Managing Users information

You can access Users information by selecting Audit > User tab and searching the user thanks to the username or the Email. The User information section contains the following tabs:

  • Overview: registration information and account deletion option
  • Security: security and rights-related information
  • ACL: ACL related information

This task shows you how to:

Deleting Users

This section describes how to search for and delete users in the repositories to which the 3DPassport is connected.

Note: This option is not available to Support role.

  1. Click Audit, then the User tab.
  2. Specify the username or email address in the search bar.
  3. Click Search.

    For each repository in which the user has been found, the list of its attributes is displayed (the list might differ between two repositories, depending on the mapping set by the Administrator when configuring the repository).

  4. Remove end-user accounts if required by clicking delete account.

    Note: Users having Administrator role on platform cannot be deleted from the 3DPassport Control Center.

    You will be prompted to confirm deletion of the account in all repositories in which it is located and for which the delete operation has been authorized.

    The user account will be archived preventing current or future reuse.

    Click Archive email if you want to archive the removed user's email.

    All account removal actions are logged and auditable.

    After removal:

    • the user account cannot be used to log in anymore
    • the username of removed account cannot be used when registering a new account
    • if you also archived the email, the email cannot be used when updating an existing account or registering a new account.

    Accounts can be removed from the database and possibly LDAP servers into which 3DPassport has been plugged, if the deletion operation has been enabled on this LDAP server and in 3DPassport.

Validating Users Email

If you activate the email validation feature, when searching for a user account by username or e-mail, additional information and features will be available.

Note: If you use the PassportUserImport tool to create platform users in 3DPassport, you can use the -disable_email_notification option to specify whether you want to disable e-mail notifications sent to end-users if the send email notification feature is enabled in 3DPassport.
Note: This option is not available to Support role.

  1. Click Audit, then the User tab.
  2. Search the user account
  3. In the User information tab, click Send validation email.

    Click Send validation email to request that the user validates the user account.

    The user will receive an email validation request.

    If the account has been deleted, the Reuse username (and email if applicable) button is available if you want to recover the user account.

    If the user does not exist in any database, the following message will be displayed:

    User not found

Recover username and email of a deleted account

You can recover the email and the username of a deleted account. You will also be informed when, in certain cases, the account cannot be recreated after recovery if it still exists in the LDAP repository (if the LDAP deletion operation has not been authorized by 3DPassport).

Note: This option is not available to Support role.
Note: E-mail addresses modified in an external repository (LDAP) but not from 3DPassport will not trigger a new validation e-mail.

A deleted and archived user account has its related fields highlighted in red.

  1. Search the user account
  2. In the Overview tab, click Reuse username (and email if applicable)
    A dialog box appears.

    Select the Recover username check box if needed

    If you confirm the account recovery without selecting Recover username, only the e-mail address can be used for a new registration after being removed.

    If you check Recover username, both the username and the e-mail address can be used again after being removed.

  3. Click Ok.

    The recovered account (username and/or email) will be removed from the archive table to be reused for a new account.

    If you only released the email address, the username will be highlighted in red in the account overview.

    To be able to log in again, the end user must create a new account after being recovered. No record is kept.

Generating Users Password reset link

You can generate users (that do not have the administrator role) or admins (only if the account searched is the one currently logged) password reset link and send it to a user who has issues during password resetting. This link is valid 24h.

Note: This option is not available to Support role.

  1. Click Audit, then the User tab.
  2. Search the user account.
  3. In the Overview tab, click Reset Password.
  4. Copy the link or click Copy.
  5. Click Ok.
    A success message appears

Disabling 2-FA on users account

If some users having activated 2FA encounter issues with the second authentication step, you can unblock them by disabling 2-FA on their accounts.

If you had forced 2-FA for all users, they will be prompted to activate it again.

  1. Select Audit > User and search the user account.
  2. Select the Security tab.

    User activated check box indicates the activation of the user account. It is grayed by default.

    2-Factor Authentication check box indicates the use of 2-FA by the user. You can disable the use of 2-FA for other users but cannot enable it.
    Note: The 2-Factor Authentication check box is grayed if the Administrator did not allow users to activate it.

    You can disable the use of 2-FA for all users except yourself and admin_plaform (the installation administrator).

    User Support Administrator (user with admin rights) admin_platform (installation Administrator)
    Member can disable 2-FA for NO NO NO NO
    Support user can disable 2-Fa for YES YES NO NO
    Administrator (user with admin rights) can disable 2-FA for YES YES YES NO
    admin_platform(installation Administrator) can disable 2-FA for YES YES YES NO
  3. Select the 2-Factor Authentication check box and click Apply.
    An audit log will be generated in the audit logs file and database. The user will receive a notification mail.

Disabling the Application Password on users account

You can disable the Application password on users account.

Note: This option is not available to Support role.

  1. Select Audit > User and search the user account.
  2. Select the Application Password tab.
  3. In the Active column, switch to disable the Application Password.
    User Administrator (user with admin rights)
    User can disable App Password for NO NO
    Administrator (user with admin rights) can disable App Password for YES YES
    On the cloud only: a Support user cannot disable this feature for any user.