Users

Form ID: (SM201010)

On this form, you can add users to the system and edit existing users. You can assign roles to a user, associate the user with an employee or business contact account, and edit user information. You can also use the form to delete obsolete users. Also, from this form, you can sign in as the selected user if you need to see the system as the user sees it.

To get access to the system, users must authenticate themselves by entering their user name and password. These users should have roles assigned before they sign in to the system. Each role is a set of access rights, or permissions, to work with system entities. You can assign to each user one role or multiple roles in accordance with different sets of responsibilities. For more information, see User Access: General Information and Restriction Groups in MYOB Advanced.

If your system is integrated with Active Directory (AD), Active Directory Federation Services (AD FS) or Microsoft Azure Active Directory (Azure AD), all domain users access MYOB Advanced by using the same credentials they use to sign in to the local network. The password and user account policies are set at the domain level, and the security policy settings in MYOB Advanced do not affect user accounts. In this case, the roles assigned to users are defined by AD or Azure AD groups by default but can be overridden for specific users. For more information, see Integration with Active Directory and Integration with Azure Active Directory.

Form Toolbar

The form toolbar includes standard and form-specific buttons and commands. For the list of standard buttons, see Form Toolbar and More Menu. The form-specific commands are listed in the following table.


Button	Description
Activate User	Activates the new user account if the account requires activation. This button appears only when you create a new user and select a user type that requires account activation.
Add Active Directory User	Gives you the ability to add an AD user from the list of available users. When you click this button, the system opens the Active Directory User dialog box. This button appears only if the Active Directory and Other External SSO feature is enabled on the Enable/Disable Features form and your MYOB Advanced instance is integrated with AD for your company.
Disable User	Temporarily disables the selected user account. This button appears only for an enabled user account. Attention: You cannot deactivate your own user account.
Enable User	Enables the selected user account. This button appears only for a disabled user account.
Generate Access Codes	This button generates and displays a list of access codes for the selected user. This button is available only if the Two-Factor Authentication feature is enabled on the Enable/Disable Features form.
Sign In as User	Gives you the ability to sign in to the system by using the credentials of the selected user. This button is available only if the selected user already exists in the database and you are not already signed in as the selected user.
Membership	Opens the Restriction Groups by User (SM201035) form, where you can view or configure the user's membership in groups. This button appears only when you are viewing an existing user.
Reload AD Users	Updates the list of users in MYOB Advanced with current information from AD. This button appears only if the Active Directory and Other External SSO feature is enabled on the Enable/Disable Features form and you integrated MYOB Advanced instance with AD, AD FS, or Azure AD, and when the number of users in AD or Azure AD is greater than or equal to 1000.
Reset Password	Opens the Reset Password dialog box, where you can specify a new password for the selected user.
Unlock User	Unlocks the selected user account. This button appears only if the account was temporarily locked.
Authorise MYOB Admin	Sends a request to MYOB Sales Operations on behalf of the user, requesting authorisation to interface with external systems like Single Touch Payroll and Bank Feeds. This does not grant them administrative rights in MYOB Advanced or change their existing security profile in any way.

Table 1. Reset Password Dialog BoxYou can use this dialog box, which opens when you click the Reset Password button, to reset the password for the selected user.
Element	Description
New Password	The new password for the selected user.
Confirm Password	The new password for the selected user, which you retype to confirm it to the system.
This dialog box has the following buttons.
OK	Resets the password with the new one and closes the dialog box.
Cancel	Closes the dialog box without resetting the password.

Table 2. Active Directory UserThis dialog box opens when you click the Add Active Directory User button. By using this dialog box, you can add an AD user from the list of available users to the list of users in MYOB Advanced.
Element	Description
Active Directory User	The AD user that should be added to the list of users. Click the magnifier icon to open the list of AD users.
This dialog box has the following buttons.
OK	Adds the selected AD user and closes the dialog box.
Cancel	Closes the dialog box without adding an AD user.

Summary Area

You use this area to specify the settings for a new user account or to edit and possibly update an existing account.


