21. User management

OpenCRVS offers an intuitive and user-friendly interfaces to efficiently administer and control user access and roles. Supporting administrators to create, edit, and manage user profiles, and provides a suite of tools for maintaining security and system integrity. This includes functions like password resets, username reminders, and user deactivation/reactivation.

Outlined below are main features to support system administrators in their role:

Organisation

Accessible from the side navigation for user with scope:organisation.read-locations:all or scope:organisation.read-locations:my-jurisdiction or scope:organisation.read-locations:my-office the Organisation view facilitates seamless navigation through the administrative structure of the user's country.

The different organisation scope control if a user can view all county office team pages, Jonathanst their jurisdiction of just their own office.

This feature serves as a user-friendly tool for locating specific administrative locations, such as the Registration Office within a particular district, making the exploration of administrative hierarchies efficient and straightforward.

Office

The Office view displays a list of users assigned to the Registration Office, including their respective roles and statuses. Scopes: user.read:all , user.read:my-jurisdiction , user.read:my-office control if the logged in user can navigate to a user's profile page that logs their audit history.

Create user

From the Office team view a user with user.create:all or user.create:my-jurisdictioncan create a new user account.

• A user with user.create:all can create and assign a user to any office. A u

• A user with user.create:my-jurisdiction can only create and assign users to an office in the same jurisdiction as thmeselves

  • eg. Admin user is in a State Office. Therefore they can create and assign users to any District office within the State

The required details for creating a new user include:

• First name(s)

• Last name

• Phone number

• Email address

• National Identification Number (NID)

• Role

• Digital signature (only if the new user’s role is a Registrar or National Registrar)

• Device

Upon confirmation, the newly created user receives login instructions, including their username and a temporary password, via SMS or email based on the system's configuration. For a detailed understanding of the process for a new user logging into OpenCRVS for the first time, please refer to the Onboarding section.

Usernames are generated automatically, based on the user's first name(s) and last name. For example, a user named Jane Smith would have the username: j.smith.

The creation of a new user is diligently logged and securely stored in User Audit.

Edit user

From the Office view or User Audit view a user with user.update:all or user.update:my-jurisdictionhave the ability to modify user details. They can do this by locating the user, clicking on the submenu button (represented by three dots), and selecting the “Edit user” option. The editable details encompass:

• Assigned office

• First name(s)

• Last name

• Phone number

• Email address

• National Identification Number (NID)

• Role

• Digital signature (applicable only if the user’s role is a Registrar or National Registrar)

• Device

Every modification is meticulously logged and securely stored in User Audit.

Send username reminder

Users have the option to request a reminder for their username independently. However, if they encounter difficulties, assistance is available from users with scopes:user.update. Administrators can locate the user in the system and select the "Send username reminder" option from the menu. Based on the system's configuration, the user will then receive an SMS or an email containing their username.

All instance of a username reminder being sent is logged and stored in User Audit.

Reset user password

Users have the ability to reset their own passwords. However, if they encounter difficulties a user with scopes:user.update can assist. The administrator can locate the user in the system and select the “Reset password” option from the menu. Depending on the system configuration, this action will trigger an SMS or an email containing a temporary password, which enables the user to undergo the onboarding steps once again.

All instances of password resets are diligently logged and stored in User Audit. This provides a clear record of all password alterations and ensures the system's ongoing integrity.

Deactivate

User access can be effectively managed by deactivation. A user with scopes:user.update can locate the user in the system and select the “Deactivate” option from the user menu.

Upon selecting this option, the administrator is prompted to record a reason for deactivation:

• No longer an employee

• Being investigated due to suspicious activity on their account

• Other (please provide a reason in the comments)

Administrators can also add any additional comments for clarity. Upon confirmation, the user's access is revoked, making the system inaccessible to them. However, if circumstances change, a deactivated user can be reactivated users with scopes:user.update

For auditing purposes, a log is generated whenever a user is deactivated. This audit trail is stored in User Audit, providing a transparent record of all user access changes