Adding and managing users

User types explained

Two types of Users can access your admin-facing ChurchSuite account – Administrators and Users.

1. Administrator

Administrators have full access to all the modules on your ChurchSuite account. There must always be at least one Administrator on your account - administrators are unable to archive or delete themselves. There's no limit to the number of administrators you have on your ChurchSuite account. Multi-site customers will also assign Site access permissions (permitted sites) - perhaps giving admin access to some sites but not to others. Permitted Sites could be a single site, any combination of multiple sites, or 'All sites". All sites mean all current sites AND any new sites that may be added in the future.

All Administrators uniquely have access to the Administrator area. Through this menu, they can manage Users, User Groups, Modules, Files, your account Profile, Presets, Brands and Integrations on your account. There's also an Administrator Reports section. Only Administrators can add and manage other Users.

2. User

Users can only access permitted modules, specified on a user-by-user basis. For each module, permitted access can be set as None, Use, Write or Manage, as explained below. Multi-site customers will also assign user Site permissions (permitted sites), perhaps granting access to some sites but not to others. Note that the module permissions apply to all permitted sites - it's not possible to grant site-specific module access. Permitted Sites could be a single site, any combination of multiple sites, or 'All sites". All sites mean all current sites AND any new sites that may be added in the future.

User-specific access to ChurchSuite Connect applications can also be granted independently of module permissions. For example, you could give users access to the Child Check-In system (one of the Connect applications) without needing to also give Children module permissions.

Let's explore the four incremental levels of User module access in further detail:

None - the user has no module access and the module is not shown to the user. A user with no module access will be able to log into ChurchSuite but will only be able to manage their user account and they can log in to Connect if they have permissions for one or more Connect applications. For example, a Cleaner may have a user account with no module or Connect permissions simply to maintain a Leave Setup and to process leave requests for that user staff member.

Use – broadly speaking this user can use the data within the module, but they cannot make changes - they can't add, duplicate, or import new data to the module, or edit, merge, move or delete existing data. However, those with "use" permissions for a module can perform the following limited activities:

• compose and send communications, including sending consent requests, My ChurchSuite invitations and password resets, and save a composed message as a Preset
• export or output data to a CSV file
• produce reports, including printing and downloading report results
• assign people to existing Fixed Tags, assign existing Key Dates to people, and add people to existing Flows
• process people through Flows, including running permitted actions for that Flow. Permitted actions include:
  • Set as active - if the person being processed is currently in the 'Pending' section of the module
  • Remove from Flow
  • Modify a person's Flow "Due Date" and "Assigned User"
  • Add to Group - if the User has at least Write permissions for the Small Groups module
  • Add Key Date - if that Key Date is visible to the User
  • Add Tag - if that Tag is visible to the User
  • Remove Tag - if that Tag is visible to the User
  • Move to Stage - within the current Flow
  • Add to Flow - if that Flow is visible to the User
  • Send Email - if that Preset email is visible to the User
  • Send SMS - if that Preset SMS is visible to the User
• add, pin, unpin, edit and delete Notes they have authored
• access Event Check-In and the Event Page from an event's 'View' page if they have Calendar module access
• send event invitations - if they have Calendar module access
• submit their leave requests - if they have Calendar module access
• view the module's settings
• access their User area where they can fully manage Preset Emails/SMSs visible to the User, and fully manage Files
• manage certain aspects of their User account, including managing their email signature, user email address, and user password, and enable/disable multi-factor authentication.

Write – the user has full module access and can add, duplicate, import, edit, merge, move and delete data within the module, and can view the module's settings.

Manage – the user has Write permissions and is also able to manage and make changes to the module's settings affecting all module users.

Connect – the user can log in and fully use selected Connect applications. They have no module access unless their user permissions explicitly include at least 'use' permission for a module. In this way, key volunteers can make use of your Connect functionality without needing access to any personal or sensitive information in your ChurchSuite modules.

Sites (multi-site customers only) - the user's module permissions above apply to each permitted site. Users can only access the data in a permitted module for permitted sites. Users cannot add, import, edit, duplicate, merge, move or delete data on a non-permitted site. See our related support article on Multi-site functionality for further information about this feature.

Adding a new user

To add a new user account, head to the Administrator area of ChurchSuite. In the Users section, note the option to switch between viewing Active or Archived users. Click Add user.

