Users

Form ID: (SM201010)

On this form, you can add users to the system and edit existing users. You can assign roles to a user, associate the user with an employee or business contact account, and edit user information. You can also use the form to delete obsolete users. Also, from this form, you can sign in as the selected user if you need to see the system as the user sees it.

To get access to the system, users must authenticate themselves by entering their user name and password. These users should have roles assigned before they sign in to the system. Each role is a set of access rights, or permissions, to work with system entities. You can assign to each user one role or multiple roles in accordance with different sets of responsibilities. For more information, see User Access: General Information and Restriction Groups in MYOB Acumatica.

If your system is integrated with Active Directory (AD), Active Directory Federation Services (AD FS) or Microsoft Azure Active Directory (Azure AD), all domain users access MYOB Acumatica by using the same credentials they use to sign in to the local network. The password and user account policies are set at the domain level, and the security policy settings in MYOB Acumatica do not affect user accounts. In this case, the roles assigned to users are defined by AD or Azure AD groups by default but can be overridden for specific users. For more information, see Integration with Active Directory and Integration with Azure Active Directory.

Form Toolbar

The form toolbar includes standard and form-specific buttons and commands. For the list of standard buttons, see Form Toolbar and More Menu. The form-specific commands are listed in the following table.

Button Description
Activate User

Activates the new user account if the account requires activation.

This button appears only when you create a new user and select a user type that requires account activation.

Add Active Directory User

Gives you the ability to add an AD user from the list of available users. When you click this button, the system opens the Active Directory User dialog box.

This button appears only if the Active Directory and Other External SSO feature is enabled on the Enable/Disable Features (CS100000) form and your MYOB Acumatica instance is integrated with AD for your company.

Disable User

Temporarily disables the selected user account.

This button appears only for an enabled user account.

Attention: You cannot deactivate your own user account.
Enable User

Enables the selected user account.

This button appears only for a disabled user account.

Generate Access Codes

This button generates and displays a list of access codes for the selected user.

This button is available only if the Two-Factor Authentication feature is enabled on the Enable/Disable Features (CS100000) form.

Sign In as User

Gives you the ability to sign in to the system by using the credentials of the selected user.

This button is available only if the selected user already exists in the database and you are not already signed in as the selected user.

Membership

Opens the Restriction Groups by User (SM201035) form, where you can view or configure the user's membership in groups.

This button appears only when you are viewing an existing user.

Reload AD Users

Updates the list of users in MYOB Acumatica with current information from AD.

This button appears only if the Active Directory and Other External SSO feature is enabled on the Enable/Disable Features (CS100000) form and you integrated MYOB Acumatica instance with AD, AD FS, or Azure AD, and when the number of users in AD or Azure AD is greater than or equal to 1000.

Reset Password Opens the Reset Password dialog box, where you can specify a new password for the selected user.
Unlock User

Unlocks the selected user account.

This button appears only if the account was temporarily locked.

Authorise MYOB Admin Sends a request to MYOB Sales Operations on behalf of the user, requesting authorisation to interface with external systems like Single Touch Payroll and Bank Feeds. This does not grant them administrative rights in MYOB Acumatica or change their existing security profile in any way.
Table 1. Reset Password Dialog BoxYou can use this dialog box, which opens when you click the Reset Password button, to reset the password for the selected user.
Element Description
New Password The new password for the selected user.
Confirm Password The new password for the selected user, which you retype to confirm it to the system.
This dialog box has the following buttons.
OK Resets the password with the new one and closes the dialog box.
Cancel Closes the dialog box without resetting the password.
Table 2. Active Directory UserThis dialog box opens when you click the Add Active Directory User button. By using this dialog box, you can add an AD user from the list of available users to the list of users in MYOB Acumatica.
Element Description
Active Directory User The AD user that should be added to the list of users. Click the magnifier icon to open the list of AD users.
This dialog box has the following buttons.
OK Adds the selected AD user and closes the dialog box.
Cancel Closes the dialog box without adding an AD user.

