Creating and managing Users

One of the key benefits of ChurchSuite is the fact that all your church's staff can have access to it, allowing teams to work collaboratively while only accessing appropriate information assigned by their user permissions.

In this article

Types of users in ChurchSuite
Adding a new user in ChurchSuite
Linking a User to their Address Book profile
Duplicating an existing user
Changing a user's username
Changing a user's password
Resetting a user's password
Keeping on top of the changes with 'change logs'
Reporting options for Administrators
Reporting options for Users
Deleting a user from ChurchSuite

Types of users in ChurchSuite

With ChurchSuite are two categories of User - Administrators and Users. Additionally your ChurchSuite account will have a designated account contact and billing contact specified in "Administrator" > "Profile".

Administrator

Administrators have full access to every module* and permissions include read, edit, add and delete functionality. There must always be at least one Administrator on your account.

*Module passwords

Whilst Administrators ordinarily have full manage permissions to all modules, it's also possible to add a module password to any module as a second layer of security or to keep the module's data confidential from any user who doesn't have the module password. A good example might be your Giving module, where typically a church may prefer this to only be accessible to authorised finance team members. See the related support articles for details of how to set a password for a module.

Administrators have access to the Administrator menu. Through this menu, administrators can manage Users, Groups, Modules, your church's account Profile, Presets, Brands and your account Integrations. There's also an Administrator Reports section.

User

Users differ from Administrators in that they only have access to those modules specified in their User settings (as granted by an Administrator). For each module, a user can be designated as having Use or Manage module permissions (see below). It's also possible to set a User's access to ChurchSuite's Connect applications without needing to necessarily give underlying manage module or use permissions. In this way you can create designated users for just your Child Check-In system without that user profile also needing access to the underlying Children module. The Connect settings will also show/hide the "Login to Connect" quick links on the ChurchSuite summary page.

Use permission - broadly speaking, the user can view the data within the module - they cannot edit or make changes, and they cannot add or import new data or delete data from the module. They can send communications from within that module, including exporting data. They can access and run many of the module's reports. In the Address Book, the user can process people through Flows, including processing actions within each Flow stage; and they can add contacts to a small group and send My ChurchSuite invitations from a contact's profile page. In the Address Book and Children module the user is able to add people to Flows, Tags, and Key Dates from a person's profile page (which includes creating new tags and key dates if they don't yet exist). The user is also able to add, pin, unpin, edit and delete notes. In the Calendar module the user can access event check-in to record event attendance. Users with "use" permissions are unable to 'undo' entries in changes logs.

Manage permission - the user has full access to be able to add, import, edit and delete data within the module, including communication and reporting. Manage permissions also allow access to the module's settings (via the cogwheels in top right corner of the module page).

Connect permission - the user can log in and use the specified Connect application(s).

Adding a new user in ChurchSuite

To create a new user account, go to the "Administrator" menu, which you can find in the top right-hand corner of ChurchSuite. From the Users section click the Add user button.

Proceed by completing the various field. Begin by entering a Username. Note the formatting requirements for usernames - between 3-25 characters, with letters, numbers, fullstop or underscore only.

By default, new users will receive a 'welcome' email inviting them to login and set their own password. Unchecking the "Welcome Email" give you the option to specify their password (although they can change this later if they wish).

Optionally, you can link a User's account to their contact entry in your Address Book module. As you begin to type in the Contact box, ChurchSuite will auto-suggest matching names in your Address Book, or you can type a Name. See the next section in this article for more information about user-contact linking.

An Email address is required for all Users - the email address is used for sending password resets and is also the default "From" email address that will be used when the user sends an email from within ChurchSuite (and the address to which email replies will be delivered).

Optionally set any default email Signature. This might be something that uses your church's 'corporate' styling and branding.

It's also possible to restrict the total number or percentage of recipients the User can communicate with per email/SMS. This can be particularly useful in larger contexts to prevent a User mistakenly emailing all contacts for example.

Lastly, a user must be set as Active in order for them to be able to log in.

