Manage Admin User Accounts
The Manage Admin User Accounts feature provides the tools necessary to create, modify, and disable administrator profiles within the system. Its primary purpose is to grant secure backend access to staff, define their specific responsibilities through assigned roles, and maintain accurate historical records of administrative actions. This article is intended for OPS-COM administrators responsible for managing system security and personnel access.
Setup and Configuration
This feature requires high-level administrative access to properly configure and manage other user accounts.
Admin Side: Administrators must have the appropriate system role permissions enabled to access the admin management tools. Multi-factor Authentication (MFA) is strictly required for all administrative accounts to ensure system security.
Using this Feature
Administrators can use the following instructions to create new admin accounts, edit existing profiles, reset passwords, view activity logs, and disable departing staff.
Creating a New Admin Account
-
Hover over System Configuration, click Admin Management, then Edit Admin Users to access the Manage Active Administrators screen.
-
Click the + Create New Admin button.
-
Enter the required user information (e.g., username, first name, last name, email, and initial password) into the fields on the left side of the screen.
-
Select the specific admin role or roles this person will be granted from the Active Roles form on the right side of the screen. Further details can be found on the Manage Roles and Permissions page.
-
Click the Insert New User button to add the admin account to the system.
Multi-factor Authentication (MFA) is now required when creating an Admin account. After the account is created, the user must first access it through the Admin portal before attempting to sign in on a handheld device. During their initial login, a One-Time Password (OTP) will be sent to their email, and they will be prompted to set up their credentials. For more details, refer to the MFA wiki article.
Editing an Existing Admin Account
-
Hover over System Configuration, click Admin Management, then Edit Admin Users.
-
Select the specific user you wish to modify from the active list.
-
Modify the available options for that selected user, including their personal information, roles, and account status.
-
Click the Update User button to save your changes.
Resetting an Admin's Password
-
Select the specific administrator's account from the Manage Active Administrators screen.
-
Enter a new, temporary password directly into the Password field. The password is hidden (displayed as asterisks), but you can simply type over the existing symbols.
-
Click the Update User button.
-
Inform the admin of this temporary password so they can log in and be prompted to update it to a personal, secure password.
Disabling an Admin Account
-
Hover over System Configuration, click Admin Management, then Edit Admin Users.
-
Select the specific user's account you wish to disable.
-
Disable the Activate this account and allow system login checkbox located in their profile.
-
Click the Update User button to apply the change and move the account to the disabled list.
Admin users cannot be permanently deleted from the system because their accounts are permanently linked to historical data (e.g., ticket issuance, system changes). When disabling an account, you must leave the admin user's permissions in place. These permissions affect historical reporting, verifying which access levels were active at the time certain actions were performed.
Viewing Login Activity
-
Select a specific administrator's account.
-
Click the Login Activity button to view a detailed history log.
Key Information Displayed: The activity log tracks when the administrator last logged into the OPS-COM backend or a handheld device. It also records critical actions, including log outs, new incident creations, and when an incident was marked as opened or closed.
Available Actions and Buttons
-
+ Create New Admin: Click this button to open a blank profile form for onboarding a new staff member.
-
Insert New User: Click this button to finalize the creation of a new administrator profile.
-
Update User: Click this button to save any modifications made to an existing account.
-
Login Activity: Click this button on a user's profile to open a historical log of their system access and major actions.
-
View Disabled: Click this link on the main management screen to view the list of deactivated accounts. You can reverse a deactivation at any time by editing a disabled user and re-enabling their login checkbox.
Best Practices and Considerations
-
Use secure initial passwords: When creating new accounts or resetting passwords, use strong, temporary passwords and instruct users to change them immediately upon their first login.
-
Enforce role-based access: Always assign granular, appropriate roles to admin users. Avoid giving out Primary Administrator access unless absolutely necessary. Granular roles ensure users only have access to the functions they strictly need for their daily duties.
-
Disable accounts promptly: Disable accounts immediately when an employee's role changes or they leave the organization. Prompt deactivation is a critical security measure to prevent unauthorized access.
-
Audit login activity: Regularly review the Login Activity for your admin accounts to monitor for unusual patterns or unauthorized access attempts. Proactive monitoring helps secure your organization's backend data.
-
Maintain clear internal documentation: Maintain internal records of your admin accounts, their assigned roles, and any specific notes. This is especially important for disabled accounts to provide context for future administrators or security audits.