Speaking of users...

The user management page allows the company administrator to view the names, emails, status, quantity, and registration page of each user, as well as assign applications and associate users with groups. The audit report records all changes to users.

It is also from the Manage Users page that the procedure to add new users manually to the context begins.

The possible TOTVS Identity account statuses are:

Activated: the created/imported user is active and can access the context.
Invited: the created user has not yet accessed the context for the first time, and therefore the account is not active.
Deactivated: the corporate administrator has deactivated the created/imported user from the context; therefore, the user can no longer access it.
Blocked: the created/imported user is unable to access the company as they have exceeded the limit of unsuccessful attempts set by the company policy.

The available roles for accounts in TOTVS Identity are:

Administrator: this type of account ensures access to user management, groups, applications, and other settings of the company context in Identity.
Regular user: this type of account allows access to the navigable applications or those assigned to the user by the administrator and to the user's personal profile.

Query users

01. Access the Users menu.

A list is displayed with all users registered in the company context in TOTVS Identity, both those imported from an Active Directory and those created manually. Next to each user's name, you can check the account type (Regular user or Administrator) and the status in the company (Activated, Invited, Deactivated, or Blocked).

Search users

01. Access the Users menu.

02. In the Search user field, choose whether the search will be by email, by first name or last name, or by username.

03. Enter the text to be searched.

Filter users

01. Access the Users menu.

02. Click the Filter button.

03. In the Filter users area, modify the filters as needed and click the Apply filter button.

The available options are:

Filter by type: allows filtering by regular users or administrators.
Filter by status: allows filtering by status in the company (Activated, Invited, Deactivated, or Blocked).

04. To remove the applied filters and view the complete list again, click Clear filters.

Export users

01. Access the Users menu.

02. Modify the filters as needed.

03. Click the Export button.

04. In the confirmation message, click the Export option.

The records displayed on the page when clicking the Export button are exported to a CSV file. The email address of the administrator who requested the report receives a link valid for 48 hours, for downloading the exported file.

05. Access the email and click the link to download the report.

The browser should automatically present the option to save a file in CSV format. If this does not occur, in the open tab, click the Download option.

The CSV file contains the email, identifier, full name, role (regular user or administrator), and the status at the time of generating the report.

Add user

^{These steps refer to the manual addition of users at a company using TOTVS Identity. To learn about importing users from Active Directory, please refer to the Active Directory documentation.}

01. Access the Users menu.

02. Click the Add User button.

03. Enter the requested information in the Account Data tab.

The requested information is:

First Name
User's first name

Last Name
User's last name

Would you like to enable access with a username?
^{You can only view this field by enabling username access for the company.}
By enabling this option, the user accesses the system using a username instead of an email. This access method is only available for regular users.

Username
^{You can only view this field if you enable username access.}
Login used for authentication in Identity and TOTVS applications. This login must meet the following requirements: be up to 150 characters long, not start or end with special characters, and be unique within the company.

Email
^{Disable username access to view this field.}
Email address to be used for authentication in Identity and TOTVS applications. The email address must be valid and unique for each account in the context.

Would you like to make this user an administrator?
By enabling this option, it defines that this user will have an administrator role, managing users, groups, applications, and other settings in the Identity context.

In the Activation Options section, you can select the method of account activation. The available options are:

Invitation Email: When checked, the user can activate the account through a link in the invitation sent to their email.
Temporary Password: When checked, the account becomes active as soon as the administrator completes the registration. To view the generated temporary password, the administrator must access the user view page. No invitation is sent via email in this activation mode.

Both activation methods require the user to create a personal password to access the context.

You can configure which of the authentication methods is pre-selected in the new user registration on the New Accounts page (documentation in Portuguese language).

You can only view the Custom Fields section by creating fields in the Identity Customization feature.

04. Click the Groups tab and check the groups that you can associate with the user.

By default, the user is automatically associated with the Everyone group, which includes all users in the company. You can use the search to filter if there are many registered groups.

By associating the user with the groups, all linked applications are automatically associated with the user.

05. Click the Applications tab and check the applications that you can associate with the user.

The user is automatically associated with the applications linked to the Everyone group and any other groups they are added to. You can use the search to filter the desired applications.

06. Click Add User to finish adding the user.

View user

^{The user data page gathers registration information and allows the administrator to take a series of actions related to the user's account, such as resending the invitation via email, resetting the MFA configuration, changing the user type, associating groups, assigning applications, provisioning in Active Directory, deactivating the account, among others.}

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the data.

Name
Single field for the user's first and last name.

