Title: Creating New Users

Assuming that your TeamPage hasn't reached its active user account limit, there are four ways that new user accounts can be created:

  1. Create an Account Manually - By a Server Administrator using Server Setup > People > Add User
  2. Self-Service Registration - TeamPage can be configured to allow anyone to create their own account by filling in a form
  3. First Login Using and External Security Principle - For use with Active Directory or LDAP directories
  4. Invitation - TeamPage can be configured to allow users to invite other people to a space (TeamPage 5.2.49 or later) by email invitation.


This page describes each of these methods, as well as important settings relating to new user accounts.

Create an Account Manually



After the first account is created when you're setting up a new journal, there's only one way to manually create an account until you configure one of the automatic options.

Server Administrator Created Accounts



The Server Setup | People page's Add Users tab allows an administrator to create new accounts for regular users, as well as for special system users (e.g., an account used by a search indexer or metrics logger daemons). Using this feature requires Server Setup permission.

After creating a new user account, the form is partially reset so you can easily create another one. A table to the right of the form shows you some details of the accounts you've created so far, including a link to administer each account:



Automatically Created Accounts



There are three ways an account can be created automatically..

Self-Service Registration



Users can create accounts for themselves using the registration link on the Sign In form. Self-Service Registration is not activated by default; it must be enabled by an administrator, who must also configure SMTP settings so that the TeamPage server can send emails.

The settings on the Server Setup | People page's Self-Serve Registration tab enable or disable self-service registration and specify customizable aspects of how the Self-Serve feature works, including terms of use and instructions users will see referenced on the registration page and the text they'll see in the confirmation email message they receive as part of the registration process.

First Login Using an External Security Principal



The first time a user signs into TeamPage using an external security principal whose effective permissions include Login permission, a new account is automatically created for them bound to that security principal, and they are logged into TeamPage as that user.

This feature require that an administrator must first configure TeamPage to use Active Directory, LDAP, or another identity server, and must then also define ACL rules that apply to the security principals from that Active Directory server.

Note that you can configure TeamPage to use Active Directory, LDAP or another identity server in parallel with TeamPage account management. With this Hybrid Scheme you can manually create TeamPage accounts that don't come from your Active Directory or LDAP directory, which is handy if it's difficult to add special user or TeamPage accounts to your corporate identity server.

Administrators can change the security principals associated with an account at any time from the account's Personal Setup | Permissions page by clicking on the Modify Principal link:



When you modify the security principal of an individual account, the TeamPage server will migrate ACLs and group definitions for you: all the ACLs rules and group definitions that refer to the original principal encoding will be changed to refer to the new security principal encoding.

Invitation - Users Inviting Other People



As of TeamPage 5.2.48, TeamPage can be configured to allow current users to invite other people to join them in using a TeamPage space by sending them an email invitation.

Inviting other people automatically creates new user accounts as necessary. Any email address that TeamPage does not find to be associated with an existing account will be associated with a new account, without the user having to worry about the details.

The Server Setup | People page's Invitations tab includes some settings related to the invitation email message that invited users receive to notify them of the invitation.

Please see Inviting Users to TeamPage for further details on this feature, and to ensure that your TeamPage server is set up to make the best use of this feature.

New User Account Defaults



If you're an administrator using the Server Setup | People's Add Users tab, you can choose the user name, password and some other properties of the accounts you're creating. The settings on the New User Account Defaults tab govern a few of the initial values on that form. Some settings also apply more importantly to automatically created accounts.

Basic Permissions for a New Account - Add New Users to Group



Unless you have lots of ACLs rules that allow many permissions to the Everyone group, or unless you're managing most or all of your ACLs rules using externally defined security principal groups, you will probably want to designate a group to which all automatically created accounts will be added. This group applies to all three methods of automatic account creation described above.

You may need to define your server level ACLs that allow Login and other basic permissions so as to exclude the built-in Visitor account, and possibly some others. And you may find it convenient for every user who joins your TeamPage server to be granted some basic level of permissions in some spaces. (This is exactly what we need on this very server: we need all new users to automatically have access the Forum, Customer, and SDK Reference spaces, among others.) The Add New Users to Group setting makes this easy:

  1. Create a server level group;
  2. Define your preferred basic server and space ACLs rules in terms of that group;
  3. Designate that group for the Add New Users to Group setting.


These simple steps will ensure that all new user accounts will have that same basic level of permissions.

Managing the permissions using ACLs rules applied to this group means that you won't have to worry about managing individual permissions for every new user account. You can change the ACLs that apply to this group at the server level or in any space at any time in order to affect all the user accounts that belong to the group.

Require Password Change for New Accounts



This setting applies to manually created accounts only. It is designed to ensure that a new user whose account has been created for them must pick a new secure password rather than using a temporary password that an administrator has chosen for them.

It doesn't apply to automatically created accounts because



Enable Server Digests by Default for Newly Created Accounts



The email digest is a foundational feature of Traction TeamPage, and is one of its most popular features. Although we have found automatic server digest subscription for new user accounts as an extremely important feature, it's not for everyone. This setting allows administrators to select whether new accounts are automatically subscribed to server digests; user's who don't want to receive digests can click the unsubscribe link of the digest email.

The value of this setting is used as the default value of the Server Digests Enabled checkbox on the Add Users tab (see screen shot above). An administrator can manually check or uncheck the Server Digests Enabled checkbox when manually creating a new account.

Users who create their own accounts via self-service registration can choose at registration time whether to subscribe to server digests, so this setting doesn't apply to them, but it does apply to other automatically created user accounts.

Please choose the value of this setting carefully for your deployment. It may be very useful for all your users to automatically start receiving digests in their inbox, but you will have to decide what is appropriate for your environment.

See also Email Digest and Server Setup - Email Tab.



Attachments:
ss-people-add-users.png
modify-principal-link.png
Related Articles
Article: Doc1444 (permalink)
Date: July 31, 2012; 5:46:55 PM EDT
Author Name: Dave Shepperton
Author ID: shep