OpenCRVS offers an intuitive and user-friendly interfaces to efficiently administer and control user access and roles. Supporting administrators to create, edit, and manage user profiles, and provides a suite of tools for maintaining security and system integrity. This includes functions like password resets, username reminders, and user deactivation/reactivation.

Outlined below are main features to support system administrators in their role:

Organisation

Accessible from the side navigation for all users, excluding Field Agents, the Organisation view facilitates seamless navigation through the administrative structure of the user's country. This feature serves as a user-friendly tool for locating specific administrative locations, such as the Registration Office within a particular district, making the exploration of administrative hierarchies efficient and straightforward.

Office

Accessible via the side navigation for all users, with the exception of Field Agents and Performance Managers, the Office view displays a list of users assigned to a specific Registration Office, including their respective roles and statuses. Clicking on a user's name redirects to the User Audit page. Furthermore, System Administrators have the ability to perform certain actions from this view, which are detailed in the sections below.

Create user

From the Office team view, both Local and National System Admins have the capability to create a new user account. The required details for creating a new user include:

• First name(s)

• Last name

• Phone number

• Email address

• National Identification Number (NID)

• Role

• Digital signature (only if the new user’s role is a Registrar or National Registrar)

• Device

Upon confirmation, the newly created user receives login instructions, including their username and a temporary password, via SMS or email based on the system's configuration. For a detailed understanding of the process for a new user logging into OpenCRVS for the first time, please refer to the Onboarding section.

Usernames are generated automatically, based on the user's first name(s) and last name. For example, a user named Jane Smith would have the username: j.smith.

The creation of a new user is diligently logged and securely stored in User Audit.

Edit user

From the Office view or User Audit view, both Local and National System Admins have the ability to modify user details. They can do this by locating the user, clicking on the submenu button (represented by three dots), and selecting the “Edit user” option. The editable details encompass:

• Assigned office

• First name(s)

• Last name

• Phone number

• Email address

• National Identification Number (NID)

• Role

• Digital signature (applicable only if the user’s role is a Registrar or National Registrar)

• Device

Every modification is meticulously logged and securely stored in User Audit.

Send username reminder

Users have the option to request a reminder for their username independently. However, if they encounter difficulties, assistance is available from a Local or National System Admin. Administrators can locate the user in the system and select the "Send username reminder" option from the menu. Based on the system's configuration, the user will then receive an SMS or an email containing their username.

All instance of a username reminder being sent is logged and stored in User Audit.

Reset user password

Users have the ability to reset their own passwords. However, if they encounter difficulties, a Local or National System Admin can assist. The administrator can locate the user in the system and select the “Reset password” option from the menu. Depending on the system configuration, this action will trigger an SMS or an email containing a temporary password, which enables the user to undergo the onboarding steps once again.

All instances of password resets are diligently logged and stored in User Audit. This provides a clear record of all password alterations and ensures the system's ongoing integrity.

Deactivate

User access can be effectively managed by deactivation. This functionality is available to both Local and National System Administrators. They can locate the user in the system and select the “Deactivate” option from the user menu.

Upon selecting this option, the administrator is prompted to record a reason for deactivation:

• No longer an employee

• Being investigated due to suspicious activity on their account

• Other (please provide a reason in the comments)

Administrators can also add any additional comments for clarity. Upon confirmation, the user's access is revoked, making the system inaccessible to them. However, if circumstances change, a deactivated user can be reactivated by a Local or National System Admin.

For auditing purposes, a log is generated whenever a user is deactivated. This audit trail is stored in User Audit, providing a transparent record of all user access changes