You can now select which Type of user you want to create - Administrator or User. There are no maximum limits on the number of users and administrators you have on your ChurchSuite account. See the previous section for an explanation of the different types of users.

Multi-site churches will also have the option to specify which Site(s) the user is able to access. A user has the same module access for each site - it is not possible, for example, to set 'manage' permissions in one site, but only 'use' permission for another site. Note that all users (including Administrators) must have site access for at least one site, otherwise they will not be able to log in. Note also that Administrators do not automatically have access to all Sites - their site access must also be explicitly specified by checking the appropriate Site Access boxes.

When you are finished, click Save Changes before navigating away from the page.

Note that the User's profile page provide you with helpful information, such as recent logins.

There are times when it is helpful for a User's profile to be linked to their contact profile in the Address Book module. Here's why this can be helpful...

By default, all sent emails are sent from the user email address specified in a user's profile. When a user is linked to their underlying contact in the Address Book, they will also have the option of selecting that an email is sent from the email address on their contact profile e.g. their personal email address. Additionally, users with linked contacts have their birthday shown on the calendar in the Calendar module (if DOB specified) - never miss a staff member's birthday again!

The Users list gives you a quick visual indicator of any user accounts not linked to a contact - shown as Not in Address Book.

Select an unlinked user and select Edit from the actions cog of the right-hand side.

In the Contact field, begin to type the contact's name to be linked - ChurchSuite will auto-suggest as you type. Select the appropriate contact - only adults contacts are listed - children cannot be users.

The user's Name, Email address and profile image are updated to reflect the linked contact's name, email address and profile image. You can override and specify a different user email address if you wish; perhaps using a church email address for a user's profile, but retaining their personal email address against their Address Book contact profile. The email address specified here will be available as a "From" address when sending emails within ChurchSuite.

Be sure to save your changes before closing the page. The user profile page confirms the Address Book contact that the user is linked to.

Duplicating an existing user

It's often the case that the permissions being assigned for a new user are going to be the same or similar to an existing user. You can speed up the process of creating multiple users by easily duplicating from an existing user, either clicking Duplicate from the existing user's profile page...

...from your list of users (from the action cog on the right hand side of a user within the list)...

...or from the Permissions report (in the Administrator > Reports section)

Whichever method you use, selecting Duplicate will create an exact copy of the user being duplicated from, including module permissions, user groups, site(s), and signature. Simply add the new user's Username (and check the signature is correct) before saving the changes.

Changing a user's username

Sometimes it's necessary to change a User's username. Perhaps you wish to change your naming convention, or you have two users with similar names. Managing Users in this way is an Administrator-only function. Logged in as an Administrator, click into the Administrator menu and into the Users section. Select the user you wish to change by clicking on their Username.

From the Edit menu select Change username.

Enter the new username - usernames must be unique.

Save your changes. Don't forget to let the User know their new username! Their password remains unaffected by this change.

Changing a user's password

It may sometimes be necessary to change a user's password (rather than send the user a password reset email). While a user can change their own password (in their User area), only an Administrator can change another user's password.

Click into the Administrator menu. Locate the user whose password you want to change, hover over the action cog options and select Edit.

Select Change password from the Edit menu.

Enter the New Password and the Confirm Password. Note the criteria for a valid password. As you type your new password a strength indicator changes from red to yellow to green to indicate the password's strength, and the criteria change from grey to green as each criteria is satisfied. The Passwords match turns green too if the "Confirm Password" matches the "New Password".

Click "Save Changes" when you are finished. Don't forget to let the user know their new password!

Resetting a user's password

Important

Password reset emails are only valid for 24 hours, after which they cease to work. If multiple password reset emails have been requested/received, only the most recent email will be valid - each new reset email invalidates all previous reset emails.

In the event of a user forgetting their password, a password reset email can be requested. This can be done in one of two ways...

1. The User requests their own password reset

A user can request their own password reset by selecting the Forgotten Password? option on the ChurchSuite login page...

The password reset email is sent to the user's email address (which may be different to the user's Address Book email address).

