Users can be managed from a few places, depending on your role:
System administrators can create new users.
To create a new user:
Note: If you plan on creating an application that restricts user visibility, be sure to create a username that is not personally identifiable, as usernames are still visible within the system even when a user's Contact Information and Display Name are restricted. See also: User Profile Visibility
Note: Passwords may be constrained to certain complexity or length requirements by your Appian administrator. See also: Appian Authentication.
There are three places where you can view and update the users in your environment.
System administrators can view and search through a complete list of users in the Users page of the Admin Console. When you search on first name, last name, or email address, Appian uses a "starts with" search. When you search on UUID, Appian uses an exact match search. You can also sort the users grid by these four fields and filter by the user's active/inactive status.
To view or update a specific user's information:
All designers can view and search through a complete list of users from the Users view in Appian Designer. You can search by full name, username, and email. Appian returns any results that contain the search criteria. You can also sort the users grid by these three fields.
To access the Users view:
Designers who are system administrators can filter the grid by the user's active/inactive status, as well as view and modify a specific user's information by following the same steps above for the Admin Console.
Basic designers can modify their own user information and see a limited set of read-only details about the other users in the results.
Note: Users are not design objects, so they will not appear as part of any application or objects list in Appian Designer, except in a group's members list and in the Users view.
The User record type allows you to reference user information in your interfaces, reports, and queries. By default, end users can view the user profiles of other users, although you can determine who can see which user profiles by configuring record-level security.
End users can modify their own profiles from their User record, including their name, email address, office phone, mobile, location, profile photo, cover photo, and blurb (system administrators cannot modify other users' blurbs).
While system administrators can modify users' profiles, they cannot prevent end users from modifying their own profiles. To restrict which fields a user can edit on their own profile, go to the User Profile page of the Admin Console.
System administrators can reset a user's password from the Admin Console. End users can, however, change their own password at any time from the Settings page in Tempo or a Site.
To change a user's password, complete the following:
If you deactivate a user, the user account is still present in the system, but the user cannot sign in. Additionally, default and runtime object permissions for that user are revoked.
Running processes that were started by a user who was later deactivated will pause by exception. This will not happen immediately, but is guaranteed to happen no later than the next time the application server is restarted.
Tip: When designing applications, it's important to consider the lifecycle of the user separate to the lifecycle of the event. A user's departure does not mean the end of their responsibilities.
Process models or any node in a process model configured to run as their designer will fail to run if the designer user becomes deactivated. Also, when process models are imported from one environment to another, the user importing these applications becomes the process model designer. For these reasons, Appian recommends that applications be imported into test and production environments using a service account of type System Administrator that will not be deactivated.
Note: If needed, applications can be force updated by an active user using an import customization file.
System administrators can deactivate users from the Admin Console by doing the following:
Note: The Administrator user account cannot be deactivated.
When a user account is reactivated, its last login time is set to the current date and time to prevent the user from being immediately deactivated (if a policy is in place to do so for users who do not log into the system within a certain amount of time). See also: Appian Authentication
System administrators can reactivate users from the Admin Console by doing the following:
When a user account is locked according to a password policy (such as having too many failed sign-in attempts within the designated time frame), a banner displays on the Update User dialog for that user.
System administrators can unlock users from the Admin Console by doing the following:
System administrators assign certain rights to a user by making the user a Basic User or a System Administrator.
To modify a user's type after creating the user, complete the following:
Other User Rights
All user actions are verified using access control lists prior to execution. Individual objects can be secured by granting rights to individual users or groups based on group membership and user role maps.
Note: Best Practice: Rather than assign rights for various objects to each individual user, as a best-practice, create a custom group for each role within your organization. Assign rights in the system according to group and then add the users in that role to the associated group.
See also: Configuring Security for Groups and User Roles.
As basic users interact with Appian, they are frequently assigned additional roles. These roles are granted the necessary rights to perform various tasks, such as administering the objects they create. Basic users must be given the designer role in order to access Appian Designer.
A basic user can select her preferred time zone, language, calendar settings in Tempo by doing the following:
System administrators can override these individual settings in the Admin Console.
All email and mobile notifications can be configured individually by users. The server administrator can configure email notification settings for the entire site, but each individual user can override these settings for their own account.
See User Notifications Settings for the options available.
The following user rights are available to viewers of the Tempo interface:
Ability | System Administrator | Basic User |
---|---|---|
View public events (events that are not targeted to any specific user). | Yes | Yes |
View events targeted to a group the user belongs to. | Yes | Yes |
View posts added by users the user is following. | Yes | Yes |
Search for posts added by users the user does not have viewer rights to. | Yes | No |
Post to his or her followers. | Yes | Yes |
Post a comment on any visible feed entry. | Yes | Yes |
Send a message to everyone. | Yes | No |
Send a message to a user he or she does not have viewer rights to. | Yes | No |
Send a message to a Tempo Message Audience Group the user is a part of. | Yes | Yes |
Create a task for a user the user does not have viewer rights to. | Yes | No |
View tasks assigned to the user or sent by the user. | Yes | Yes |
View tasks assigned to other users. | Yes | No |
Give kudos to other users. | Yes | Yes |
View kudos given to other users. | Yes | Yes |
View an action without view rights to the associated process model. | Yes | Yes |
Take an action that is in a viewable process model and application. | Yes | Yes |
Take an action without view rights to the associated process model. | No | No |
Open a case without view rights to the associated process model. | No | No |
View his or her own profile. | Yes | Yes |
View a profile of a user they do not have viewer rights to. | Yes | No |
Note: System administrators have viewer rights to all users.
Users can be added to a group by navigating to the group in Appian Designer, and clicking Add Members in the toolbar or by configuring a membership rule. See Group Management for more details.
User Management