Summary Area

You use this area to specify the settings for a new user account or to edit and possibly update an existing account.

Element Description
Login

Required. The unique login name to authorize this user to log in to the system. Select a user name to view information about the user, or enter the name to create a new user.

If MYOB Acumatica is integrated with AD, Active Directory Federation Services (AD FS), or Microsoft Azure Active Directory (Azure AD), accounts for domain users are added in the system. The login of a domain user account includes the name of the domain and the user name of the user in the domain as follows:

  • AD: <Domain>\<UserName>, where <Domain> is the NetBIOS domain name of the integrated domain, and <UserName> is the user account name in the integrated domain.
  • AD FS or Azure AD: <UserName>@<Domain>, where <UserName> is the user account name in the integrated domain, and Domain is the UPN suffix, also known as the domain name.

For more information about the accounts of the domain users, see Integration with Active Directory, Integration with AD FS, and Integration with Azure Active Directory.

Password The password the new user should use when initially signing in. This box appears only for newly added users. You can specify the password only if you clear the Generate Password check box.
Generate Password A check box that you select to have the system generate the password automatically; this check box appears (and is selected by default) for newly added users. The login information will be sent to the user's email address when you save the user account. If you clear this check box, you must enter a password for the new user in the Password box.
Forbid Login with Password

A check box that indicates (if selected) that the user cannot use MYOB Acumatica credentials for signing in to the system. The user must sign in with the credentials of the external OpenID provider configured for the user.

If the check box is selected, the Use Roles from Provider Settings check box is available, and the following check boxes (which are related to MYOB Acumatica credentials) is unavailable:

  • Allow Password Recovery
  • Allow Password Changes
  • Password Never Expires
  • Force User to Change Password on Next Login

This check box is available if the OpenID Connect feature is enabled on the Enable/Disable Features (CS100000) form and there is at least one active OpenID provider is configured on the OpenID Providers (SM303020) form.

Guest Account A read-only check box that indicates (if selected) that the account is associated with a contact-related user type. For a new user, the system selects or clears this check box automatically when you select the user type.
User Type

The user type of this user, which defines the set of roles available to the user, the default roles assigned to the user, and the user types for which the user can create, manage, and add users. If you are creating a user account for a contact, you must select a contact-related user type for the user or add a new user type.

To add a new user type, click Edit () to the right of the box to open the User Types (EP202500) form in a pop-up window and add the type. For more information about user types, see User Access: Linked Entities and User Types.

Attention: This box is not available when you select a domain user.
Linked Entity

An employee or contact account that is associated with the user. If the user you are creating is already defined in the system as an employee or contact account, you can select the appropriate employee or contact name in this box. This will cause relevant elements to be filled in.

The user type you have selected determines whether this box can be left blank and what type of account you can select. If you have selected an employee-related user type in the User Type box or left it blank, you can select an employee account or leave the Linked Entity box blank.

Tip:
  • Before linking employees to user accounts, you must create these employees in the system by using the Employees (EP203000) form.
  • To each employee, you can link only one user account. If you have created employees in the system but do not see any of them in the lookup box of the Linked Entity box, this means that all employees already have associated user accounts.

If you have selected a contact-related user type in the User Type box, you must select a contact account here or add a new contact. To add a new contact account, click Edit () to the right of the box to open the Contacts (CR302000) form in a pop-up window and add the contact account. When you save the added contact account, it will automatically be inserted in this box.

For more information about contacts, see Creating Contacts.

First Name The first name of the user.
Last Name The last name of the user.
Email Required. The email address of the user, which is used to send information to the user, such as a link to password reset.
Comment Any additional user-related information that you want to add to the record.
Status Read-only. The account status. The following options are available:
  • Pending Activation: The new user account is awaiting activation.
  • Active: The user account is active.
  • Online: The user account is active and the user is signed in to the system.
  • Disabled: The user account is disabled.
  • Temporarily Locked: The user account is temporarily locked out.
Allow Password Recovery

A check box that you select to allow password recovery for the user if this user forgets the assigned password. This check box is not available for domain users.

