Creating and managing Users

One of the key benefits of ChurchSuite is the fact that all your church's staff can have access to it, allowing teams to work collaboratively while only accessing appropriate information assigned by their user permissions.

In this article

Types of users in ChurchSuite
Adding a new user in ChurchSuite
Linking a User to their Address Book profile
Duplicating an existing user
Changing a user's username
Changing a user's password
Resetting a user's password
Keeping on top of the changes with 'change logs'
Reporting options for Administrators
Reporting options for Users
Deleting a user from ChurchSuite

Types of users in ChurchSuite

With ChurchSuite are two categories of User - Administrators and Users. Additionally your ChurchSuite account will have a designated account contact and billing contact specified in "Administrator" > "Profile".

Administrator

Administrators have full access to every module* and permissions include read, edit, add and delete functionality. There must always be at least one Administrator on your account.

*Module passwords

Whilst Administrators ordinarily have full manage permissions to all modules, it's also possible to add a module password to any module as a second layer of security or to keep the module's data confidential from any user who doesn't have the module password. A good example might be your Giving module, where typically a church may prefer this to only be accessible to authorised finance team members. See the related support articles for details of how to set a password for a module.

Administrator users have access to the Administrator menu. Through this menu, administrators can manage Users, Groups, Modules, your church's account Profile, Presets, Brands and your account Integrations. There's also an Administrator reporting section.

User

Users differ from Administrators in that they only have access to those modules specified in their User settings (as granted by an Administrator). For each module, a user can be designated as having Use or Manage module permissions (see below). It's also possible to set a User's access to ChurchSuite's "Connect" applications without needing to also give underlying module manage or use permissions. In this way you can create designated users for just your Child Check-In system without that user profile also needing access to the underlying Children module. The Connect settings will also show/hide the "Login to Connect" quick links on the ChurchSuite summary page.

Use permission - broadly speaking, the user can view the data within the module - they cannot edit or make changes, and they cannot add or import new data or delete data from the module. They can send communications from within that module, including exporting data. They can access and run many of the module's reports. In the Address Book, the user can process people through Flows, including processing actions within each Flow stage; and they can add contacts to a small group and send My ChurchSuite invitations from a contact's profile page. In the Address Book and Children module the user is able to add people to Flows, Tags, and Key Dates from a person's profile page (which includes creating new tags and key dates if they don't yet exist). The user is also able to add, pin, unpin, edit and delete notes. In the Calendar module the user can access event check-in to record event attendance. Users with "use" permissions are unable to 'undo' entries in changes logs.

Manage permission - the user has full access to be able to add, import, edit and delete data within the module, including communication and reporting. Manage permissions also allow access to the module's settings (via the cogwheels in top right corner of the module page).

Connect permission - the user can log in and use the specified Connect application(s).

Adding a new user in ChurchSuite

To create a new user account, go to the "Administrator" menu, which you can find in the top right-hand corner of ChurchSuite. From the "Users" section click the "Add user" button.

Proceed by completing the various field. Begin by entering a username. Note the formatting requirements for usernames - between 3-25 characters, with letters, numbers, fullstop or underscore only.

By default, new users will receive a 'welcome' email inviting them to login and set their own password. Unchecking the "Welcome Email" give you the option to specify their password (although they can change this later if they wish).

Optionally, you can link a User's profile to their contact entry in your Address Book module. As you begin to type in the 'Contact' box, ChurchSuite will auto-suggest matching names in your Address Book. An email address is required for all Users - the email address is used for sending password resets and is also the default "From" email address that will be used when the user sends an email from within ChurchSuite (and the address to which email replies will be delivered).

Optionally set any default email signature. This might be something that uses your church's 'corporate' styling and branding.

Lastly, a user must be set as "Active?" in order for them to be able to log in.

You can now select which type of user you want to create. There are no maximum limits on the number of Users and Administrators you have on your ChurchSuite account.

An "Administrator" user has full access to all the modules on your account (along with the ability edit the module's settings), as well as to the "Administrator" menu itself. A module password can be added to the Giving module, which prevents Administrators from accessing that module, ensuring your giving data is always confidential to just those users with the module password.

For "User" level users you can determine the modules they have access to, as well as the extent of their permissions. See the related support article for a fuller description of user permissions.

