Adding and managing users

In this article

Types of users
Adding a new user
Linking a User to their Address Book profile
Duplicating an existing user
Changing a username
Changing a user password
Resetting a user password
Keeping on top of changes
Reporting options for Administrators
Reporting options for Users
Deleting a user

Types of users

Your admin-facing ChurchSuite account has two categories of User – Administrators and Users. There's no limit to the number of administrators or users you can have on your ChurchSuite account.

1. Administrator

An Administrator has full access to all the modules on your ChurchSuite account. There must always be at least one Administrator on your account. For multi-site customers, new and existing users can be assigned Sites permissions - perhaps giving admin access to some sites, but not to others. Permitted Sites can be set for just a single site, any combination of multiple sites or 'All sites". All sites means all current sites AND any new sites that may be added in the future.

Module passwords

While Administrators have access to all modules, it is also possible to optionally add a module password to any module as an additional layer of module security to keep a module's data confidential from any user or administrator who doesn't know the module password. A good example might be your Giving module, where typically you may prefer this to only be accessible to authorised finance team members. By adding a module password to the Giving module and sharing it with your finance team users, administrators will be unable to access the Giving module unless they know the module password. See our related support article for further information on adding a module password.

All Administrators uniquely have access to the Administrator area. Through this menu they can manage Users, User Groups, Modules, Files, your account Profile, Presets, Brands and the Integrations on your account. There's also an Administrator Reports section. Only Administrators can add and manage Users.

2. User

Users differ from Administrators in that they can only access selected modules, specified on a user-by-user basis. For each module a user's permissions can be set as None, Use, Write or Manage - explained below. For multi-site customers Users are also assigned Sites permissions - perhaps permitting module access to the some sites, but not to others. Note that the module permissions apply to each site a user has access to - it's not possible to grant site-specific levels of module permissions. For example, a user with Address Book "Write" permissions will have "Write" permissions for the Address Book for their permitted sites.

For multi-site customers, new and existing users can be assigned Sites permissions - perhaps giving admin access to some sites, but not to others. Permitted Sites can be set for just a single site, any combination of multiple sites or 'All sites". All sites means all current sites AND any new sites that may be added in the future.

It's also possible to give user-specific access to your ChurchSuite Connect applications, independent of their module permissions. For example, you could give user access to the Child Check-In system (one of the Connect applications) without necessarily needing to also give Children module permissions.

Let's explore the four incremental levels of User module access in further detail:

None - the user has no module access - the module is not even listed in the module bar in ChurchSuite. A user with no permissions for any module will be unable to log in to ChurchSuite although they will be able to log in to Connect if they have been assigned permissions for one or more Connect applications. For example, a Janitor may have a user account with no module or Connect permissions simply for the purpose of being able to maintain a Leave Setup and process leave requests for that user staff member.

Use – broadly speaking this user can use the data within the module, but they cannot edit to make changes to it or delete it. Neither can they add, duplicate or import new data to the module. However, those with "use" permissions for a module can perform the following limited activities - they can:

  • compose and send communications, including sending consent requests, My ChurchSuite invitations and password resets, and save composed messages as Presets
  • export data to a CSV file
  • produce reports, including printing and downloading report results
  • assign people to existing fixed Tags, assign existing Key Dates to people, add people to existing Flows
  • process people through Flows, including running permitted Actions for that Flow. Permitted actions include:
    • Set active - if the person being processed is currently in the 'Pending' section of the module
    • Remove from Flow
    • Modify a person's Flow "Due Date" and "Assigned User"
    • Add to Group - if the User has at least Write permissions for the Small Groups module
    • Add Key Date - if that Key Date is visible to the User
    • Add Tag - if that Tag is visible to the User
    • Remove Tag - if that Tag is visible to the User
    • Move to Stage - within the current Flow
    • Add to Flow - if that Flow is visible to the User
    • Send Email - if that Preset email is visible to the User
    • Send SMS - if that Preset SMS is visible to the User
  • add, pin, unpin, edit and delete Notes
  • access Event Check-In from an event's 'View' page - if they have Calendar module access
  • send event invitations - if they have Calendar module access
  • submit their own leave requests - if they have Calendar module access
  • access the User area where they can fully manage Preset Emails/SMSs and Files
  • manage certain aspects of their User account, including manage their email signature, user email address, user password, enable/disable multi-factor authentication and link/unlink their user account to their Address Book profile
  • view the module's settings

Write – the user has full module access and is able to add, duplicate, import, edit and delete data within the module and view the module's settings.