On the Add user pop-up, enter a suitable Username. Usernames must be unique, and be between 2-25 characters - letters, numbers, underscores and full stops are accepted; spaces are not permitted. While passwords are always case-sensitive, usernames are not. The Username and user Email fields are required. User password reset emails will be sent to the user email address. The user's Email address is also the default "From" address for emails sent by the user through ChurchSuite (and therefore the email address to which replies will be delivered).

Optionally link a User's account to their Contact profile in the Address Book - user-contact linking is explained in further detail later in this article. As you begin to type in the Contact search, ChurchSuite will auto-suggest matching names in the Address Book, or you can type a user's Name.

Multi-site customers must specify the user's permitted Sites (required). A user has the same module access for each permitted site selected – it is not possible to assign site-specific module access. All sites mean all current sites AND any new sites that may be added in the future.

Select the user Type – Administrator or User. See the previous section for an explanation of the two types of users.

If you select User type, set the permission level for each module by dragging the permission sliders. See the previous section for an explanation of permission levels.

Continuing down the pop-up, optionally select Connect applications the user is permitted to access. Selected applications will turn from grey to blue. See our related support article for further information: What is Connect?

Each user's ability to communicate within their permitted modules is Unrestricted. However, you can optionally restrict a user's Communication functionality - either to a Fixed Number or Percentage of recipients. The restriction applies only to email and SMS and applies to all permitted sites and modules.

Finally, each new user will be sent a Welcome email, which contains details of their Username and a secure link enabling them to set their password. You may optionally untick this option and not send a Welcome email - perhaps if the user account exists for the sole purpose of having a Leave Setup for leave recording purposes and where that user does not require any module access. For security reasons, the sent Welcome email, which contains a personal link to set a password, is not shown logged in the user's Communication log.

When you are finished, click Save to add the new user and be redirected to the user's "View" page, showing all the user details you've just set. You can return to this user "View" page at any time in the future, perhaps to Edit and make further changes. Note also the options to Send a password reset, Edit and (within the More options) Duplicate, Archive or Delete a user and, optionally, set a user's Signature.

From the Groups tab, you can manage the User Groups the User belongs to - further information can be found in our related support article.

You can return to the Users section at any time to add or make changes to users. Finally, note the Advanced Search to further filter within a long list of users, perhaps to see just those with Muti-Factor Authentication currently enabled or disabled:

...Or to customise the Columns that are displayed - selected columns will be remembered on your device the next time you log in:

Linking a User to their Address Book profile

There are times when it's helpful to link a User's profile to their contact profile in the Address Book module – here's why...

• Linked users can access both ChurchSuite and My ChurchSuite through their browser using a single login with either their username, user email address or contact email address. They can also access their My ChurchSuite account from a Quick Links widget on their ChurchSuite Dashboard page without being required to log in again
• By default, all emails are sent from the User email address specified in a user's profile. When a User is linked to their underlying contact in the Address Book, that user will also have the option of selecting that an email is sent from their Contact profile email address, typically their 'personal' email address
• Users with linked contacts have their birthday shown on the calendar in the Calendar module (if their date of birth is specified on their Contact profile) – never miss a staff member's birthday again!

The Users list gives you a quick visual indicator of the User accounts that are currently linked to a Contact.

To link an unlinked user or re-link an existing linked user, select Edit from the user Actions on the right-hand side.

On the Edit User pop-up, use the Contact Search to locate the Address Book contact; names will be auto-suggested as you type. Select the appropriate contact – only contacts are listed; children cannot be Users.

The User's contact Name, Email address and profile image are updated to reflect the linked contact's name, email address and Address Book profile image. You can optionally specify a different User email address if you wish; perhaps using a church/organisation domain email address, while retaining their 'personal' email address against their Address Book contact profile.

Saving the changes, the User's profile now shows the Address Book Contact that the User is linked to.

Duplicating an existing user

It's often the case that the module and/or site permissions being assigned for a new User are going to be the same or similar to an existing User. You can speed up the process of creating multiple Users by duplicating an existing User, either clicking Duplicate from the existing User's profile page...

...or by selecting the Duplicate action from the Users section.

Whichever method you use, selecting Duplicate will open the Duplicate user pop-up, pre-populated with all the selected user's details, module permissions, connect and site settings and any communication restrictions. Add the new user's Username and update the other user-specific details as appropriate before saving the changes. Remember to review the new user's Signature and User Group assignments.