Element	Description
Login	Required. The unique login name to authorize this user to log in to the system. Select a user name to view information about the user, or enter the name to create a new user. If MYOB Advanced is integrated with AD, Active Directory Federation Services (AD FS), or Microsoft Azure Active Directory (Azure AD), accounts for domain users are added in the system. The login of a domain user account includes the name of the domain and the user name of the user in the domain as follows: AD: <Domain>\<UserName>, where <Domain> is the NetBIOS domain name of the integrated domain, and <UserName> is the user account name in the integrated domain. AD FS or Azure AD: <UserName>@<Domain>, where <UserName> is the user account name in the integrated domain, and Domain is the UPN suffix, also known as the domain name. For more information about the accounts of the domain users, see Integration with Active Directory, Integration with AD FS, and Integration with Azure Active Directory.
Password	The password the new user should use when initially signing in. This box appears only for newly added users. You can specify the password only if you clear the Generate Password check box.
Generate Password	A check box that you select to have the system generate the password automatically; this check box appears (and is selected by default) for newly added users. The login information will be sent to the user's email address when you save the user account. If you clear this check box, you must enter a password for the new user in the Password box.
Forbid Login with Password	A check box that indicates (if selected) that the user cannot use MYOB Advanced credentials for signing in to the system. The user must sign in with the credentials of the external OpenID provider configured for the user. If the check box is selected, the Use Roles from Provider Settings check box is available, and the following check boxes (which are related to MYOB Advanced credentials) is unavailable: Allow Password Recovery Allow Password Changes Password Never Expires Force User to Change Password on Next Login This check box is available if the OpenID Connect feature is enabled on the Enable/Disable Features (CS100000) form and there is at least one active OpenID provider is configured on the OpenID Providers (SM303020) form.
Guest Account	A read-only check box that indicates (if selected) that the account is associated with a contact-related user type. For a new user, the system selects or clears this check box automatically when you select the user type.
User Type	The user type of this user, which defines the set of roles available to the user, the default roles assigned to the user, and the user types for which the user can create, manage, and add users. If you are creating a user account for a contact, you must select a contact-related user type for the user or add a new user type. To add a new user type, click Edit () to the right of the box to open the User Types (EP202500) form in a pop-up window and add the type. For more information about user types, see User Access: Linked Entities and User Types. Attention: This box is not available when you select a domain user.
Linked Entity	An employee or contact account that is associated with the user. If the user you are creating is already defined in the system as an employee or contact account, you can select the appropriate employee or contact name in this box. This will cause relevant elements to be filled in. The user type you have selected determines whether this box can be left blank and what type of account you can select. If you have selected an employee-related user type in the User Type box or left it blank, you can select an employee account or leave the Linked Entity box blank. Tip: Before linking employees to user accounts, you must create these employees in the system by using the Employees (EP203000) form. To each employee, you can link only one user account. If you have created employees in the system but do not see any of them in the lookup box of the Linked Entity box, this means that all employees already have associated user accounts. If you have selected a contact-related user type in the User Type box, you must select a contact account here or add a new contact. To add a new contact account, click Edit () to the right of the box to open the Contacts (CR302000) form in a pop-up window and add the contact account. When you save the added contact account, it will automatically be inserted in this box. For more information about contacts, see Creating Contacts.
First Name	The first name of the user.
Last Name	The last name of the user.
Email	Required. The email address of the user, which is used to send information to the user, such as a link to password reset.
Comment	Any additional user-related information that you want to add to the record.
Status	Read-only. The account status. The following options are available: Pending Activation: The new user account is awaiting activation. Active: The user account is active. Online: The user account is active and the user is signed in to the system. Disabled: The user account is disabled. Temporarily Locked: The user account is temporarily locked out.
Allow Password Recovery	A check box that you select to allow password recovery for the user if this user forgets the assigned password. This check box is not available for domain users. By default, this check box is selected.
Allow Password Changes	A check box that you select to allow the user to change the password at will by using the User Profile (SM203010) form. This check box is not available for domain users. By default, this check box is selected.
Password Never Expires	A check box that you select to prevent the user from ever being prompted to change the password. This check box is not available for domain users. By default, this check box is selected.
Force User to Change Password on Next Login	A check box that you select to require the user to change his or her password during the next login. This check box is not available for domain users. By default, this check box is selected.
Override Active Directory Roles with Local Roles	A check box that you select to assign the domain user roles other than those automatically assigned based on the user's Active Directory groups. When you select this check box, the Roles tab becomes available on the current form for the selected domain user. After you make changes on that tab and save the changes, the user is assigned to only the roles selected on the Roles tab. This check box appears for a domain user only. By default, this check box is cleared.
Max. Number of Concurrent Logins	The maximum number of sessions that are allowed for this user account. By default, the value is 3. For details about the number of sessions for integrated applications, see Limitation of API Connections for Integrated Applications.
Use Roles from Provider Settings	A check box that indicates (if selected) that the system overrides the list of roles configured for the user with the roles the system receives from the OpenID provider for the user account. You map the roles configured with an OpenID provider to the MYOB Advanced roles on the Role Mapping Rules tab of the OpenID Providers (SM303020) form. This check box is available if the OpenID Connect feature is enabled on the Enable/Disable Features form.