By default, this check box is selected.

Allow Password Changes

A check box that you select to allow the user to change the password at will by using the User Profile (SM203010) form.

This check box is not available for domain users. By default, this check box is selected.

Password Never Expires

A check box that you select to prevent the user from ever being prompted to change the password.

This check box is not available for domain users. By default, this check box is selected.

Force User to Change Password on Next Login

A check box that you select to require the user to change his or her password during the next login.

This check box is not available for domain users. By default, this check box is selected.

Override Active Directory Roles with Local Roles

A check box that you select to assign the domain user roles other than those automatically assigned based on the user's Active Directory groups. When you select this check box, the Roles tab becomes available on the current form for the selected domain user. After you make changes on that tab and save the changes, the user is assigned to only the roles selected on the Roles tab.

This check box appears for a domain user only. By default, this check box is cleared.

Max. Number of Concurrent Logins

The maximum number of sessions that are allowed for this user account. By default, the value is 3.

For details about the number of sessions for integrated applications, see Limitation of API Connections for Integrated Applications.

Use Roles from Provider Settings

A check box that indicates (if selected) that the system overrides the list of roles configured for the user with the roles the system receives from the OpenID provider for the user account.

You map the roles configured with an OpenID provider to the MYOB Acumatica roles on the Role Mapping Rules tab of the OpenID Providers (SM303020) form.

This check box is available if the OpenID Connect feature is enabled on the Enable/Disable Features (CS100000) form.

Table 3. Two-Factor Authentication Section

This section is available only if the Two-Factor Authentication feature is enabled on the Enable/Disable Features (CS100000) form.

Element Description
Override Security Preferences A check box that you select in order to override the system default setting specified in the Two-Factor Authentication box of the Security Preferences (SM201060) form and specify the two-factor authentication mode for the selected user. (Otherwise, the settings specified on the Security Preferences (SM201060) form will be used.)
Two-Factor Authentication Select one of the following options:
  • None: The two-factor authentication is disabled.
  • Required: The two-factor authentication is required.
  • Required for Unknown Devices: The two-factor authentication is required for unknown devices.
Attention: You must select the Override Security Preferences check box in order to make this box available.

Roles Tab

By using this tab, you can view, add, and remove any role assigned to the selected local user.

For a domain user, this tab shows the roles assigned to the user automatically depending on the Active Directory groups associated with the user. To assign other roles to the domain user, select the Override Active Directory Roles with Local Roles check box in the Summary area, and assign the roles to the user on this tab.

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.

Table 4. Table Columns
Column Description
Selected A check box that you select to assign this role to the selected user.
Role Name Read-only. The name that identifies the role.
Role Description Read-only. The description of the role.

Statistics Tab

On this tab, you can see the account usage information. This tab is not available for domain users.

Element Description
Account Creation Date Read-only. The date and time when the account was created.
Last Login Date Read-only. The date and time of the last login.
Last Lockout Date Read-only. The most recent date when the account was temporarily locked out.
Last Password Change Date Read-only. The date and time of the most recent password change.
Number of Unsuccessful Attempts to Enter Password

Read-only. The number of unsuccessful attempts the user made to sign into the account. It is reset according to a value of the Reset Lockout Counter After x Minutes box on the Security Preferences (SM201060) form.

For more information on account lockout policy, see Preparing an Instance: System-Wide Security Policy.

Number of Unsuccessful Attempts to Enter Recovery Answer

Read-only. The number of unsuccessful attempts the user made to enter the user recovery response.

For more information on account lockout policy, see Preparing an Instance: System-Wide Security Policy.

IP Filter Tab

You can use this tab to set up the range (or ranges) of IP addresses from which the user may sign in. If you have specified addresses here, access from other addresses will not be allowed. If you want to specify a list (rather than a range) of IP addresses, specify the same address in both columns for each IP address.

