Adding and managing users

One of the benefits of ChurchSuite is that all your staff can be given access to it, allowing teams to work collaboratively while only accessing appropriate information determined by their User permissions.

In this article

Types of users
Adding a new user
Linking a User to their Address Book profile
Duplicating an existing user
Changing a username
Changing a user password
Resetting a user password
Keeping on top of the changes
Reporting options for Administrators
Reporting options for Users
Deleting a user

Types of users

ChurchSuite has two categories of User – Administrators and Users. Additionally, your ChurchSuite account will have a designated account contact and billing contact specified in "Administrator" > "Profile".

1. Administrator

Administrators have full access to every module* and permissions include read, edit, add and delete functionality. There must always be at least one Administrator on your account.

Module passwords

While Administrators ordinarily have full manage permissions to all modules, it is possible to add a module password to any module as a second layer of security or to keep the module's data confidential from any user who doesn't have the module password. A good example might be your Giving module, where typically a church may prefer this to only be accessible to authorised finance team members. See the related support articles for details of how to set a password for a module.

Administrators have access to the Administrator menu. Through this menu, they can manage Users, Groups, Modules, Files, your church's account Profile, Presets, Brands and your account Integrations. There's also an Administrator Reports section.

2. User

Users differ from Administrators in that they only have access to the modules and/or Connect applications specified in their User account, as granted by an Administrator. For each module, a user can be designated as having Use or Manage module permissions (see below).

It's also possible to set a User's access to ChurchSuite's Connect applications without needing to necessarily give underlying manage module or use permissions. In this way you can add designated users with access to just your Child Check-In system, for example, without that user profile also needing access to the underlying Children module. The Connect settings will also show/hide the "Login to Connect" quick links on the ChurchSuite summary page.

Use permissions – broadly speaking, the user can only view the data within the module – they cannot edit to make changes, they cannot add or import new data, or delete data from the module. They can send communications from within that module, including exporting data and sending consent requests and My ChurchSuite invitations. They can access and run many of the module's reports. They can process people through Flows. They can add people to small groups. They can add people to Flows, Tags, and Key Dates from a person's profile page (which includes creating new tags and key dates if they don't yet exist). They can add, pin, unpin, edit and delete notes. In the Calendar module they can access event check-in to record event attendance. They are not able to 'undo' entries in changes logs.

Manage permissions – the user has full access to be able to add, import, edit and delete data within the module, including full communication and reporting access. Manage permissions also allow access to the module's settings (via the cogwheel in top right corner of each module they have access to).

Connect permission – the user can log in and use the specified Connect application(s) only. They have access to the underlying modules unless their permissions explicitly include module 'use' or 'manage' permissions. In this way, key volunteers can make use of Connect functionality without needing access to any personal or sensitive information in your ChurchSuite modules.

Adding a new user

To create a new user account, go to the Administrator section. In the Users section, notice the option to switch between viewing Active and Archived users. Click Add user.

On the Add user page, begin completing the various field. Enter a suitable Username. Usernames must be unique and must be between 2-25 characters (letters, numbers, underscores and fullstops, no spaces). The Username and user Email fields are required.

By default, new users will be sent a 'welcome' email inviting them to login and set their own password. Unchecking the Welcome Email gives you the option to specify their password (although they can change this later if they wish).

Optionally, link a User's account to their contact entry in your Address Book module. As you begin to type in the Contact box, ChurchSuite will auto-suggest matching names in your Address Book, or you can type a Name. See the next section in this article for more information about user-contact linking.

An Email address is required for all Users – the email address is used for sending password resets and is also the default "From" email address that will be used when the user sends an email from within ChurchSuite (and the address to which email replies will be delivered).

Optionally set any default email Signature. This might be something that uses your organisation's 'corporate' styling and branding.

It's also possible to restrict the total number or percentage of recipients the User can communicate with per email/SMS. This can be particularly useful in larger contexts to prevent a User mistakenly emailing all contacts for example. In a multi-site context, a percentage relates to the percentage of contacts the user has access to across all the sites the user has permissions for.

You can now select which Type of user you want to create – Administrator or User. There are no maximum limits on the number of users and administrators you have on your ChurchSuite account. See the previous section for an explanation of the different types of users.