2. An administrator sends a password reset

Alternatively, an Administrator is able to send a password reset email for any user (except their own) from the Users section within the Administrator area. On their User account page, click Send password reset. A password reset email will immediately be sent to the User's email address. A 'success' message confirms that a password reset email has been sent.

User password reset requests are logged in the user's Communication log in the User area.

Keeping on top of the changes

Whenever an Administrator makes a change to a user's profile, a note of the change is recorded in the Changes log for that User. To view the changes log, scroll down to the very bottom of the user's profile page in the Administrator section of your account, and select Changes from the Recent Activity section. The log includes the change date and time, the Administrator who made the change, and a description of the change(s) made.

To complete the audit trail, a Changes log is also recorded against the Administrator profile showing which user(s) they have added or deleted.

Reporting options for Administrators

The Administrator tab includes a series of useful reports specifically designed to help with administrating your church's users.

The Communication report allows Administrators to see a list of all sent communications (e.g. emails, sms, call, etc). The report includes the option to filter the results by a range of Dates, the Method of communication (e.g. email, sms, call, etc) and the Users who sent out the communications.

The Logins report allows Administrators see a list of login attempts made to ChurchSuite and ChurchSuite Connect within a range of Dates. The results include the Date, whether that login was successful, the Username used, the Device used and the IP Address which the login attempt was from.

A note about the Logins report

ChurchSuite, where able, will log successful and failed login attempt by users and church members.

When a user/member logs into ChurchSuite on an iOS or Android app...

  • A login is logged on first login
  • A login is logged when the authentication token is refreshed (around every 24 hours)
  • A login is logged when switching between accounts within the app e.g. when switching from a ChurchSuite account to a My ChurchSuite account and vice versa.

When a user logs in via a private or non-private session through a browser...

  • A login is logged on first login
  • A login is logged when the authentication token is refreshed (around every 24 hours)

A login "failure" is only logged against the user for an incorrect password. An incorrect username can't be logged as the username is invalid!

The Password Security report gives a summary of each user's password strength and when their password was last changed. You might use this information to request users increase their password security or change their password periodically.

Note: ChurchSuite can only detect the strength of a password when it is physically typed in by a user on a login page. If a user has "autofill" enabled on their browser, or they have copied and pasted it (perhaps when using a password vault app like 1Password), it isn't possible to detect the strength of the password. The browser choice may also have an impact on this too, as some of the more obscure browsers don't support all functionality. Note also that if you've saved your password in your browser then that will prevent the strength detection from actually running, as the browser security measures doesn't allow ChurchSuite access to the browser's saved password list in order to check the strength.

The Permissions report displays a table of all the Module Access permissions held by the users on your ChurchSuite account. Administrators can also use this table to manage the Module Access permissions of each user within the account (using the action cog on the right hand side of each user listed). The report displays user permissions for the site being viewed. Using the multi-site selector in the top right hand corner of ChurchSuite you can filter the report to show all users for "All Sites" or all users for a specific site.

The Recent Changes report gives a list of all recent changes made to users, by Administrators, or the user themselves.

Reporting options for Users

The User Reports section includes it's own version of the Communication report, with the notable difference that it only displays the communications (e.g. emails, sms, call, etc) that have been sent out by the logged in user, and not those of any other users on the account.

Deleting a user from ChurchSuite

Before you delete a User from your account, you prefer to first set the user inactive first, to make sure there are no unexpected consequences to the user being deleted. Simply edit the user's profile and set their status to 'inactive'. Inactive users can be set active again if necessary.

To delete a user, navigate to the Users section of the Administrator menu, select the user in question and click the Delete button in the top right corner of their user profile page.

You'll be taken through two confirmation steps, the first asking "Are you sure?", and the second confirming the consequences of proceeding and asking you to type "I CONFIRM".

Deleting a User will remove their User profile entirely, including their module permissions, their user group membership and site permissions. They will no longer be able to log in and their encrypted password will be deleted. Any historic leave and leave set up will be deleted. Any features that have been set visible to "Just me" will no longer be accessible to anyone - including that user's Notes, Flows, Tags, Key Dates, and Booking Resources.

Still need help? Contact ChurchSuite Contact ChurchSuite