1 Users
- 1.1 Create a User
- 1.2 Search
- 1.3 Edit
- 1.4 Change User Password
  - 1.4.1 Password Expiration
- 1.5 Locked User
- 1.6 Import Users
  - 1.6.1 Add or Update User Criteria
- 1.7 Change External Authentication
- 1.8 Change Duo Two Factor Authentication

Users

A "user" is a person that the software is designed for and is using the software. The username is limited to 64 characters. The username entered when creating the user will be the username they will use to log into the USAS application.

Users are assigned one or more Roles. The roles assigned to the user thus determine the access that user will have in the system.

Create a User

From the System menu, select 'User.'
Click on .
Enter any required user information.
- Enter the Username of the User.
- Enter the Name of the User.
- A Title and Email address may be entered if desired.
Select the Assigned Role(s) for the User. Can grant User one or more roles.
1. Highlight the desired roles to be added to the User.
Select a Filter from the drop-down. The filter is pulled from an account filter stored in the 'Account Filters' option under UTILITIES.
1. When an Account Filter is applied to a User, that user will only be able to view accounts matching that filter in the Account Grid.
2. The Account Filter will also apply to all detail-level reports, like account summary and financial detail reports.
Created Date - the system will default to the current date when the User is created.
Selectable Group Chains: For districts with Requisition Approvals enabled, select the applicable Group Chain(s) the User is allowed to submit a requisition for approval. One or multiple Group Chains may be selected for the User. Group Chains displayed on the left reflect the Group Chains available to select/move to the right for the allowed Group Chains. The list of Selectable Group Chains is determined by records created under System > Group Chains.
Failed Attempt. Read-only field showing the number of failed login attempts. The Failed Attempt counter will reset to zero once a User successfully logs in. If the user account becomes locked due to too many attempts, the User will receive an error message stating: “Login Failed. Your account has been locked.” Only a user with edit permissions on a User may unlock a user’s account from the User grid button and the User account must be unlocked before the password may be updated.
Requisition Prefixes: Enter Requisition Prefixes to be used for auto-assigning, restricting prefixes that can be used when entering requisitions, and/or restricting which requisition users can view.
1. Prefixes cannot contain special characters. Multiple prefixes must be separated by a comma.
2. The requisition number, including the prefix, will default to 8 characters in length. (ex. if P=Prefix, the format of requisition # will be PPPP####)
  1. Examples:
    1. ABC1 will start at ABC10001
    2. ABC will be ABC0001 (7digits holding a spot for the 4th prefix)
    3. AB will be AB0001 (only using 2 spaces of the formatted requisition # PPPP####)
3. Auto-assign: When a User has a Requisition Prefix and leaves the Requisition number blank when creating a Requisition, the prefix will be used to auto-assign requisition numbers when that user saves the Requisition. If there are multiple prefixes on the User’s record, the first prefix will be used for auto-assigning the requisition.
  1. When entering an existing prefix, the highest Req number + 1 will be used
  2. When entering a new prefix, the series will start at 1 (ex. ABCD prefix will start ABCD0001)
  3. Prefixes can contain numbers (ex. ABC1 will start at ABC10001)
Restrict Requisitions:
1. If checked, the user must enter a value in Requisition Prefixes. The values entered will be the only prefixes the user sees or can use when creating requisitions.
  1. Multiple Requisition Prefixes can be entered, separated by a comma.
2. If not checked, the user will only be able to use the values entered in 'Requisition Prefixes' but will still be able to see all requisitions.
Balance Checking options are available if the User-Based Balance Checking module is enabled. All options are check-marked by default and include:
1. Allow Negative Appropriation: If unchecked, the user will receive errors when posting to negative appropriation balances.
2. Allow Negative Budget: If unchecked, the user will receive errors when posting to negative budget balances.
3. Warn on Negative Amounts: Only applicable if negative amounts are permitted. If negative amounts are permitted and this is checkmarked, it will issue a warning when encountering negative balances.
The Account Expiration is the date at which the user's account will expire. After this date, the user will be effectively disabled. This affects both locally and externally authenticated users.
The Password Expiration is the date at which the user's password will expire. The user will be required to change the password after this date. Does not affect externally authenticated users.
The Enabled flag indicates if the user account is active and able to be used.
The Locked flag indicates if the user account is locked and therefore unusable.
The Two Factor Authentication flag indicates if the user account uses Duo Two Factor Authentication. In order to use this feature it must be configured in the application properties.
The External Authentication flag indicates if the user account uses External Authentication to validate the user's account instead of a locally defined set of credentials. In order to use this feature additional configuration is required.
The Status will indicate the last login by the user and will be flagged by system if the account or password has expired.
Click to create the user, click to not create the user.

Search

The User grid allows the user to search for existing account filters by clicking in the filter row in the grid columns and entering the desired information. Click on any row of the search results to see a summary view of the record. The Advanced Search can be utilized by clicking on the

in the upper right side of the grid.

Edit

Click on

in the grid beside the user to edit the record. Only fields that are allowed to be edited will be displayed.

Change User Password

A user's password may be changed for them, or if the user knows their password, they may also change it themselves by clicking on the Change Password link on the login page.

From the System menu, select 'User.'
Search for the desired user.
Click on the key icon .
Enter the new password and verify it by entering it again.
Click to make the change, click to not change the password.

