Adding User Accounts

You must create a user account for each user who needs access to Archer.

On this page

Adding new accounts

Each Archer user must have an account to log on to the system.

New user accounts

All new user accounts must have a unique password, generated under 1 of the following sets of circumstances:

  • The system administrator assigns the password manually. It is strongly recommended that you enable the Force Password Change with the Next Sign-In option in Archer for all new user accounts. Configuring this option requires the user to change the password after the first successful logon attempt.
  • If the single sign-on feature is in place on your system, Archer automatically creates a random password for each new user.

Important: It is strongly recommended that you ensure users are approved for logging on to the system before creating an account for them. Even when users are approved, it is recommended that you only assign the minimum set of access permissions for users to perform their job.

New user account with system administrator privileges

It is recommended that you create a new user account and assign the System Administrator access role to it. This access role grants the account all rights within Archer.

Important: It is recommended that before issuing this account, you ensure that the user is approved for full access to the system.

Platform user accounts

Archer enforces the password strength, logon, and session time-out policies specified by the security parameters defined in the Administration workspace.

These security parameters are enforced by Archer across all user accounts except the sysadmin and service accounts. It is strongly recommended that you instruct your administrators on your corporate IT policy and security best practices for generating and managing passwords for all accounts.

The following table shows the default security parameters settings for password strength.

Parameter

Setting

Minimum password length

9 characters

Alpha characters required

2 characters

Numeric characters required

1 character

Special characters required

1 character

Uppercase characters required

1 character

Lowercase characters required

1 character

Password change interval

90 days

Previous passwords disallowed

20 passwords

Grace logons

0 logon

Maximum failed logon attempts

3 attempts

Session time-out

10 minutes (sysadmin account)

10 minutes (user account)

30 minutes (service account)

Account lockout period

999 days

It is recommended that you treat these settings as the minimum requirement for enforcing strong passwords and secure sessions in Archer.

Regardless of the security parameter settings, Archer passwords cannot contain more than:

  • 3 consecutive matching characters, for example aaaa.
  • 3 consecutive characters from the user name.

Important: If you activate the Account Lockout Message option in the Archer Control Panel, the message displayed to the user indicates a locked Archer account. Deactivate this option to prevent unauthenticated users from accessing status information about Archer user accounts.

Add a user account

  1. From the menu, click Admin menu > Access Control > Users.
  2. Click Add New.

  3. In the General Information section, enter the name of the user, the user name for log on, and the domain.

    The following table describes each property.

    Property

    Description

    First Name, Middle Name, and Last Name

    The valid name of the user. First and last names are required.

    User Name

    A 7 character system-defined name in all lowercase. The user name contains the first 6 characters of the Last Name followed by the first character of the First Name. If the Last Name is fewer than 6 characters, the system uses additional characters from the First Name to make a 7 character user name. If the user name is not unique in the domain, the system appends a number (up to 999) to the end of the name to make the name unique.

    User Domain

    If your Archer instance has 1 or more Lightweight Directory Access Protocol (LDAP) configurations defined, select the domain to which the user is a member. To use the Archer domain, select No Domain.

  4. (Optional) In the Contact Information section, enter the default email address and any other pertinent information for contacting the user.

  5. In the Localization section, the time zone and locale defaults to the settings configured in the Archer Control Panel. If the time zone and locale of the user differ from the default settings, you can manually override the options.

    The following table describes the options.

    Option

    Description

    Time Zone

    The time zone for the location of the user. Time is based on Coordinated Universal Time (UTC). All time is stored as UTC and converted based on the time zone of the user.

    Locale

    The physical location of the user.

    Manually select a language

    Overrides the default language set for the instance. When you select this option, you must specify the language.

  6. In the Account Maintenance section, enter the user password and assign the security parameter for this user.

    The following table describes each property.

    Property

    Description

    Status

    The current status of the user account. The options are Active, Inactive, or Locked.

    Password

    For new user accounts, the password must be entered and confirmed. These entries must match exactly. The password must conform to the default security parameter password rules.

    For existing user accounts, use the Change Password link to change the password manually.

    The Send user a notification with password information option enables Archer administrators to notify new users that the user account has been setup with a temporary password and may require a password change.

    Force Password Change

    Determines whether the user is forced to change the password the next time the user logs in.

    Security Parameter

    The security parameter assigned to the user. A user can only have 1 security parameter assigned at a time.

    Notifications, Subscriptions

    Enables users to select the records and applications for which they want to receive notifications when an update occurs.

    Default Home Page

    Set a user’s default home page that allows the user to select a dashboard of their choice or a dashboard based on user profile, role or group, in that order of preference.

    If the user belongs to multiple roles or groups, the home page is based on the most recently assigned role or group. Once the user logs in, the selected home page becomes default and any changes to the home page of the role or the group do not affect the user's default home page.

    If the user's permission to access the dashboard assigned to the home page is revoked, a message appears upon log in allowing them to select a new home page.

    If the administrator sets the default home page while the user is logged in, the user must click the Home button to refresh the home page setting. If the user changes the default home page selection, the change is applied upon clicking Save.

    Default Home Dashboard

    Sets which dashboard displays on the default home page.

     

    Enable Advanced Workflow Actions by Email for this user

    Allows this user to complete simple advanced workflow actions from their email.

    To use Advanced Workflow Actions by Email you must meet the following criteria:

    • Have a user account with Actions by Email enabled. For more information, see Adding User Accounts or Updating User Accounts.
    • Enable Actions by Email in all applicable applications, questionnaires, notification templates, and advanced workflows.
    • Configure the Archer Control Panel to enable Actions by Email for on-premises deployments. This step is not required for SaaS deployments. For more information, see "Configuring Advanced Workflow Actions by Email" in the Archer Control Panel Help.
    • Configure your email service to use the Transport Layer Security (TLS) encryption protocol, which is enforced by the Amazon Web Services (AWS) mail service for SaaS deployments. This step is not required for on-premises deployments.

    Advanced Workflow Actions by Email is not supported for SaaS deployments in the APJ region. This feature relies on native services provided by AWS which are not currently available in APJ.
  7. (Optional) Select the Send user a notification with password information checkbox if you want to send the user an email notification of the password change.

    If you do not select this checkbox, you must inform the user of the new password. The Default Email address is used for the notification email.

  8. (Optional) In the Notes section, record any additional information about the user account, for example, list hours of availability or preferences for how the user should be contacted. Account notes appear when users click a linked user name in Archer to view the user profile.

  9. Click Save or Save and Close.

    • To apply the changes and continue working, click Save.
    • To save and exit, click Save and Close.