1 Users
- 1.1 Create a User
- 1.2 Search
- 1.3 Edit
- 1.4 Change User Password
  - 1.4.1 Password Expiration
- 1.5 Import Users
  - 1.5.1 Add or Update User Criteria
- 1.6 Change External Authentication
- 1.7 Change Duo Two Factor Authentication

Users

A "user" is a person that the software is designed for and is using the software. The username is limited to 64 characters. The username entered when creating the user will be the username they will use to log into the USAS application.

Users are assigned one or more Roles. The roles assigned to the user thus determine the access that user will have in the system.

Create a User

From the System menu select 'User'
Click on
Enter in required user information
- Enter the Username of User.
- Enter the Name of the User.
- A Title and Email address may be entered if desired.
Select the Assigned Role(s) for the User. Can grant User one or more roles.
1. highlight desired roles
Select a Filter from the drop down. The filter is pulled from an account filter stored in the 'Account Filters' option under UTILITIES.
1. When an Account Filter is applied to a User, that user will only be able to view accounts matching that filter in the Account Grid
2. The Account Filter will also apply for all detail level reports like account summary and financial detail reports.
Created Date - system will default to current date when User is created.
Selectable Group Chains: For districts with Requisition Approvals enabled, the User's detail information will contain this section. This will be used to assign Group Chains that the user can submit Requisition Approvals to. Ability to select one or multiple Group Chains. Group Chains available in this list are determined by records created on the System > Group Chains page.
Requisition Prefixes: Enter Requisition Prefixes to be used for auto-assign, restricting prefixes that can be used when entering requisitions, and/or restricting which requisition users can view.
1. Prefixes cannot contain special characters. Multiple prefixes must be separated by a comma.
2. The requisition number, including the prefix, will default to 8 characters in length. (ex. if P=Prefix, the format of requisition # will be PPPP####)
  1. Examples:
    1. ABC1 will start at ABC10001
    2. ABC will be ABC0001 (7digits holding a spot for the 4th prefix)
    3. AB will be AB0001 (only using 2 spaces of the formatted requisition # PPPP####)
3. Auto-assign: When a Requisition Prefix is entered it will be used to auto-assign requisition numbers when that user leaves the Requisition number blank. if there are multiple prefixes entered then the first prefix will be used for auto-assign.
  1. When entering an existing prefix the highest Req number + 1 will be used
  2. When entering a new prefix the series will start at 1 (ex. ABCD prefix will start ABCD0001)
  3. Prefixes can contain numbers (ex. ABC1 will start at ABC10001)
Restrict Requisitions:
1. If checked, the user must enter a value in Requisition Prefixes. The values entered will be the only prefixes the user sees or can use when creating requisitions.
  1. Multiple Requisition Prefixes can be entered separated by a comma.
2. If not checked, the user will only be able to use the values entered in 'Requisition Prefixes' but will still be able to see all requisitions.
Balance Checking options are available if the User Based Balance Checking module is enabled. All options are check marked by default and include:
1. Allow Negative Appropriation: If unchecked, the user will receive errors when posting to negative appropriation balances.
2. Allow Negative Budget: If unchecked, the user will receive errors when posting to negative budget balances.
3. Warn on Negative Amounts: Only applicable if negative amounts are permitted. If negative amounts are permitted and this is checkmarked, it will issue a warning when encountering negative balances.
The Account Expiration is the date at which the user's account will expire. After this date, the user will be effectively disabled. This affects both locally and externally authenticated users.
The Password Expiration is the date at which the user's password will expire. The user will be required to change the password after this date. Does not affect externally authenticated users.
The Enabled flag indicates if the user account is active and able to be used.
The Locked flag indicates if the user account is locked and therefore unusable.
The Two Factor Authentication flag indicates if the user account uses Duo Two Factor Authentication. In order to use this feature it must be configured in the application properties.
The External Authentication flag indicates if the user account uses External Authentication to validate the user's account instead of a locally defined set of credentials. In order to use this feature additional configuration is required.
The Status will indicate the last login by the user and will be flagged by system if the account or password has expired.
Click on to create the user, click on to not create the user.

Search

The User grid allows the user to search for existing account filters by clicking in the filter row in the grid columns and entering in the desired information. Click on any row of the search results to see a summary view of the record. The Advanced Search can be utilized by clicking on the in the upper right side of the grid.

Edit

Click on in the grid beside the user to edit the record. Only fields that are allowed to be edited will be displayed.

Change User Password

A user's password may be changed for them or if the user knows their password, they may also change it themselves by clicking on the Change Password link on the login page.

From the System menu select 'User'
Search for desired user
Click on the key icon
Enter in the new password and verify it
Click on to make the change, click to to not change the password.