Password Expiration

When a user password is set, the Password Expiration will default to a date based on the Password Lifetime setup in the Authentication and Password Requirement Configuration. If the user account is for a third-party application and should never expire, the Password Expiration can be modified to a date far in the future. Ex. 1/1/2070

Only users with the Administrator Role will be able to change the password for users with the Administrator Role (current account or another Admin user) with the System > Users grid Change Password option (key icon).

Locked User

A user will be locked out after 5 consecutive Failed Attempts at logging in. For more information on how Failed Attempts will show on the User’s record, see Create a User #8. After too many attempts, the User will be detected as an intruder and receive a bad credentials error. The User cannot change their password until their account is unlocked by a user with this permission. To unlock their account, use the unlock button on the grid.

Import Users

The User Import option may be used to import new user or modify existing users using a spreadsheet (CSV format). See the Import Criteria sections below for the required headers and CSV templates.

From the System menu, select "Users."
To import a CSV file, click .
Click on "Choose File", browse for the file (.CSV) and click "Open" or select the file by double-clicking on the file name.
Make sure the system has brought in the proper file.
Click on "Load."
The selected filename will be visible.
A message box will appear showing the number of Records Loaded and the Number of Errors.
An output (CSV) file will be created containing the number of records loaded or records with errors.
If an error occurs, open the output CSV file, make the necessary corrections, and re-import the corrected output file.

Add or Update User Criteria

Please use the template spreadsheet containing the fields in the proper format (listed in the table below). If you are not using the template spreadsheet and are creating a spreadsheet of your own, the field names on the spreadsheet must exactly match the field names listed below. The field names are case sensitive and must be entered exactly as shown below, making sure to include the spaces between words. Please note, the fields specified as “Required field” are the only fields that must appear in the spreadsheet. All other fields are optional.

Field	Format	Definition

Field	Format	Definition
id	xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx	Required field when updating a user. Leave blank when creating a user. Current id values can be pulled from the Users grid.
Username	Maximum length is 64 characters.	Username to be entered on the login page. This field is not required to be included in the import file if the usernames are not being added or modified. If this column is included, it cannot be left blank.
Name	Maximum length is 255 characters	User's name.
Title	Maximum length is 255 characters	User's title.
External	True/False or T/F	Sets external authentication for the user.
Enabled	True/False or T/F	Indicates if a user is enabled or not.
Password Expiration	Acceptable formats as used in UI can utilize '/' slashes or '-' hyphens or numbers only (no delimiter). MMDDYYYY MM/DD/YYYY MM-DD-YYYY	Set a date for the password to expire.
Account Expiration	Acceptable formats as used in UI can utilize '/' slashes or '-' hyphens or numbers only (no delimiter). MMDDYYYY MM/DD/YYYY MM-DD-YYYY	Set the date for the account to expire.
Locked	True/False or T/F	Indicates if an account is locked.
Two-Factor	True/False or T/F	Sets two-factor authentication for the user.
Email	One email address, no commas	Sets the email address for the user.
Filters	Name of any existing filter, not case sensitive	Applies a filter to the user.
Restrict	True/False or T/F	Indicates if the user has requisition restrictions.
Prefix	Separate prefixes with commas and/or spaces (i.e. 1,2,3 or 1 2 3 or 1, 2, 3). If using commas, the list must be wrapped by quotations ("")	Sets requisition prefixes for the user.
Roles	Name of any existing roles, case sensitive (i.e.. USAS_STANDARD). Separate multiple roles with commas or comma/spaces (i.e.. "1,2,3" or "1, 2, 3"). If using commas, the list must be wrapped by quotations ("")	Adds roles to the user, but cannot be used to delete roles.
Negative Budget	True/False or T/F	Indicates if user is allowed to have negative budgets. User Based Balance Checking must be enabled to be applied.
Negative Appropriation	True/False or T/F	Indicates if user is allowed to have negative appropriations. User Based Balance Checking must be enabled to be applied.
Warn Negative	True/False or T/F	Indicates if a user is warned on negative amounts. User-based Balance Checking must be enabled to be applied.
Group	Name of existing groups, case sensitive. Separate multiple groups with "/" (i.e. 1/2/3). If a group contains commas or quotes, wrap the group name in quotations (i.e. "PARTY SUPPLIES Over $15,000 "PS"). Excel may format this field incorrectly, so check the actual value in a text editor like Notepad looks like the example.	Adds groups for the user, cannot be used to remove groups.

Change External Authentication

Mass Change can be used to update the External Authentication flag on a group of records. When External Authentication is checked for a user, they will not be able to log in using local credentials (a password set in USAS) and will only be able to log in with their external authentication credentials. The Mass Change module must be enabled to use this function. Once enabled, the Mass Change section can be opened on the Users grid, and the Change External Authentication (SSDT) mass change definition can be accessed by users with access to execute mass change or higher. Be sure to filter the grid to only those records that you want to update. For more information on how to use mass change definitions, see the Mass Change section of the Appendix.

Change Duo Two Factor Authentication

Once Duo integration has been set up, each active user in the USxS system will need to be set up to enable two-factor authentication. A new property, Two Factor Authentication, has been added to the user. If this value is set to true and Duo Security has been enabled for the application, after the standard authentication (local or LDAP / Windows AD) is performed, the Duo universal prompt will be invoked. The new two-factor authentication flag can be set by editing the user or through a mass change definition.

The Mass Change module must be enabled to use this function. Once enabled, the Mass Change section can be opened on the Users grid, and the Change Two Factor Authentication (SSDT) mass change definition can be accessed by users with access to execute mass change. Be sure to filter the grid to only those records you want to update. For more information on how to use mass change definitions, see the Mass Change section of the Appendix.