For users synchronized with Active Directory, the First Name is considered up to the first space. The following terms are considered Last Name. For example: If the name entered in this field is Luis Fernando da Silva, the first name is Luis, and Fernando da Silva is considered the last name.

Email or Username
Email or name used for the user's access to the company context in Identity.

User Type
The existing types are: administrator or regular user.

Administrator: this type of account ensures access to user management, groups, applications, and other settings in the Identity context.
Regular user: this type of account allows access to navigable applications or those the administrator has assigned to the user and to the user's personal profile.

Status
The user can be Activated, Invited, Deactivated, or Blocked. Below the status, you can view the date of the last change in the user's status.

Department
Department linked to the user.

Temporary Password
The interface displays the temporary password only if the user has not yet changed the temporary password generated by the administrator.

Custom Fields
^{You can only view the Custom Fields section if created fields exist in the Identity Customization feature.}
If there are custom fields, these fields appear for consultation below the user's registration information.

Groups
Number of groups to which the user has been associated.

Applications
Number of applications assigned to the user.

Active Directory Provisioning
Status of users imported from Active Directory. Allows for the provisioning of the account in Active Directory, if a directory is linked to the context.

MFA Authentication
Indicates the status of multi-factor authentication access for this user: Disabled, Configured, and Not Configured.

Edit user

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click the Edit icon and change the desired information.

The information that you can edit includes: Username, User Type, Department, and custom fields (if any). The administrator cannot edit the email or username.

04. Click Save to confirm the changes.

Export personal data

01. Access the Users menu.

02. Find the desired user in the list.

03. Click the Export icon.

04. Enter the user's email as confirmation.

05. Click Export to confirm it.

The data for the respective user related to the current company is downloaded in a JSON file. In this file, you can review the entire history of views and changes to the user's personal data.

User Groups

Associate User with Groups

01. Access the Users menu.

02. Find the desired user in the presented list.

03. Click More options located in the user's row and select the Associate groups option.

The interface presents a list with all the groups registered in the context of the company in TOTVS Identity, both those imported from Active Directory and those created manually.

04. Select the area corresponding to the group that you must add and click Associate groups to confirm it.

Manage Groups

01. Access the Users menu.

02. Locate the desired user in the presented list.

03. Click More options located in the user's row and select the Manage groups option.

The interface presents a list with all the groups to which the user is associated.

04. Locate the groups from which you want to remove the user and click Remove group .

User Applications

Add Applications

01. Access the Users menu.

02. Locate the desired user on the presented list.

03. Click More options located in the user's row and select the Associate applications option.

The interface presents a list with all the applications registered in the context of the company in TOTVS Identity.

04. Locate the desired applications on the list or use the Search applications field to find them.

05. Select the area corresponding to the application you want to assign and click Associate applications.

Manage Applications

01. Access the Users menu.

02. Locate the desired user in the presented list.

03. Click More options located in the user's row and select the Manage applications option.

The interface lists the applications assigned directly to the user's account or associated with the user's groups. Through this screen, the user can only remove the applications they are associated with.

04. Locate the applications you want to remove, click More options , and then click Remove application.

Active Directory Provisioning

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or on the View icon to open the respective page with the user's data.

The Active Directory Provisioning panel displays the provisioning status of the user in Active Directory.

Provisioning enabled : Displays the AD in which the user is provisioned and the More details option to consult the Active Directory data (Account domain, Root DN, ObjectGUID, and ImmutableID).
Provisioning not configured : The Provision option is presented in order to create the user in one of the AD directories linked to the context of TOTVS Identity.
Provisioning available for configuration : If no ADs are linked to the company's context in Identity, the panel displays no information, and the background color is gray.

Consult Details

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the user's data.

04. In the Active Directory Provisioning panel, click the button and then More details.

The Account domain, Root DN, ObjectGUID, and ImmutableID of the user synchronized with Active Directory are listed for queries.

Provision User

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the user's data.

04. In the Active Directory Provisioning panel, click the button and then Provision Active Directory.

05. Fill in the account data fields to provision the user for Active Directory.

The data required for provisioning are:

Active Directory
Select the desired directory from those linked in Identity.

Root DN and Account Domain
The Root DN and Account Domain fields are automatically filled based on the selected Active Directory, but you can edit them if desired.

Temporary Password and Re-enter Password
Enter the temporary password and repeat the password for confirmation. This password is assigned only to the user's account created in Active Directory.

06. Click Save.

A request is sent to Active Directory via SmartSync to create the user in the chosen domain. After provisioning, the user will be able to authenticate with the Active Directory password in this Identity context, provided that the company's administration has enabled this feature.