If selecting User, set the Use, Manage and Connect permissions for each module as applicable - see earlier in the article for an explanation of these terms.

Multi-site customers can specify which Sites the user is able to access. A user has the same module access for each site – it is not possible, for example, to set 'manage' permissions in one site but only 'use' permission for another site. Note that all users, including Administrators, must have site access for at least one site, otherwise they will not be able to log in. Administrators do not automatically have access to all Sites – their site access must also be explicitly specified by checking the appropriate Site Access boxes.

When you are finished click Save to add the new User.

From the User's profile "View" page you can see Recent Logins and an overview of the User's current Module Access. Note also the options to Archive or Delete a User.

Archived users can be Set as active again or deleted.

From a User's profile page you can easily add them to User Groups (or remove them) - see our related support article for further information about creating and managing User Groups.

There are times when it is helpful for a User's profile to be linked to their contact profile in the Address Book module – here's why...

By default, all sent emails are sent from the User email address specified in a user's profile. When a User is linked to their underlying contact in the Address Book, they will also have the option of selecting that an email is sent from their contact profile email address e.g. their personal email address. Additionally, Users with linked contacts have their birthday shown on the calendar in the Calendar module (if DOB specified) – never miss a staff member's birthday again!

The Users list gives you a quick visual indicator of any User accounts not linked to a contact – shown as Not in Address Book.

Select an unlinked User and select Edit from the Action menu on the right-hand side.

In the Contact field begin to type the contact's name to be linked - ChurchSuite will auto-suggest as you type. Select the appropriate contact – only adult contacts are listed – children cannot be Users.

The User's Name, Email address (and profile image) are updated to reflect the linked contact's name, email address and profile image. You can override and specify a different User email address if you wish; perhaps using a church email address for a User's profile but retaining their personal email address against their Address Book contact profile. The email address specified here will be available as a "From" address when sending emails from within ChurchSuite.

Be sure to save your changes before closing the page. The User's profile "View" page confirms the Address Book contact that the User is linked to.

Duplicating an existing user

It's often the case that the permissions being assigned for a new User are going to be the same or similar to an existing User. You can speed up the process of creating multiple Users by easily duplicating from an existing User, either clicking Duplicate from the existing User's profile page...

...or from your list of Users – from the Action menu on the right hand side of a User in the list...

...or from the Permissions report in the Administrator > Reports section.

Whichever method you use, selecting Duplicate will create an exact copy of the User being duplicated from, including module permissions, user groups, site(s), and signature. Simply add the new user's Username (and check the signature is correct) before saving the changes.

Changing a username

Sometimes it's necessary to change a User's username. Perhaps you wish to change your naming convention or you have two Users with similar names. Managing Users in this way is an Administrator-only function. Logged in as an Administrator, click into the Administrator menu and into the Users section. Select the User you wish to change by clicking on their existing Username.

From the Edit menu select Change username.

On the Change username pop up, enter the new username – usernames must be unique and must be between 2-25 characters (letters, numbers, underscores and fullstops, no spaces).

Click to Save the changes. Don't forget to let the User know their new username! Their password remains unaffected by this change.

Changing a user password

It may sometimes be necessary to change a User's password (rather than send the user a password reset email). While a user can change their own password (in their User area), only an Administrator can change another user's password.

Click into the Administrator menu. Locate the user whose password you want to change and select View from the Action menu.

Select Change password from the Edit menu.

Enter the New Password and the Confirm Password. Note the criteria for a valid password. As you type your new password a strength indicator changes from red to yellow to green to indicate the password's strength and the criteria change from grey to green as each criteria is met. The Passwords match turns green too if the Confirm Password matches the New Password.

Click Save when you are finished. Don't forget to let the User know their new password!

Resetting a user password


Password reset emails are only valid for 24 hours, after which time they cease to work. If multiple password reset emails are requested/received, only the most recent email will be valid – each new reset email invalidates all previous reset emails.

In the event of a User forgetting their password, a password reset email can be requested. This can be done in one of two ways...

1. The User requests their own password reset

A User can request their own password reset by selecting the Forgotten Password? option on the ChurchSuite login page...

