Português Espanhol Inglês


Speaking of users...

The user management page allows the company administrator to view the names, emails, status, quantity, and registration page of each user, as well as assign applications and associate users with groups. All changes to users are recorded in the audit report (documentation in Portuguese language).

It is also from the Manage Users page that the procedure to manually include new users in the context is initiated.

The possible status for accounts in TOTVS Identity are:

The available roles for accounts in TOTVS Identity are:


Consult users

01. Access the Users menu.

A list will be displayed with all users registered in the company context in TOTVS Identity, both those imported from an Active Directory and those created manually. Next to each user's name, you can check the account type (Regular user or Administrator) and the status in the company (Activated, Invited, Deactivated, or Blocked).


Search users

01. Access the Users menu.

02. In the Search user field, choose whether the search will be by email, by first name or last name, or by username.

03. Enter the text to be searched.


Filter users

01. Access the Users menu.

02. Click the Filter button.

03. In the Filter users area, modify the filters as needed and click the Apply filter button.

The available options are:

  • Filter by type: allows filtering by regular users or administrators.
  • Filter by status: allows filtering by status in the company (Activated, Invited, Deactivated, or Blocked).

04. To remove the applied filters and view the complete list again, click Clear filters.


Export users

01. Access the Users menu.

02. Modify the filters as needed.

03. Click the Export button.

04. In the confirmation message, click the Export option.

The records displayed on the page at the moment the Export button was clicked will be exported to a CSV file. A link valid for 48 hours is sent to the email address of the administrator who requested the report for downloading the exported file.

05. Access the email and click the link to download the report.

The browser should automatically present the option to save a file in CSV format. If this does not occur, in the open tab, click the Download option.

The CSV file contains the email, identifier, full name, role (regular user or administrator), and the current status at the time of generating the report.


Add user

These steps refer to the manual inclusion of users in a company using TOTVS Identity. To learn about importing users from Active Directory, please refer to the Active Directory documentation.

01. Access the Users menu.

02. Click the Add User button.

03. Enter the requested information in the Account Data tab.

The requested information is:

First Name
User's first name

Last Name
User's last name

Would you like to enable access with a username?
This field is displayed only if username access is enabled for the company.
By enabling this option, the user will access the system using a username instead of an email. This access method is only available for regular users.

Username
This field is displayed only if username access is enabled.
Login used for authentication in Identity and TOTVS applications. This login must meet the following requirements: be up to 150 characters long, not start or end with special characters, and be unique within the company.

Email
This field is displayed only if username access is disabled.
Email address that will be used for authentication in Identity and TOTVS applications. The email address must be valid and unique for each account in the context.

Would you like to make this user an administrator?
By enabling this option, it defines that this user will have an administrator role, managing users, groups, applications, and other settings in the Identity context.

In the Activation Options section, the method of account activation is selected. The available options are:

  • Invitation Email: When checked, account activation is performed through a link contained in the invitation sent to the user's email.
  • Temporary Password: When checked, account activation is performed as soon as the registration is completed by the administrator. To view the generated temporary password, the administrator must access the user view page. No invitation is sent via email in this activation mode.

Both activation methods require the user to create a personal password to access the context.

It is possible to configure which of the authentication methods will be pre-selected in the new user registration on the New Accounts page (documentation in Portuguese language).

The Custom Fields section is displayed only if there are fields created in the Identity Customization feature.

04. Click the Groups tab and check the groups that should be associated with the user.

By default, the user is automatically associated with the Everyone group, which includes all users in the company. It is possible to use the search to filter if there are many registered groups.

By associating the user with the groups, all linked applications will be automatically associated with the user.

05. Click the Applications tab and check the applications that should be associated with the user.

The user is automatically associated with the applications linked to the Everyone group and any other groups they are added to. It is possible to use the search to filter the desired applications.

06. Click Add User to complete the user inclusion.


View user

The user data page gathers registration information and allows the administrator to take a series of actions related to the user's account, such as resending the invitation via email, resetting the MFA configuration, changing the user type, associating groups, assigning applications, provisioning in Active Directory, deactivating the account, among others.

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or the View icon to open the respective page with the data.

Name
Single field for the user's first and last name.

For users synchronized with Active Directory, the First Name will be considered up to the first space. The following terms will be considered Last Name. For example: If the name entered in this field is Luis Fernando da Silva, the first name will be Luis, and Fernando da Silva will be considered the last name.

Email or Username
Email or name used for the user's access to the company context in Identity.

User Type
The existing types are: administrator or regular user.

  • Administrator: this type of account ensures access to user management, groups, applications, and other settings in the Identity context.
  • Regular user: this type of account allows access to navigable applications or those assigned to the user by the administrator and to the user's personal profile.

Status
The user can be Activated, Invited, Deactivated, or Blocked. Below the status, the date of the last change in the user's status is presented.

Department
Department linked to the user.