Multi-site churches will also have the option to specify which Site(s) the user is able to access. A user has the same module access for each permitted site - it is not possible, for example, to set 'manage' permissions in one site, but only 'use' permission for another site. Note that all users (including Administrators) must have site access for at least one site, otherwise they will not be able to log in. Note also that Administrators do not automatically have access to all Sites - their site access must also be explicitly specified by checking the appropriate 'site' boxes.

When you are finished, click "Save Changes" before closing the page.

Note that the User's profile page provide you with helpful information, such as recent logins.

There are times when it is helpful for a User's profile to be linked to their contact profile in the Address Book module. Here's why this can be helpful...

By default, all sent emails are sent from the user email address specified in a user's profile. When a user is linked to their underlying contact in the Address Book, they will also have the option of selecting that an email is sent from the email address on their contact profile i.e. their personal email address. Additionally, users with linked contacts have their birthday show on the calendar in the Calendar module (if DOB specified) - never miss a staff member's birthday again!

Go to Administrator > Users. Unlinked users, i.e. those not linked to an underlying Address Book contact are listed with "Not in Address Book" (see below).

Select a user and click "Edit user" on the option cog of the right-hand side.

In the 'Contact' field, begin to type the contact name. ChurchSuite will begin to auto-suggest as you type.

Select the required Address Book contact.

The user's name, email address and profile image are updated to reflect the linked contact's name, email address and profile image. You can override and specify a different user email address; perhaps using a church email address for a user's profile, but retaining their personal email address against their Address Book contact profile. The email address specified here will be available as a "From" address when sending emails within ChurchSuite.

Be sure to save your changes before closing the page. The user profile page confirms the Address Book contact that the user is linked to.

Note: Users cannot be linked to contacts in the Children module.

Duplicating an existing user

It's often the case that the permissions being assigned for a new user are going to be the same or similar to an existing user. You can speed up the process of creating multiple users by easily duplicating from an existing user, either from the existing user's profile page...

...from your list of users (from the action cog on the right hand side of a user within the list)...

...or from the Permissions report (in the Administrator > Reports section)

Whichever method you use, selecting "Duplicate user" will create an exact copy of the user being duplicated from, including module permissions, user groups, site(s), and signature. Simply add the new user's username (and check the signature is correct) before saving the changes.

Changing a user's username

Sometimes it's necessary to change a User's username. Perhaps you wish to change your  naming convention, or you have two users with similar names. Managing Users in this way is an Administrator-only function. Logged in as an Administrator, click on the Administrator menu and select the Users sub-menu.

Select the User you wish to change. From the "Edit" menu select "Change username".

Enter the new username (Usernames must be unique).

Save your changes. Don't forget to let the User know their new username! Their password remains unaffected by this change.

Changing a user's password

It may sometimes be necessary to change a user's password (rather than send the user a password reset email). While a User can change their own password (in the User area), only an Administrator can change another user's password.

Click on the Administrator menu. Locate the User whose password you want to change, hover over the cog options and select "Edit user".

Click "Change password".

Enter the "New Password" and the "Confirm Password". Note the criteria for a valid password. As you type your new password a strength indicator changes from red to yellow to green to indicate, and the criteria change from grey to green as each is satisfied. The "Passwords match" turns green too if the "Confirm Password" matches the "New Password".

Click "Save Changes" when you are finished.

Resetting a user's password

Important

Password reset emails are only valid for 24 hours, after which they cease to work. If multiple password reset emails have been requested/received, only the most recent email will be valid - each new reset email invalidates all previous reset emails.

In the event of a user forgetting their password, a password reset email can be requested. This can be done in one of two ways... 

1. The User requests their own password reset

A user can request their own password reset by selecting the "Help! I've forgotten my password" option on the ChurchSuite login page...

...and then entering their Username. Be sure to select to reset the password for ChurchSuite (not My ChurchSuite or Connect)...

The password reset email is sent to the user's email address (which may be different to the user's Address Book email address).

2. An administrator sends a password reset

Alternatively, an Administrator user is able to send a password reset email for any user from the Users section within the Administrator area. You will need Administrator permissions in order to reset the password of another User. Begin by going to the "Administrator" menu in the top-right corner of ChurchSuite.