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.

Table 5. Table Columns
Column Description
Start IP Address The IP address that starts the range of allowed IP addresses.
End IP Address The IP address that ends the range of allowed IP addresses.

External Identities Tab

You can use this tab to see whether single sign-on (SSO) with particular external identity providers has been configured and activated for the user. For more information, see Integrating MYOB Acumatica with OpenID Identity Providers.

The data in the table is read-only.

Attention: All providers added as part of a customization project are available only if the Active Directory and Other External SSO feature is enabled on the Enable/Disable Features (CS100000) form.
Table 6. Table Columns
Column Description
Provider Name The external identity provider supported by MYOB Acumatica.
Active A check box that indicates whether SSO with the identity provider for this user is activated.
User Key The unique identifier of the user account that is used for SSO with the external identity provider. The key value, which is generated by the external identity provider, is displayed in the box after the user has registered his or her external account with the MYOB Acumatica instance. MYOB Acumatica uses the key to map the user's external account with his or her local account in the MYOB Acumatica instance.
Identity Claim Type The claim whose value is used for user identification in the integration with the OpenID provider.

Personal Settings Tab

On this tab, you can specify a variety of default settings to be used in MYOB Acumatica for the selected user. For example, you can select one of the available certificates as the user's personal certificate for signing portable document format (PDF) files. Users can change these settings themselves on the User Profile (SM203010) form.

Element Description
PDF Signing Certificate The certificate that the system will use for signing PDF files this user generates in MYOB Acumatica. If no certificate is specified here, files will be signed with the default PDF certificate specified on the Site Preferences (SM200505) form.
Time Zone The user's time zone, which will be used to display the timestamps for documents and wiki articles. If a time zone is specified for the user, these timestamps will be converted to the user's specified time zone. If no time zone is specified, documents will be time-stamped using the time settings on the server computer.
Default Branch The branch to which the selected user will be signed in by default if the user has access to multiple branches.
Home Page The dashboard to be displayed for the user on the home page of MYOB Acumatica instance.
Pacejet Workstation ID The ID of the printing workstation in Pacejet that will be inserted by default into shipments this user creates with a Pacejet-related Ship Via code.

This box appears only if the Pacejet feature is enabled on the Enable/Disable Features (CS100000) form.

Email Accounts Tab

On this tab, you can review a list of all personal email accounts related to the selected user—that is, the email accounts for which the value of the Personal Account For box on the Email Accounts (SM204002) form is the name of the selected user. The data in the table is read-only.

You can add an email account to the table by clicking Add Email Account () on the table toolbar of the tab and creating a new email account record on the Email Accounts (SM204002) form that will open in a new browser tab with the Personal Account For box prefilled with the name of the selected user.

Table 7. Table

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.

Column Description
Account Name The name of the email account.
Email Address The email address of the account.
Active A check box that indicates (if selected) that the email account is active.
Email Account Type The type of the email account, which can be one of the following: Standard, Exchange, or Email Service Plug-In.
Authentication Method The authentication method used to access the email account. It can be Basic Authentication, OAuth2, or Plug-In.
Username The user name used for the email account.

Sync Status Tab

This tab is available only if the Salesforce Integration feature is enabled on the Enable/Disable Features (CS100000) form.

On this tab, you can review the synchronization status of the record. If the record has not been synchronized with Salesforce, you can initiate the synchronization process by clicking the Sync to Salesforce button. For more details, see Overview of Synchronization with Salesforce.

Table 8. Table Toolbar

The table toolbar includes standard buttons and buttons that are specific to this table. For the list of standard buttons, see Table Toolbar. The table-specific buttons are listed below.

Button Description
Sync with Salesforce

Synchronizes the data with Salesforce.

This button is available if the Salesforce Sync data provider is marked active on the Data Providers (SM206015) form and only for entities listed on the Salesforce Sync (SF205020) form.