Temporary Password
The temporary password is displayed only if the user has not yet changed the temporary password generated by the administrator.

Custom Fields
The Custom Fields section is only presented if there are fields created in the Identity Customization feature.
If there are custom fields, these fields appear for consultation below the user's registration information.

Groups
Number of groups to which the user has been associated.

Applications
Number of applications assigned to the user.

Active Directory Provisioning
Status of users imported from Active Directory. Allows for the provisioning of the account in Active Directory, if there is a directory linked to the context.

MFA Authentication
Indicates the status of multi-factor authentication access for this user: Disabled, Configured, and Not Configured.


Edit user

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click the Edit icon and change the desired information.

The information that can be changed includes: Username, User Type, Department, and custom fields (if any). The email or username cannot be changed by the administrator.

04. Click Save to confirm the changes.


Export personal data

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click the Export icon.

04. Enter the user's email as confirmation.

05. Click Export to confirm.

The data for the respective user related to the current company will be downloaded in a JSON file. In this file, it is possible to review the entire history of views and changes that have occurred in the personal data related to this user.


User Groups

Associate User with Groups

01. Access the Users menu.

02. Locate the desired user in the presented list.

03. Click More options located in the user's row and select the Associate groups option.

A list is presented with all the groups registered in the context of the company in TOTVS Identity, both those imported from Active Directory and those created manually.

04. Check the area corresponding to the group that should be included and click Associate groups to confirm.


Manage Groups

01. Access the Users menu.

02. Locate the desired user in the presented list.

03. Click More options located in the user's row and select the Manage groups option.

A list is presented with all the groups to which the user has been associated.

04. Locate the groups from which you want to remove the user and click Remove group .


User Applications

Add Applications

01. Access the Users menu.

02. Locate the desired user in the presented list.

03. Click More options located in the user's row and select the Associate applications option.

A list is presented with all the applications registered in the context of the company in TOTVS Identity.

04. Locate the desired applications in the list or use the Search applications field to find them.

05. Check the area corresponding to the application you want to assign and then click Associate applications.


Manage Applications

01. Access the Users menu.

02. Locate the desired user in the presented list.

03. Click More options located in the user's row and select the Manage applications option.

The applications assigned directly to the user's account or associated with the user's groups will be listed. Only the applications associated with the user can be removed through this screen.

04. Locate the applications you want to remove, click More options , and then click Remove application.


Active Directory Provisioning

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

The Active Directory Provisioning panel displays the provisioning status of the user in Active Directory.

  • Provisioning enabled : Displays the AD in which the user is provisioned and the More details option to consult the Active Directory data (Account domain, Root DN, ObjectGUID, and ImmutableID).
  • Provisioning not configured : The Provision option is presented for the user to be created in one of the AD directories linked to the context of TOTVS Identity.
  • Provisioning available for configuration : If there are no ADs linked to the company's context in Identity, no information will be displayed in the panel, and the background color will be gray.


Consult Details

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. In the Active Directory Provisioning panel, click the button and then More details.

The Account domain, Root DN, ObjectGUID, and ImmutableID of the user synchronized with Active Directory will be listed for consultation.


Provision User

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. In the Active Directory Provisioning panel, click the button and then Provision Active Directory.

05. Fill in the account data fields to provision the user for Active Directory.

The necessary data for provisioning are:

Active Directory
Select the desired directory from those linked in Identity.

Root DN and Account Domain
The Root DN and Account Domain fields are automatically filled based on the selected Active Directory but can be edited if desired.

Temporary Password and Re-enter Password
Enter the temporary password and repeat the password for confirmation. This password will be assigned only to the user's account created in Active Directory.

06. Click Save.

A request will be sent to Active Directory via SmartSync to create the user in the chosen domain. After provisioning, the user will be able to authenticate with the Active Directory password in this Identity context, provided that the company's administration has enabled this feature.


MFA Authentication

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

The MFA Authentication panel presents the status of this security feature for the user in question.

  • MFA authentication enabled : The configuration has been completed by the user, and the Disable option can be used by the administrator in case of loss or theft of the user's device.
  • MFA authentication disabled : The user has not yet configured multifactor authentication on their account.


Disable User MFA Access

This option allows the multifactor authentication configuration to be done again in case of device change or removal of the account previously registered in the My Safe id application, for example.

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. In the MFA Authentication panel, click the button and then Disable.

05. Enter a justification and the password to confirm the action.

The justification is mandatory and will be recorded in history; it can later be consulted in the audit report.

06. Click the Disable button.

If the user is part of a group with mandatory MFA, it is necessary to configure multifactor authentication again for access to Identity to be granted.


Resend Invitation

This option is only displayed if the user is in the Invited status.

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Resend invitation.

A new invitation message is sent to the user's email with a link to activate the account in this context of TOTVS Identity.


Temporary Password

This password is generated for users created from the temporary password activation option, or for password reset in cases where the user does not have an email registered and, consequently, cannot reset the password via the login screen.