Manage – the user has "Write" permissions and is also able to manage and make changes to the module's settings affecting all module users.

Connect – the user can log in and fully use selected Connect applications. They have no access to the underlying modules unless their user permissions explicitly include at least module 'use' permissions. In this way, key volunteers can make use of your Connect functionality without needing access to any personal or sensitive information in your ChurchSuite modules.

Sites (multi-site customers only) - the user's module permissions above apply to all the user's "permitted" Sites. A user can only view/access the data in their permitted modules for their permitted sites. A user cannot add, import, edit, duplicate or delete data in non-permitted sites. See our related support article on Multi-site functionality for further information about this feature.

Adding a new user

To add a new user account, go to the Administrator area of ChurchSuite. In the Users section, note the option to switch between viewing Active and Archived users. Click Add user.

On the Add user pop-up enter a suitable Username. Usernames must be unique and be between 2-25 characters. (Letters, numbers, underscores and full stops are accepted. No spaces are permitted). While passwords are always case sensitive, usernames are not. The Username and user Email fields are required. User password reset emails will be sent to the user email address. The user Email address is also the default "From" address for emails sent by the user through ChurchSuite (and therefore the email address to which replies to those emails will be delivered).

Optionally link a User's account to their Contact profile in the Address Book - user-contact linking is explained in further detail later in this article. As you begin to type in the Contact search, ChurchSuite will auto-suggest matching names in the Address Book, or you can type a user's Name.

You can now select the user TypeAdministrator or User. See the previous section for an explanation of the different types of users.

If selecting User, set the permission level for each module as appropriate by dragging the sliders.

Continuing down the pop-up, optionally click to select the Connect applications the user is permitted to access. Selected applications will turn from grey to blue.

Multi-site customers can specify which Sites the user is able to access. A user has the same module access for each permitted site selected – it's not possible to assign site-specific module permissions. All users, including Administrators, must have at least one site selected, otherwise they will not be able to log in to ChurchSuite. Permitted sites change from grey to blue when selected. All sites means all current sites and any new sites that may be added in the future. When assigning user site permissions, bear in mind that the user will only be able to assign people in your ChurchSuite modules to one of their permitted sites; so, a Site A only user will only be able to assign new Address Book contacts to Site A; and only an All sites user can assign people to All sites.

Each user's ability to communicate within their permitted modules is Unrestricted. However, you can optionally restrict a user's Communication functionality - either to a Fixed Number or Percentage of recipients. The restriction applies only to email and SMS and applies to all permitted sites and modules. This may be useful in larger contexts to prevent a User inadvertently emailing all contacts for example.

Finally, each new user will be sent a Welcome email, which contains details of their Username and a unique secure link enabling them to set their password. You may optionally untick this option and not send a Welcome email - perhaps if you intend to manually specify the user's password (as described later in this article), or where the user account exists for the sole purpose of having a Leave Setup for leave recording purposes and where that user does not require any module access. For security reasons, the sent Welcome email, which contains a personal link to set a password, is not logged in the user's Communication log.

When you are finished, click Save to add the new user and be redirected to the user's "View" page, showing all the user details you've just set.

You can return to this user "View" page at any time in the future, perhaps to Edit and make further changes. Note also the options to Archive and Delete a user, set a user's Signature, to Send a password reset, Change password and Change username.

Scrolling further down the "View" page are the options to assign the user to [user] Groups - explained in the related support article - and to view the user's Communication and Changes logs. The "Created" date/time stamp are recorded in the bottom left corner...