Password Expiration

When a user password is set, the Password Expiration will default a date based on the Password Lifetime setup in the Authentication and Password Requirement Configuration. If the user account is for a third party application and should never expire, the Password Expiration can be modified to a date far in the future. Ex. 1/1/2070

Import Users

The User Import option may be used to import new user or modify existing users using a spreadsheet (CSV format). See the Import Criteria sections below for the required headers and CSV templates.

From the System menu select "Users"
To import a CSV file, click on
Click on "Choose File", browse for the file (.CSV) and click "Open" or select the file by double-clicking on the file name.
Make sure the system has brought in the proper file.
Click on "Load."
The selected filename will be visible.
A message box will appear showing the number of Records Loaded and the Number of Errors.
An output (CSV) file will be created containing the number of records loaded or records with errors.
If an error occurs, open the output CSV file, make the necessary corrections, and re-import the corrected output file.

Add or Update User Criteria

Please use the template spreadsheet containing the fields in the proper format (listed in the table below). If you are not using the template spreadsheet and are creating a spreadsheet of your own, the field names on the spreadsheet must exactly match the field names listed below. The field names are case sensitive and must be entered exactly as shown below making sure to include the spaces between words. Please note, the fields specified as “Required field” are the only fields that must appear in the spreadsheet. All other fields are optional.

Field	Format	Definition

Field	Format	Definition
Username	Maximum length is 64 characters	Required field when creating or updating a user.
Name	Maximum length is 255 characters	User's name.
Title	Maximum length is 255 characters	User's title.
External	True/False or T/F	Sets external authentication for user.
Enabled	True/False or T/F	Indicates if user is enabled or not.
Password Expiration	Acceptable formats as used in UI can utilize '/' slashes or '-' hyphens or numbers only (no delimiter). MMDDYYYY MM/DD/YYYY MM-DD-YYYY	Set date for password to expire.
Account Expiration	Acceptable formats as used in UI can utilize '/' slashes or '-' hyphens or numbers only (no delimiter). MMDDYYYY MM/DD/YYYY MM-DD-YYYY	Set date for account to expire.
Locked	True/False or T/F	Indicates if account is locked.
Two-Factor	True/False or T/F	Sets two-factor authentication on user.
Email	One email address, no commas	Sets email address for user.
Filters	Name of any existing filter, not case sensitive	Applies filter to user.
Restrict	True/False or T/F	Indicates if user has requisition restrictions.
Prefix	Separate prefixes with commas and/or spaces (e.g. 1,2,3 or 1 2 3 or 1, 2, 3). If using commas, the list must be wrapped by quotations ("")	Sets requisition prefixes for user.
Roles	Name of any existing roles, case sensitive (e.g. USAS_STANDARD). Separate multiple roles with commas or comma/spaces (e.g. "1,2,3" or "1, 2, 3"). If using commas, the list must be wrapped by quotations ("")	Adds roles to user, cannot be use to delete roles.
Negative Budget	True/False or T/F	Indicates if user is allowed to have negative budgets. User Based Balance Checking must be enabled to be applied.
Negative Appropriation	True/False or T/F	Indicates if user is allowed to have negative appropriations. User Based Balance Checking must be enabled to be applied.
Warn Negative	True/False or T/F	Indicates if user is warned on negative amounts. User Based Balance Checking must be enabled to be applied.
Group	Name of existing groups, case sensitive. Separate multiple groups with "/" (e.g. 1/2/3). If a group contains commas or quotes, wrap the group name in quotations (e.g. "PARTY SUPPLIES Over $15,000 "PS"", Excel may format this field incorrectly so check the actual value in a text editor like Notepad looks like the example)	Adds groups for user, cannot be used to remove groups.

Change External Authentication

Mass Change can be used to update the External Authentication flag on a group of records. When External Authentication is checked for a user they will not be able to log in using local credentials (a password set in USAS-R) only with their external authentication credentials. The Mass Change module must be enabled to use this function. Once enabled, the Mass Change section can be opened on the Users grid and the Change External Authentication (SSDT) mass change definition can be accessed by users with access to execute mass change or higher. Be sure to filter the grid to only those records you want to update. For more information on how to use mass change definitions see the Mass Change section of the Appendix.

Change Duo Two Factor Authentication

Once Duo integration has been setup, each active user in the USxS system will need to be setup to enable two-factor authentication. A new property, Two Factor Authentication, has been added to the user. If this value is set to true and Duo Security has been enabled for the application, after the standard authentication (local or LDAP / Windows AD) is performed, the Duo universal prompt will be invoked. The new two factor authentication flag can be set by editing the user, or through a mass change definition.

The Mass Change module must be enabled to use this function. Once enabled, the Mass Change section can be opened on the Users grid and the Change Two Factor Authentication (SSDT) mass change definition can be accessed by users with access to execute mass change. Be sure to filter the grid to only those records you want to update. For more information on how to use mass change definitions see the Mass Change section of the Appendix.