Table 3. Two-Factor Authentication Section
This section is available only if the *Two-Factor Authentication* feature is enabled on the Enable/Disable Features form.
Element	Description
Override Security Preferences	A check box that you select in order to override the system default setting specified in the Two-Factor Authentication box of the Security Preferences (SM201060) form and specify the two-factor authentication mode for the selected user. (Otherwise, the settings specified on the Security Preferences form will be used.)
Two-Factor Authentication	Select one of the following options: None: The two-factor authentication is disabled. Required: The two-factor authentication is required. Required for Unknown Devices: The two-factor authentication is required for unknown devices. Attention: You must select the Override Security Preferences check box in order to make this box available.

Roles Tab

By using this tab, you can view, add, and remove any role assigned to the selected local user.

For a domain user, this tab shows the roles assigned to the user automatically depending on the Active Directory groups associated with the user. To assign other roles to the domain user, select the Override Active Directory Roles with Local Roles check box in the Summary area, and assign the roles to the user on this tab.

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.

Table 4. Table Columns
Column	Description
Selected	A check box that you select to assign this role to the selected user.
Role Name	Read-only. The name that identifies the role.
Role Description	Read-only. The description of the role.

Statistics Tab

On this tab, you can see the account usage information. This tab is not available for domain users.


Element	Description
Account Creation Date	Read-only. The date and time when the account was created.
Last Login Date	Read-only. The date and time of the last login.
Last Lockout Date	Read-only. The most recent date when the account was temporarily locked out.
Last Password Change Date	Read-only. The date and time of the most recent password change.
Number of Unsuccessful Attempts to Enter Password	Read-only. The number of unsuccessful attempts the user made to sign into the account. It is reset according to a value of the Reset Lockout Counter After x Minutes box on the Security Preferences (SM201060) form. For more information on account lockout policy, see Preparing an Instance: System-Wide Security Policy.
Number of Unsuccessful Attempts to Enter Recovery Answer	Read-only. The number of unsuccessful attempts the user made to enter the user recovery response. For more information on account lockout policy, see Preparing an Instance: System-Wide Security Policy.

IP Filter Tab

You can use this tab to set up the range (or ranges) of IP addresses from which the user may sign in. If you have specified addresses here, access from other addresses will not be allowed. If you want to specify a list (rather than a range) of IP addresses, specify the same address in both columns for each IP address.

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.

Table 5. Table Columns
Column	Description
Start IP Address	The IP address that starts the range of allowed IP addresses.
End IP Address	The IP address that ends the range of allowed IP addresses.

External Identities Tab

You can use this tab to see whether single sign-on (SSO) with particular providers is activated for the user and to control this possibility. For more information on single sign-on configuration, see Single Sign-On with Google and Single Sign-On with Microsoft Account.

Attention:

The Google and MicrosoftAccount providers are available only if the Google and Microsoft SSO feature is enabled on the Enable/Disable Features form.

All providers added as part of a customization project are available only if the Active Directory and Other External SSO feature is enabled on the Enable/Disable Features form.

Table 6. Table Columns
Column	Description
Provider Name	The external identity provider supported by MYOB Advanced.
Active	A check box that indicates whether SSO with the identity provider for this user is activated. If this check box is selected you can clear it to forbid the user signing in to your MYOB Advanced instance by using SSO with the identity provider. Users can use SSO with the selected identity provider only if SSO has been enabled with this identity provider for your MYOB Advanced instance on the Security Preferences (SM201060) form.
User Key	The unique identifier of the user account that is used for SSO with the external identity provider. The key value, which is generated by the external identity provider, is displayed in the box after the user has registered his or her external account with the MYOB Advanced instance. MYOB Advanced uses the key to map the user's external account with his or her local account in the MYOB Advanced instance.
Claim Type	The claim whose value is used for user identification in the integration with the OpenID provider.
OIDC	Read-only. A check box that indicates (if selected) that the external identity provider is using OpenID Connect (OIDC) protocol. You can configure integration with an OpenID provider on the OpenID Providers (SM303020) form.

Personal Settings Tab

On this tab, you can specify a variety of default settings to be used in MYOB Advanced for the selected user. For example, you can select one of the available certificates as the user's personal certificate for signing portable document format (PDF) files. Users can change these settings themselves on the User Profile (SM203010) form.


Element	Description
PDF Signing Certificate	The certificate that the system will use for signing PDF files this user generates in MYOB Advanced. If no certificate is specified here, files will be signed with the default PDF certificate specified on the Site Preferences (SM200505) form.
Time Zone	The user's time zone, which will be used to display the timestamps for documents and wiki articles. If a time zone is specified for the user, these timestamps will be converted to the user's specified time zone. If no time zone is specified, documents will be time-stamped using the time settings on the server computer.
Default Branch	The branch to which the selected user will be signed in by default if the user has access to multiple branches.
Home Page	The dashboard to be displayed for the user on the home page of MYOB Advanced instance.

