Users usually have permission to modify some of their account information - name, email address, user name, and password - but there are times when it is necessary for you to modify settings that users cannot access. The Edit User Page displays the same account settings used when creating an account plus settings related to the user's status and additional information about contributor accounts. All accounts display the date and time the account was created, who created it, and the date and time of the user's last activity in the site.
Unlocking an Account
In order to help secure your applicant's information, and ultimately the integrity of your database, from attacks by hackers and from malicious pranks an account is locked after 10 consecutive unsuccessful login attempts. An unsuccessful login attempt is only recognized when the credentials entered include a valid user name with an incorrect password. A message that alerts the user of the lockout policy is displayed after such an attempt, and after the tenth attempt the user is informed that the account has been disabled and that they should contact the organization directly for help. When an account is locked, the user is unable to log in or reset their password and an indication is shown on the Edit User Page. The only means of unlocking the account is for an administrative user to either manually change the password or trigger a password reset as described below. If the password is manually changed, it must be set to a new value - the new password cannot match the existing password.
Resetting a Password
If a user forgets their password, they can normally trigger a password reset themselves by following the "If you have forgotten your password..." link on the Login page. That process does require, however, that the user remembers their user name or the email address that is associated with their account. If they cannot remember either one or if they can only supply an email address and that address is associated with more than one account, it will be necessary for an administrative user to trigger the password reset. That can be accomplished by simply viewing the account, setting Reset Password to Yes and saving the account. The user's password is replaced with a system-generated password and an email containing a special link is sent to the user. The user can log in to the site with that link and must change their password before they are granted access to any other page in the site. You can choose to customize the content of the automated email if you choose (refer to Using Email for more information).
Forcing a Password Change
You can at any time force a user to change their password by setting Logins Until Password Change to a value other than 0 (0 allows the user to use the same password indefinitely). When the counter expires, the user will be directed to the reset page and blocked from any other action until they successfully change their password. When the password is changed, the counter resets to 0.
Blocking a User
If for any reason you find it necessary to block a user from accessing the site, perhaps because their role in the process is complete or because you have reason to believe that their account has been compromised and is being used by someone else, you can immediately revoke access to the site by setting Login Blocked to Yes. The user will no longer be able to log in and if they are currently logged in, the next time they click on a link or attempt to save a form they will be forcibly logged out (without executing the action in progress). In the case of a compromised account, you can change the user name and password and notify the rightful owner of the new settings.
If you need to block a category of users - if you want to prohibit applicants from logging in after a submittal deadline, for example - change the Login permission for the User Type as described in Setting User Permissions.
Setting Email Status
The Email Failed setting can give you and your applicants important information regarding the successful delivery of email notifications - particularly notifications related to contributors. It is not unheard of for an applicant to make a mistake when entering a contributor's email address - or even their own. If the system can determine that an email address is invalid, perhaps because it could not find an email server that corresponded to the domain portion of the address, this setting will be changed to Yes. You may change the setting back to No after the issue has been resolved or you may need to change the setting to Yes when you become aware that an account's email address is invalid through other means (see Troubleshooting Email Problems for more information).
If the Email Failed setting in a contributor's account is set to Yes, the contributor field will display a "Failed" indication. If the applicant is able to modify the document, they can correct the contributor's email address or define a different contributor and the notification will be re-sent.
Viewing Contributor Information
Contributor accounts display additional information that you may find useful if you need to track a contributor to the document containing the field that generated their account. The Target User setting displays the user name of the document owner. The Document/Field setting displays the document and field IDs that the account is associated with, along with a "view" link that will take you directly to the contributor's target form within that document.
Re-sending a Contributor Notification
Contributor accounts also display the status of the contributor's notification email along with a mechanism that enables you to re-send that email should the contributor mistakenly delete it or otherwise lose track of it. The Notification Status setting displays the date and time that the email was sent, and if it has been sent, a "view" link that displays the actual email with an option to re-send. In the example shown above, the email could be re-sent by clicking Re-Send Notification.
Configuring User Accounts
Configuring User Types