileges. 


To test a user’s access privileges, exit Connected and log on using the new/updated user's credentials.



Cloning (Duplicating) a User


When a company has many users that access Connected, it is likely that some will need the same or similar user privileges. Cloning (aka duplicating) user accounts that have a common set of privileges can help save time when enabling new user accounts.


For example, when a company uses the Manufacturing feature in CONNECTED, production users will have access to the same or similar items: Manufacture Screen, Post Manufacture (build), Inventory Items and BoM, and Manufacture Report.


To clone (duplicate) an existing user:


1) Open the User Privileges window from the file menu.

2) Highlight the user to clone on the left pane of the window under the heading Users and click "Clone", as shown in the following screen.



3) Enter a unique "Log On Email"

4) Enter a "First Name" and/or "Last Name", both are recommended.

5) Confirm all user settings for each module by clicking the appropriate tab. These should be reviewed because this new user is based on an existing users settings.

6) Press ENTER or click save to add the new user's access privileges.


The new user will require a password reset to access their new account.



Printing a User List

Printing a user list can be useful to quickly verify all active/inactive user credentials.  When a user list is printed, passwords are not included.


To print a user list, click Print in the upper left corner of the User Privileges window and select a destination.  If Spreadsheet/Text file is selected, a flattened export is created that includes a few additional fields not on the Screen/Printer version of the report.




Advanced User Privilege Settings


There are several unique user privileges that can be assigned with advanced settings in specific areas of CONNECTED. Some examples of these are explained below.


Field Specific Access in the A/R Customers Window 

The Customers window supports field level access so that a user can be authorized to edit select fields.  For example, you may want a customer service employee to be able to edit customer address information but not edit sensitive information like Credit Limits, Payment Terms, and/or Sales Reps.


Additionally, if the Terms Code, Sales Rep, and Tax Code are not selected for Edit, these fields will be blocked in all A/R windows.  For example, the Sales Order will show but not allow edits to these fields.


Edit/View Price and Discount Detail Line Fields

Specific users can be blocked from editing the Price and/or Discount fields in the all A/R windows (Account Invoice, Sales Order, Sales Quote, Quick Invoice and Credit Memo). This is useful when fixed pricing is being used and should not be changed or discounted, unless done by specific users. The Price/Discount fields will be visible but cannot be changed. Additionally, if the fields are disabled, this will save up to two TAB stops per line for data entry. 


An example of the Account Invoice window with both Price and Discount line item fields blocked, in edit mode, is shown below:




Blocking Access to Cost/Margin Info on Quotes, Orders, and Invoices

If margins and costs should be blocked from the view of specific users, then these fields can be hidden in the Sales Quotes, Sales Orders, and Account Invoice windows.  An example showing the fields (not hidden) from the Account Invoice window is shown below.




Related Topics:

Introduction to Passwords, User Accounts, and Access Privileges

User Accounts and Access Privileges - Standard Passwords

Activating and Using Change Logs

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article