Sync Status Tab

This tab is available only if the Salesforce Integration feature is enabled on the Enable/Disable Features (CS100000) form.

On this tab, you can review the synchronization status of the record. If the record has not been synchronized with Salesforce, you can initiate the synchronization process by clicking the Sync to Salesforce button. For more details, see Overview of Synchronization with Salesforce.

Table 7. Table Toolbar
The table toolbar includes standard buttons and buttons that are specific to this table. For the list of standard buttons, see Table Toolbar. The table-specific buttons are listed below.
Button	Description
Sync with Salesforce	Synchronizes the data with Salesforce. This button is available if the Salesforce Sync data provider is marked active on the Data Providers (SM206015) form and only for entities listed on the Salesforce Sync (SF205020) form.

Table 8. Table Columns
Column	Description
Data Provider	The data provider used for data synchronization with the external system.
Ext. Ref.	The external reference to the corresponding synchronized record in the external system.
Status	The synchronization status of the record. The following options are available: Modified Locally: The record was modified in MYOB Advanced, and then the data was synchronized with the external system. Modified Externally: The record was modified in the external system, and then the data was synchronized with MYOB Advanced. Synchronized: The record was created or deleted in one of the systems, and then the data was synchronized with the other system.
Operation	The operation that modified the record data. The following options are available: Update, Insert, and Delete.
Error	The error message displayed for this record if synchronization has failed.
Latest Attempt	The date and time of the latest synchronization attempt.
Import Scenario	The import scenario used for importing this entity's data from the external system.
Export Scenario	The export scenario used for exporting this entity's data to the external system.

Devices Tab

You can use this tab to manage the devices a user uses to sign in to the MYOB mobile app. The system automatically registers a particular user's device when he or she signs in to the mobile app if the device allows the user to receive push notifications. The system updates the information about the device on this tab, if needed, with each sign-in to the mobile app. For details, see User Access: Mobile Devices.

Table 9. Table ToolbarThe table toolbar includes standard buttons and buttons specific to this table. For the list of standard buttons, see Table Toolbar. The table-specific buttons are listed below.
Button	Description
Delete All	Deletes all devices that are registered for the user and that have been used to access the MYOB mobile app.
Disable All	Disables the sending of push notifications to all registered devices for this user and clears the Turn on Notifications check box for all mobile devices listed in the table.
Enable All	Enables the sending of push notifications to all registered devices for this user and selects the Turn on Notifications check box for all mobile devices listed in the table.

Table 10. Table Columns
Column	Description
Turn on Notifications	A check box that you select to allow the system to send push notifications on the device listed in this row.
Mobile Application ID	Read-only. The unique identifier of the mobile app installed on the mobile device.
Device Name	Read-only. The name of the device, as specified in its settings.
Device Model	Read-only. The model of the device.
OS Version	Read-only. The version of the operating system that is installed on the device.
Token Expired	Read-only. A check box whose value indicates whether the authorization token for this device has expired. If the mobile device has not been used to sign in to the app, the system refreshes the token for 60 days after the last sign-in.
Send Confirmation Push	A check box whose value indicates whether the push notification login request will be sent to each particular device when the user tries to sign in to the web application.

Location Tracking Tab

On this tab, you can turn on and configure location tracking for the selected user. With this location tracking turned on, the user's past location coordinates can be viewed on the Location Tracking History (SM202000) form.

Attention: For GPS location coordinates to be tracked, on the user's device, GPS location recording has to be switched on.

If the field services functionality is used in your system, and the Show Location Tracking check box is selected on the Service Management Preferences (FS100100) form, you can view the latest location of the user on maps of the Staff Appointments on Map (FS301100) and Staff Routes on Map (FS301000) forms.

Table 11. Location Tracking Settings Section
Element	Description
Track Location	A check box that indicates (if selected) that the system should perform location tracking for the user selected on the form.
Tracking Frequency	The frequency at which the system registers the user location. By default, the system tracks the location every five minutes.
Distance Frequency	The distance that the user has to move so that the system registers the user location. By default, the system tracks the location every 250 meters.

Table 12. Table
In this table, you can specify, view, and edit the days and time periods when the system registers the location of the user’s mobile device.

If an employee account is selected in the Linked Entity box of the Summary area of the current form, when the Location Tracking check box is initially selected, the system copies the settings to the table from the calendar assigned to the employee in the Calendar box of the Employees (EP203000) form. If no employee is specified in the Linked Entity box, when the Location Tracking check box is initially selected, the table is empty and you can insert the times manually.

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.
Column	Description
Day of Week	The day of the week on which the location is tracked.
Start Time	The time when the location tracking starts for the particular day of the week.
End Time	The time when the location tracking ends for the particular day of the week.