Add a New ion User
It's easy for a console owner to create a new user account. Upon login creation, an email notification will automatically be sent to the new user.
- Navigate to Settings > Accounts
- Add a user
- Enter the email address of the new user
- You may choose to make this user a “console owner” (full privileges to add/edit accounts)
- Or, select the user's feature and portfolio access
- Save the user information
Once the new user information is saved, an email will be sent to the address entered in step 3 with a link the new user can use to set up their login credentials.
Console owners can edit user information by clicking the username within the Manage Accounts screen.
Change Your Password
You must be logged into ion under your own account.
- Navigate to Settings > Change Password
- Enter your old password
- Enter a new password (minimum 6 characters, 1 digit or non-alphanumeric character)
- Verify your new password
- Save the updated password
To change another owner's password, navigate to Settings > Manage Accounts and click the other console owner’s username account you want to change and then click the “Force Password Reset” button at the top of the screen. The next time the other user tries to log in, they will be prompted to enter their old password as well as the new one they would like to change it to.
Forgot Your Password?
You will find a "reset password" link below the password textbox on your console login screen. If you forget your password, simply click this link and enter your username on the next screen. The platform will send you an email with a link prompting you to reset your password.
Account owners will find options to lockout users within the Configure Site screen (Settings > Configure Site).
From here, account owners can customize the following lockout options:
- Password failed attempts - Number of login attempts before user is locked out of console.
- Lockout duration - Minutes user will need to wait before they can attempt to log into the console again.
- Password expiration - Number of days until passwords expire (requiring password reset after expiration).
- Password history count - Number of times a given password can be used when resetting password.
- Enable lockout notifications - When checked, sends email to all console owners when a user is locked out of the console with a link that allows owner to restore user's access to console.
*NOTE: Console owners can also force all users to reset their passwords manually at the top of the Manage Accounts screen.
Restrict Access to ion Users
ion allows the restriction of users. Account owners can add/edit ion users and specify more granular control of areas within the console that users have access to. There are three ways in which an ion user can be granted access; users can be:
- Assigned the "owner" flag, which automatically gives that user access to everything regardless of the next two options
- Assigned permission to access specific ion functionality. This will control access to only certain console functionality such as Data Collection, Images, Fulfillment, Forms, etc.
- Assigned permission to access individual portfolios. If the user has "Portfolios: All Access" feature access, then there's no need to specify individual portfolio access.
Only a user with the "Portfolios: All Access" feature -- or the owner flag -- will be able to (a) see the "Dashboard" and (b) create a new portfolio.
When a user logs in who doesn't have "Portfolios: All Access" and isn't an owner, one of three things will happen:
- If they have access to ZERO portfolios, the console takes them to the Portfolios page, but instead of showing an empty portfolios table, we show them a friendly message ("Welcome to ion. Please choose one of the options from the menu bar above").
- If they have access to EXACTLY ONE portfolio, the console takes them directly to that Portfolio.
- If they have access to TWO OR MORE portfolios, the console takes them to the Portfolios page, but this time it displays the portfolio choices (but not the "+ portfolio" button).
If a user has the "Portfolios: All Access" feature but is not an owner, the "Capacity" gauge on the dashboard will not be clickable.
Everything under the "Settings" menu is ONLY available to account owners -- with the exception of "Change Password", which is available to everyone.
If a user is not an owner, access to individual pages in the console is determined by the feature keys and portfolios selected on the Add/Edit User page.
Only Libraries and Data Management menu options that were checked will be visible. If no Libraries options are checked, then the Libraries option is not displayed. If a user attempts to use bookmarked (or favorite) links to view or access pages with features or portfolios that they do not have access to, they'll be redirected back to the Portfolios page.
Permission Groups & Roles
Permission Groups give console owners more options for the level of access granted to ion platform users. In addition to the individual portfolio-by-portfolio access previously available in the platform, console owners can now give users access to named Groups of portfolios and to specific features as well. This makes assigning access faster and more scalable as portfolios and feature access can be added to a certain Group to give users access to those portfolios and features instead of having to enable access to new portfolios every time they are added to the console.
Permission Groups can also be assigned via single sign-on (SSO) so that permissions can be specified within your identity provider for those Groups. In the past, SSO users would have to be given access to all portfolios however, with the addition of Permission Groups, access can be granted through your identity provider to specific portfolios and features instead of granting access to everything.
In addition to Permission Groups, console owners can assign specific Roles to users who have access to a given group. Please find a breakdown of these roles below.
- Create, edit, view, delete all Permission Groups
- Add a Portfolio to a Group or remove it from a Group
- Grant users the Portfolio Manager or Portfolio Editor role within a Permission Group
- Remove all access for a user within a Portfolio Group
- Configure SSO attribute → Portfolio Group access on consoles that support SSO
Permission Group Manager
- Create, edit, delete Portfolios for the Permission Groups they have access to
- Full access to view, edit, add and delete within features they have access to (i.e. libraries, data management, etc.)
Permission Group Editor
- Edit existing Portfolios in the Permission Groups they have access to
- View and edit within features (i.e. libraries, data management, etc.) they have access to but cannot add or delete items within those features
- Please note that these are optional features and are not required for all users to utilize. Should you prefer to keep access defined on a portfolio-by-portfolio basis, you can continue to do so.