From the "Users" list click on the user for whom you wish to reset the password. On their user account page, click "Send password reset". A password reset email will immediately be sent to the User's email address.

A 'success' message confirms that an password reset email has been sent.

User password change logs

User password reset requests are logged in the User's communication log in the User area. In the example below, George's "Recent Activity" section shows that the user "paul" (an Administrator) sent George a password reset email. George also requested his own password reset (designated by the log entry for user "churchsuite").

Keeping on top of the changes

Whenever an Administrator makes a change to a User's profile, a note of the change is recorded in the change log for that User. To view the change log, scroll down to the very bottom of the User's profile page in the Administrator section of your account, and select "Changes" from the "Recent Activity" section. The log includes the change date and time, the Administrator who made the change, and a description of the change(s) made.

To complete the audit trail, a change log is also recorded against the Administrator profile showing which user(s) they have added or deleted.

Reporting options for Administrators

The "Administrator" tab includes a series of useful reports specifically designed to help with administrating your church's users.

The "Communication" report allows Administrator see all of the communications (e.g. emails, sms, call, etc) that have been sent out to your church's Address Book contacts. The report includes the option to filter it's results by date-range, the method of communication (e.g. email, sms, call, etc) and the user who sent out the communication.

The "Logins" report allows Administrators see a list of login attempts made to ChurchSuite and ChurchSuite Connect. This includes: whether that login was successful, the username used and the length of the password that was entered, the device used and the IP address which the login attempt was from.

A note about the Logins report

ChurchSuite, where able, will log successful and failed login attempt by users and church members.

When a user/member logs into an iOS or Android app...

  • A login is logged on first login
  • A login is logged when the authentication token is refreshed (around every 24 hours)
  • A login is logged when switching between accounts within the app e.g. when switching from a ChurchSuite account to a My ChurchSuite account and vice versa.

When a user/member logs in via a private or non-private session through a browser...

  • A login is logged on first login
  • A login is logged when the authentication token is refreshed (around every 24 hours)

A login "failure" is only logged against the user/member for an incorrect password. An incorrect username can't be logged as the username is invalid!

The "Password Security" report gives a summary of each user's password strength and when their password was last changed. You might use this information to request users increase their password security or change their password periodically.

Note: ChurchSuite can only detect the strength of a password when it is physically typed in by a user on a login page. If a user has autofill enabled on their browser, or they have copied and pasted it (perhaps when using a password vault app like 1Password), it isn't possible to detect the strength of the password. The browser choice may also have an impact on this too, as some of the more obscure browsers don't support all functionality. Note also that if you've saved your password in your browser then that will prevent the strength detection from actually running, as the browser security measures doesn't allow ChurchSuite access to the saved password in order to check the strength.

The "Permissions" report displays a table of all the Module Access permissions held by the users on your ChurchSuite account. Administrators can also use this table to manage the Module Access permissions of each user within the account (using the action cog on the right hand side of each user listed). The report displays user permissions for the site being viewed. Using the multi-site selector in the top right hand corner of ChurchSuite you can filter the report to show all users for "All Sites" or all users for a specific site.

Reporting options for Users

The "User" tab includes it's own version of the "Communication" report, with the notable difference that it only displays the communications (e.g. emails, sms, call, etc) that have been sent out by the user that is accessing and not those of any other users on the account.

Deleting a user from ChurchSuite

Before you delete a User from your account, you prefer to first set the user 'inactive' first, to make sure there are no unexpected consequences to the user being deleted. Simply edit the user's profile and set their status to 'inactive'. Inactive users can be set active again if necessary.

To delete a user, navigate to the Users section of the Administrator area of your account, select the User in question and click the "Delete" button in the top right corner of their User profile page.

You'll be taken through two confirmation steps, the first asking "are you sure?", and the second confirming the consequences of proceeding and asking you to type "I CONFIRM".

Deleting a User will remove their User profile entirely, including their module permissions, their user group membership and site permissions. They will no longer be able to log in and their encrypted password will be deleted. Any leave and leave set up will be deleted, including all historic leave entries. Any features that have been set visible to "Just me" will no longer be accessible to anyone - including Notes, Flows, Tags, Key Dates, and Booking Resources.

Still need help? Contact ChurchSuite Contact ChurchSuite