... and then click to Edit the Username.

On the Change username pop-up, enter the new username. Usernames must be unique and be between 2-25 characters - letters, numbers, underscores and full stops, no spaces. Click Save & Return to apply the changes and Save the user account. Don't forget to let the user know their new Username! Their password remains unaffected by this change.

Resetting a user password

If a user forgets their password, a password reset email can be requested. This can be done in one of two ways...

Users can request their password reset

...by selecting the Forgotten Password? option at the "Enter your password" stage of the login process when logging in through a browser.

The user is required to enter a valid User Email Address (which may be different to the User's Address Book profile email address) - the password reset email is sent to this address. The sent reset email is logged against the user's profile.

An Administrator can send a password reset

An Administrator can send a password reset email for any User (except themselves) from the Users section within the Administrator area. On the User's profile "View" page, click Send password reset. A password reset email will immediately be sent to the User's email address and is logged into the user's Communication log. A 'success' message confirms that a password reset email has been sent.

The password reset page

On receipt of a password reset email, clicking the embedded reset link in the message opens the Enter your new password page. Note the Password Criteria required for a valid password. As the new password is typed and confirmed, a strength indicator changes from red to yellow to green to indicate the password's strength, and the Password Criteria changes from grey to green as each criterion is met. Password reset emails are only valid for 24 hours.

Note: Users will be prevented from choosing a known insecure password. ChurchSuite references a database of known compromised passwords and will not allow a previously compromised password to be chosen. For clarity, this does not mean that the user or their email address is on that database; simply that the password they are choosing is known to have been previously compromised when it was used in another context.

Keeping on top of changes

Whenever an Administrator makes changes to a User's profile, or a User makes a change to their user profile, a note of the change is recorded in the Changes log for that User, shown at the bottom of the profile "View" page. The log includes full details of the changes made, the date and time of the change, and the name of the User or Administrator who made them.

Reporting options for Administrators

The Administrator area includes a Reports section with a range of useful User-related reports specifically designed to help with managing Users.

The Logins report enables Administrators to view a list of the user login attempts made to ChurchSuite and ChurchSuite Connect within a range of Dates. The results include the Date, whether the login was successful (Status), the Username used, the Device used and the IP Address from which the login attempt was made.

The Password Security report gives a summary of each user's password strength and when their password was last changed. You might use this information to request that a user increase their password security or change their password periodically. The strength is an algorithm-based indicator designed to suggest the relative strength of the password based on how long it might take an automated bot to crack a password. A "Bad" strength indicates that the password is more easily guessed compared to a comparatively stronger password.

Note: ChurchSuite can only detect the strength of a password when it is physically typed in by a User on a login page. If a user has "autofill" enabled on their browser or has copied and pasted it (perhaps when using a password vault app like 1Password) it isn't possible to detect the strength of the password. The browser choice may also have an impact on this too as some of the more obscure browsers don't support all functionality. Note that if a user has saved their password in their browser then that will prevent the strength detection from actually running, as the browser's security measures don't permit ChurchSuite access to the browser's saved password list to check the strength.

The Permissions report is a table of the module access for all users in your ChurchSuite account. Administrators can use this report to review the permissions of each user within the account. For multi-site customers, the report shows user Permissions for the Site being viewed. Using the multi-site selector in the top-right corner of ChurchSuite, you can filter the report to show all users for "All Sites" or all users for a specific site.

The Recent Changes report gives a list of all user changes made to users by Administrators or by the users themselves.

Deleting a user

Deleting a User will remove their user profile from ChurchSuite entirely, including the record of their module and site permissions and User Group membership. They will no longer be able to log in and their encrypted password will be deleted. If they are currently logged in, they will be logged out as soon as they navigate to a new page (in an active session) or attempt to process anything on the page being viewed. All historic leave requests and leave setups will also be deleted. Any features that have been set visible to "Just me" will no longer be accessible to anyone – including that user's Notes, Flows, Tags, Key Dates, and Booking Resources. This action is permanent and irreversible!

Before you Delete a User you may prefer to Archive them in the first instance, to make sure there are no unexpected consequences from the loss of that User's account. Archived users can be Set active again if necessary. Navigate to the User's profile in the Administrator area and select Archive or Delete.

When deleting a user, follow the on-screen instructions and tick Yes, I'm absolutely sure and click Delete.