MFA Authentication

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

The MFA Authentication panel presents the status of this security feature for the user at issue.

MFA authentication enabled : The user has completed the configuration, and the administrator can use the Disable option in case of loss or theft of the user's device.
MFA authentication disabled : The user has not yet configured multifactor authentication on their account.

Disable User MFA Access

^{This option allows you to configure the multifactor authentication again, in case of device change or removal of the account previously registered in the My Safe ID application, for example.}

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the user's data.

04. In the MFA Authentication panel, click the button and then Disable.

05. Enter a justification and the password to confirm the action.

The justification is required and will be recorded in history. You may later consult it can in the audit report.

06. Click the Disable button.

If the user is part of a group with required MFA, they need to multifactor authentication again to be granted access to Identity.

Resend Invitation

^{This option is only displayed if the user status is Invited.}

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or on the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Resend invitation.

A new invitation message is sent to the user's email with a link to activate the account in this context of TOTVS Identity.

Temporary Password

This password is generated for users created from the temporary password activation option, or for password reset in cases where the user does not have an email registered and, consequently, cannot reset the password via the login screen.

Copy Temporary Password

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or on the View icon to open the respective page with the user's data.

04. Locate the Temporary Password field and click Copy temporary password .

After selecting this option, the authenticated user copies the temporary password to their clipboard, which must pass it on to the user who needs access to Identity. Upon first login, the user is required to change this password.

Reset Password

^{This function is only allowed for users without an email. When a temporary password is generated for the user, they automatically can no longer access with the previous password.}

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Reset password.

After selecting this option, a temporary password will be presented to the administrator. This password must be provided to the user so they can log in normally. Upon first login, the user is required to change this password.

Temporary Deactivation

This feature allows deactivating the user for a predefined period and after this period, to be automatically reactivated in TOTVS Identity.

Plan Temporary Deactivation

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or on the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Temporary Deactivation.

05. Fill in the information required.

Start Date
The date when you want to deactivate the user. If you set the current date as the start date, the deactivation may take a few hours to execute.

End Date
The date when you want to reactivate the user.

Description
Optional field to include more information about the deactivation.

06. Click Deactivate.

After saving, the user's data screen displays the temporary deactivation period.

Temporary deactivation does not synchronize the status of the deactivated user in TOTVS Identity with Active Directory.

Change Temporary Deactivation Period

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. Locate the Temporary Deactivation field and click Edit deactivation .

05. Adjust the needed information.

06. Click Deactivate.

The user's data screen displays the temporary deactivation period.

Remove Temporary Deactivation Period

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the user's data.

04. Locate the Temporary Deactivation field and click Remove deactivation .

The user is not deactivated during the previously defined period.

Deactivate User

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Deactivate user.

05. Click Deactivate to confirm the deactivation.

After confirming, the user can no longer access the context in which they were deactivated, unless an administrator reactivates them.

In contexts where the option Synchronize user status changes from Identity to Active Directory is enabled, the user is also deactivated in Active Directory.

Reactivate User

^{This option is only available if the user status is Deactivated.}

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Activate user.

05. Click Activate to confirm the activation.

The user regains full access to the account in the context.

Delete User

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the user's data.

04. In Actions, click Delete user .

05. To confirm the deletion, click Delete.

After confirming, the user's account is completely removed from the company and cannot be restored. The user no longer has access to the context of the TOTVS Identity from which you have removed them.

If the deleted user was imported from Active Directory, their account is automatically included in the Rejected list.

In the process of deleting a user, there are asynchronous steps, and we also highlight that removing records can be resource-intensive regarding database processing time. Therefore, there may be a variation in the time it takes to delete each user from TOTVS Identity. For this reason, we recommend refreshing the page after confirming the deletion to make sure the user at issue is indeed removed.

Unlock User

^{This option is only available if the user status is Locked, meaning they have been locked due to excessive login attempts.}

01. Access the Users menu.

02. Locate the desired user on the list.

03. Click the user's name or the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Unlock.

05. In the confirmation window, click Unlock.

This way, the user is able to return to the login screen to authenticate or use the Forgot your password? option.

If the user has a password reset email configured, they can unlock themselves through the personal password recovery option.

<!-- Hotjar Tracking Code for http://tdn.totvs.com/display/fb -->
<script>
    (function(h,o,t,j,a,r){
        h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};
        h._hjSettings={hjid:1280165,hjsv:6};
        a=o.getElementsByTagName('head')[0];
        r=o.createElement('script');r.async=1;
        r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;
        a.appendChild(r);
    })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');
</script>