Table 9. Table Columns
Column Description
Data Provider The data provider used for data synchronization with the external system.
Ext. Ref. The external reference to the corresponding synchronized record in the external system.
Status

The synchronization status of the record.

The following options are available:

  • Modified Locally: The record was modified in MYOB Acumatica, and then the data was synchronized with the external system.
  • Modified Externally: The record was modified in the external system, and then the data was synchronized with MYOB Acumatica.
  • Synchronized: The record was created or deleted in one of the systems, and then the data was synchronized with the other system.
Operation

The operation that modified the record data.

The following options are available: Update, Insert, and Delete.

Error The error message displayed for this record if synchronization has failed.
Latest Attempt The date and time of the latest synchronization attempt.
Import Scenario The import scenario used for importing this entity's data from the external system.
Export Scenario The export scenario used for exporting this entity's data to the external system.

Devices Tab

You can use this tab to manage the devices a user uses to sign in to the MYOB mobile app. The system automatically registers a particular user's device when he or she signs in to the mobile app if the device allows the user to receive push notifications. The system updates the information about the device on this tab, if needed, with each sign-in to the mobile app. For details, see User Access: Mobile Devices.

Table 10. Table ToolbarThe table toolbar includes standard buttons and buttons specific to this table. For the list of standard buttons, see Table Toolbar. The table-specific buttons are listed below.
Button Description
Delete All Deletes all devices that are registered for the user and that have been used to access the MYOB mobile app.
Disable All Disables the sending of push notifications to all registered devices for this user and clears the Turn on Notifications check box for all mobile devices listed in the table.
Enable All Enables the sending of push notifications to all registered devices for this user and selects the Turn on Notifications check box for all mobile devices listed in the table.
Table 11. Table Columns
Column Description
Turn on Notifications A check box that you select to allow the system to send push notifications on the device listed in this row.
Mobile Application ID Read-only. The unique identifier of the mobile app installed on the mobile device.
Device Name Read-only. The name of the device, as specified in its settings.
Device Model Read-only. The model of the device.
OS Version Read-only. The version of the operating system that is installed on the device.
Token Expired Read-only. A check box whose value indicates whether the authorization token for this device has expired. If the mobile device has not been used to sign in to the app, the system refreshes the token for 60 days after the last sign-in.
Send Confirmation Push A check box whose value indicates whether the push notification login request will be sent to each particular device when the user tries to sign in to the web application.

Location Tracking Tab

On this tab, you can turn on and configure location tracking for the selected user. With this location tracking turned on, the user's past location coordinates can be viewed on the Location Tracking History (SM202000) form.

Attention: For GPS location coordinates to be tracked, on the user's device, GPS location recording has to be switched on.

If the field services functionality is used in your system, and the Show Location Tracking check box is selected on the Service Management Preferences (FS100100) form, you can view the latest location of the user on maps of the Staff Appointments on Map (FS301100) and Staff Routes on Map (FS301000) forms.

Table 12. Location Tracking Settings Section
Element Description
Track Location A check box that indicates (if selected) that the system should perform location tracking for the user selected on the form.
Tracking Frequency The frequency at which the system registers the user location. By default, the system tracks the location every five minutes.
Distance Frequency The distance that the user has to move so that the system registers the user location. By default, the system tracks the location every 250 meters.
Table 13. Table

In this table, you can specify, view, and edit the days and time periods when the system registers the location of the user’s mobile device.

If an employee account is selected in the Linked Entity box of the Summary area of the current form, when the Location Tracking check box is initially selected, the system copies the settings to the table from the calendar assigned to the employee in the Calendar box of the Employees (EP203000) form. If no employee is specified in the Linked Entity box, when the Location Tracking check box is initially selected, the table is empty and you can insert the times manually.

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.

Column Description
Day of Week The day of the week on which the location is tracked.
Start Time The time when the location tracking starts for the particular day of the week.
End Time The time when the location tracking ends for the particular day of the week.