Copy Temporary Password

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. Locate the Temporary Password field and click Copy temporary password .

After selecting this option, the temporary password is copied to the clipboard of the authenticated user and must be passed on to the user who needs access to Identity. Upon first login, the user is required to change this password.


Reset Password

This function is only allowed for users without an email. When a temporary password is generated for the user, they automatically can no longer access with the previous password.

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Reset password.

After selecting this option, a temporary password will be presented to the administrator. This password must be provided to the user so they can log in normally. Upon first login, the user is required to change this password.


Temporary Deactivation

This feature allows the user to be deactivated for a predefined period and after this period, to be automatically reactivated in TOTVS Identity.

Plan Temporary Deactivation

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. In Actions, click More options and then Temporary Deactivation.

05. Fill in the necessary information.

Start Date
The date when the user should be deactivated. If the configured start date is the current date, the deactivation may take a few hours to execute.

End Date
The date when the user should be reactivated.

Description
Optional field to include more information about the deactivation.

06. Click Deactivate.

After saving, the temporary deactivation period will be displayed on the user's data screen.

Temporary deactivation does not synchronize the status of the deactivated user in TOTVS Identity with Active Directory.


Change Temporary Deactivation Period

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. Locate the Temporary Deactivation field and click Edit deactivation .

05. Adjust the necessary information.

06. Click Deactivate.

The temporary deactivation period will be displayed on the user's data screen.


Remove Temporary Deactivation Period

01. Access the Users menu.

02. Locate the desired user in the list.

03. Click on the user's name or on the View icon to open the respective page with the user's data.

04. Locate the Temporary Deactivation field and click Remove deactivation .

The user will not be deactivated during the previously defined period.


Desativar usuário

01. Acione o menu Usuários.

02. Localize o usuário desejado na lista.

03. Clique sobre o nome do usuário ou sobre o ícone Visualizar para abrir a respectiva página com os dados do usuário.

04. Em Ações, acione Mais opções e então Desativar usuário.

04. Confirme a desativação acionando Desativar.

Após confirmar, o usuário não terá mais acesso ao contexto em que foi desativado, a menos que seja reativado por um administrador.

Nos contextos em que a opção Sincronizar mudanças no estado do usuário do Identity para o Active Directory esteja ativada, o usuário também será desativado no Active Directory.


Reativar usuário

Essa opção só é apresentada caso o usuário esteja com a situação Desativado.

01. Acione o menu Usuários.

02. Localize o usuário desejado na lista.

03. Clique sobre o nome do usuário ou sobre o ícone Visualizar para abrir a respectiva página com os dados do usuário.

04. Em Ações, acione Mais opções e então Ativar usuário.

04. Confirme a ativação acionando Ativar.

O usuário volta a ter acesso completo à conta no contexto.


Excluir usuário

01. Acione o menu Usuários.

02. Localize o usuário desejado na lista.

03. Clique sobre o nome do usuário ou sobre o ícone Visualizar para abrir a respectiva página com os dados do usuário.

04. Em Ações, acione Excluir usuário .

04. Para confirmar a exclusão, acione Excluir.

Após confirmar, a conta do usuário será totalmente removida da empresa e não poderá ser restaurada. O usuário não terá mais acesso ao contexto do TOTVS Identity do qual foi removido.

Caso o usuário excluído tenha sido importado a partir do Active Directory, sua conta será automaticamente incluída na lista de Rejeitados.

No processo para excluir um usuário existem etapas que são assíncronas e também destacamos que remover registros pode ser oneroso em relação ao tempo do processamento do banco de dados. Com isso, pode haver variação de tempo na exclusão para cada usuário do TOTVS Identity, por este motivo, recomendamos que após a confirmação da exclusão, o usuário atualize a página para validar de fato que o usuário em questão foi removido.


Desbloquear usuário

Essa opção só é apresentada caso o usuário esteja com a situação Bloqueado, ou seja, tenha sido bloqueado por excesso de tentativas de login.

01. Acione o menu Usuários.

02. Localize o usuário desejado na lista.

03. Clique sobre o nome do usuário ou sobre o ícone Visualizar para abrir a respectiva página com os dados do usuário.

04. Em Ações, acione Mais opções e então Desbloquear.

05. Na janela de confirmação, acione Desbloquear.

Com isso, o usuário estará poderá voltar a tela de login para autenticar-se ou acionar a opção Esqueceu sua senha?.

Caso o usuário tenha um e-mail de reset de senha configurado, ele próprio consegue realizar o desbloqueio pela opção de recuperação de senha pessoal.



<!-- Hotjar Tracking Code for http://tdn.totvs.com/display/fb -->
<script>
    (function(h,o,t,j,a,r){
        h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};
        h._hjSettings={hjid:1280165,hjsv:6};
        a=o.getElementsByTagName('head')[0];
        r=o.createElement('script');r.async=1;
        r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;
        a.appendChild(r);
    })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');
</script>