...and a record of the newly-created user is added against the Changes log of the Administrator who added the user.

There are times when it's helpful to link a User's profile to their contact profile in the Address Book module – here's why...

  • Linked users are able to access both ChurchSuite and My ChurchSuite through their browser using a single login with either their username, user email address or contact email address. They can also access their My ChurchSuite account from a 'quick link' on the ChurchSuite Dashboard page, without being required to log in again
  • By default, all emails are sent from the User email address specified in a user's profile. When a User is linked to their underlying contact in the Address Book, they will also have the option of selecting that an email is sent from their Contact profile email address typically their personal email address
  • Users with linked contacts have their birthday shown on the calendar in the Calendar module (if their date of birth is specified on their Contact profile) – never miss a staff member's birthday again!

The Users list gives you a quick visual indicator of any User accounts not currently linked to a Contact – shown as Not in Address Book.

To link a user, select Edit from the Action menu on the right-hand side.

On the Edit User pop-up use the Contact Search to locate the Address Book contact - ChurchSuite will auto-suggest as you type. Select the appropriate contact – only adult contacts are listed as children cannot be Users.

The User's Name, Email address and profile image are updated to reflect the linked contact's name, email address and profile image. You can override and specify a different User email address if you wish; perhaps using an email address associated with your church/organisation while retaining their personal email address against their Address Book contact profile.

Be sure to save your changes before closing the page. The User's profile "View" page confirms the Address Book contact that the User is linked to.

Note: This ability to make or change such links is limited to Administrators only. Users who wish to link their User to an Address Book contact will therefore require Administrator assistance to complete this process.

Duplicating an existing user

It's often the case that the permissions being assigned for a new User are going to be the same or similar to an existing User. You can speed up the process of creating multiple Users by easily duplicating an existing User, either clicking Duplicate from the existing User's profile page...

...or from your list of Users – from the Action menu on the right hand side of a User in the list...

...or from the Permissions report in the Administrator > Reports section.

Whichever method you use, selecting Duplicate will open the Add user pop-up, pre-populated with all the selected user's details, module permissions, connect and site settings and any communication restriction. Add the new user's Username (and update the other user-specific details as appropriate) before saving the changes. Remember to review the new user's Signature and User Group assignments.

Changing a username

It's sometimes necessary to change a User's username, perhaps if you're changing the user naming convention or you have two Users with similar names that you wish to better distinguish. Working within the Administrator area, navigate to the user's "View" page. From the Edit menu select Change username.

On the Change username pop up, enter the new username. Usernames must be unique and must be between 2-25 characters (letters, numbers, underscores and full stops, no spaces). Click OK to apply the changes. Don't forget to let the user know their new Username! Their password remains unaffected by this change.

Changing a user password

It may be necessary to manually specify or change a User's password (rather than send the user a password reset email). While a User can always change their own password (in their User Account settings or via a password reset email), only an Administrator can change another user's password.

Working from a user's "View" page, select Change password from the Edit menu.

On the Change password popup, enter the New Password and then Confirm Password. Note the Password Criteria for a valid password. As you type a new password a strength indicator changes from red to yellow to green to indicate the password's strength, and the Password Criteria changes from grey to green as each criteria is met. It's not possible to enforce a minimum password strength.

Click OK to apply the changes. Don't forget to let the User know their new password!

Resetting a user password


Password reset emails are only valid for 24 hours, after which time they cease to work. If multiple password reset emails are requested, only the most recent email will be valid – each new reset email deactivates all previous reset emails.

In the event of a User forgetting their password, a 'user password reset' email can be requested. This can be done in one of two ways...

1. The User requests their own password reset

A User can request their own password reset by selecting the Forgotten Password? option at the "Enter your password" stage when logging in through a browser.

The user is required to enter a valid User Email Address (which may be different to the User's Address Book profile email address) and the password reset email is then sent to this address. The sent reset email is logged against the user's profile.