The password reset email is sent to the User's email address (which may be different to the User's Address Book email address).

2. An administrator sends a password reset

An Administrator is able to send a password reset email for any User (except themselves) from the Users section within the Administrator area. On their User's profile "View" page, click Send password reset. A password reset email will immediately be sent to the User's email address. A 'success' message confirms that a password reset email has been sent.

User password reset requests are logged in the User's Communication log in the User area.

Keeping on top of the changes

Whenever an Administrator makes a change to a User's profile a note of the change is recorded in the Changes log for that User. To view the Changes log scroll down to the very bottom of the User's profile "View" page in the Administrator section of your account and select Changes from the Recent Activity section. The log includes the change date and time, the Administrator name who made the change and a description of the changes made.

To complete the audit trail a Changes log is also recorded against the Administrator's profile showing which Users they have added or deleted.

Reporting options for Administrators

The Administrator tab includes a series of useful User reports specifically designed to help with administrating Users.

The Communication report allows Administrators to see a list of all sent communications (e.g. emails, SMS, call, etc.). The report includes the option to filter the results by a range of Dates, the Method of communication (e.g. email, SMS, call, etc.) and the Users who sent out the communications.

The Logins report allows Administrators see a list of login attempts made to ChurchSuite and ChurchSuite Connect within a range of Dates. The results include the Date, whether that login was successful, the Username used, the Device used and the IP Address which the login attempt was from.

A note about the Logins report

ChurchSuite, where able, will log successful and failed login attempts by users and church members.

When a User/member logs into ChurchSuite on an iOS or Android app...

  • A login is logged on first login
  • A login is logged when the authentication token is refreshed (around every 24 hours)
  • A login is logged when switching between accounts within the app e.g. when switching from a ChurchSuite account to a My ChurchSuite account and vice versa.

When a User logs in via a private or non-private session through a browser...

  • A login is logged on first login
  • A login is logged when the authentication token is refreshed (around every 24 hours)

A login "failure" is only logged against the user for an incorrect password. An incorrect username can't be logged as the username is invalid!

The Password Security report gives a summary of each user's password strength and when their password was last changed. You might use this information to request users increase their password security or change their password periodically.

Note: ChurchSuite can only detect the strength of a password when it is physically typed in by a User on a login page. If a user has "autofill" enabled on their browser or they have copied and pasted it (perhaps when using a password vault app like 1Password) it isn't possible to detect the strength of the password. The browser choice may also have an impact on this too, as some of the more obscure browsers don't support all functionality. Note also that if you've saved your password in your browser then that will prevent the strength detection from actually running as the browser security measures doesn't allow ChurchSuite access to the browser's saved password list in order to check the strength.

The Permissions report displays a table of all the Module Access permissions held by the users on your ChurchSuite account. Administrators can also use this table to manage the Module Access permissions of each user within the account - simply click the Action menu on the right hand side to surface the available actions. The report displays user permissions for the site being viewed. Using the multi-site selector in the top right hand corner of ChurchSuite you can filter the report to show all users for "All Sites" or all users for a specific site.

The Recent Changes report gives a list of all recent changes made to users by Administrators or the user themselves.

Reporting options for Users

Users are able to access the Reports section for each module they have permission to view. It is important to note, though, that while they have access to the Communications report within modules, they are only only able to see the communications that they themselves have generated:

Deleting a user

Before you delete a User you may prefer to archive them in the first instance, to make sure there are no unexpected consequences from the loss of that User's account. Simply navigate to the User's profile "View" page and select to Archive the User. Archived users can be Set as active again if necessary. Or to delete a User click the Delete button.

You'll be taken through two confirmation steps, the first asking "Are you sure?", and the second confirming the consequences of proceeding and asking you to type "I CONFIRM".

Deleting a User will remove their User profile entirely, including their module permissions, their User Group membership and site permissions. They will no longer be able to log in and their encrypted password will be deleted. Any historic leave and leave set up will be deleted. Any features that have been set visible to "Just me" will no longer be accessible to anyone – including that user's Notes, Flows, Tags, Key Dates, and Booking Resources.

Still need help? Contact ChurchSuite Contact ChurchSuite