2. An administrator sends a password reset

An Administrator is able to send a password reset email for any User (except themselves) from the Users section within the Administrator area. On the User's profile "View" page, click Send password reset. A password reset email will immediately be sent to the User's email address and is logged in the User's Communication log. A 'success' message confirms that a password reset email has been sent.

Keeping on top of changes

Whenever an Administrator makes a change to a User's profile, or a User makes a change to their own user profile, a note of the change is recorded in the Changes log for that User, shown at the bottom of the profile "View" page. The log includes full details of the changes made, the date and time of the change and the name of the User or Administrator who made them.

Reporting options for Administrators

The Administrator area includes a Reports section with a range of useful User-related reports specifically designed to help with managing Users.

The Logins report enables Administrators to view a list of the user login attempts made to ChurchSuite and ChurchSuite Connect within a range of Dates. The results include the Date, whether the login was successful, the Username used, the Device used and the IP Address from which the login attempt was made.

A note about the Logins report

Where able, ChurchSuite will log successful and failed login attempts by users and members.

When a user/member logs into ChurchSuite on an iOS or Android app...

  • A login is logged on first login
  • A login is logged when the authentication token is refreshed (approximately every 24 hours)
  • A login is logged when switching between accounts within the app i.e. when switching from ChurchSuite to My ChurchSuite and vice versa

When a User logs in via a private or non-private session through a browser...

  • A login is logged on first login
  • A login is logged when the authentication token is refreshed (approximately every 24 hours)

A login "failure" is only logged against a username for an incorrect password. An incorrect username can't be logged as the username is invalid!

The Password Security report gives a summary of each user's password strength and when their password was last changed. You might use this information to request that a user increases their password security or changes their password periodically. The strength is an algorithm-based indicator designed to suggest the relative strength of the password based on how long it might take an automated bot to crack a password. A "Bad" strength indicates that the password is more easily guessed compared to a comparatively stronger password.

Note: ChurchSuite can only detect the strength of a password when it is physically typed in by a User on a login page. If a user has "autofill" enabled on their browser or they have copied and pasted it (perhaps when using a password vault app like 1Password) it isn't possible to detect the strength of the password. The browser choice may also have an impact on this too as some of the more obscure browsers don't support all functionality. Note that if a user has saved their password in their browser then that will prevent the strength detection from actually running, as the browser security measures don't allow ChurchSuite access to the browser's saved password list in order to check the strength.

The Permissions report displays a table of the module access for all users in your ChurchSuite account. Administrators can use this report to manage the permissions of each user within the account. Clicking the Action menu on the right hand side surfaces the available actions. For multi-site customers, the report displays user Permissions for the Site being viewed. Using the multi-site selector in the top-right corner of ChurchSuite, you can filter the report to show all users for "All Sites" or all users for a specific site.

The Recent Changes report gives a list of all user changes made to users by Administrators or by the user themselves.

Reporting options for Users

Users are able to access the Reports section for each module they have module permissions for. While they also have access to the Communication report within your modules, they are only able to see a curated list filtered for the communications they have sent. They cannot filter the report to view sent communications for other users. However, they will be able to view a person's sent communications via the Communication log of the person's profile page.

Deleting a user

Deleting a User will remove their user profile from ChurchSuite entirely, including the record of their module and site permissions andUser Group membership. They will no longer be able to log in and their encrypted password will be deleted. If they are currently logged in, they will be logged out as soon as they navigate to a new page (in an active session) or attempt to process anything on the page being viewed. All historic leave requests and leave setups will be deleted. Any features that have been set visible to "Just me" will no longer be accessible to anyone – including that user's Notes, Flows, Tags, Key Dates, and Booking Resources. This action is permanent and irreversible!

Before you Delete a User you may prefer to Archive them in the first instance, to make sure there are no unexpected consequences from the loss of that User's account. Archived users can be Set active again if necessary. Navigate to the User's profile in the Administrator area and select Archive or Delete.

When deleting a user, follow the on screen instructions, ticking Yes, I'm absolutely sure and click Delete.

Still need help? Contact ChurchSuite Contact ChurchSuite