CloudOffix User Creation Guideline

This document provides a comprehensive guide for creating and managing users in CloudOffix. Correct user creation is essential for ensuring security, maintaining proper access levels, and smooth business operations.

1. Introduction

1.1 Overview of CloudOffix User Management

At its core, user management ensures that employees, partners, or customers can access only the features and data relevant to their roles. Creating a new user in CloudOffix is a foundational task that sets the stage for secure and efficient operations.

The user creation process involves defining a user's profile, assigning permissions via groups, and configuring login details. This is typically done through the 'Users & Companies' menu > Users in the Settings app. CloudOffix's user system is built on a flexible, group-based permission model, allowing granular control over what users can view, edit, or delete.

1.2 Importance of Proper User Creation

Incorrect user setup can lead to data breaches, compliance violations (e.g., GDPR, SOX), or operational inefficiencies. For instance, over-privileging a user might expose sensitive financial data, while under-privileging could hinder productivity. Proper creation ensures:

• Security: Least-privilege principle to minimize risks.
• Compliance: Audit trails for user actions.
• Scalability: Easy onboarding for growing teams.

2. Understanding User Types in CloudOffix

In CloudOffix, users are categorized into backend users and portal users. The public user is not a user type that is explicitly created; it represents anonymous access to public-facing features (e.g., website pages).

2.2 User Types in CloudOffix

Before creating a user, it is important to understand the available user categories and their functions.

2.3 Public User

• This user represents anonymous visitors browsing the website without logging in.
• The Public user is a system account and must not be created, modified, or assigned manually.

2.4 Backend Users

• Backend users are internal users/employees who require access to the CloudOffix backend interface. These users typically require detailed permissions and may be linked to employee records.
• They can log in to the main system and operate within modules based on their permissions.
• Access rights for backend users can be customized at module level depending on responsibilities
• Typical backend users may include:
  • Human Resources Manager
  • Sales Manager
  • Sales Representative

2.5 Portal Users

• Portal users are external users, such as customers, suppliers, or service partners.
• These users log in through the Portal interface, which provides restricted access.
• Portal users typically view only their own records, such as:
  • Quotations
  • Sales Orders
  • Invoices
  • Support Tickets
• Portal users cannot access backend functionality.

3. Backend User Creation

Backend users are internal employees or administrators with access to CloudOffix's full interface. The primary method is creating users via the Employees app.

3.1 Primary Method: Via Employees App

1. From the app drawer, open the Employees app.
2. Click Create to add a new employee.
3. Fill in the necessary details such as:
   1. Name: Full name (e.g., 'Jane Smith').
   2. Work Email: Valid email (e.g., jane.smith@company.com).
   3. Job Position: Select or create a new position.
   4. Department: Link to a department for organizational hierarchy.
4. In the HR Settings tab:
   • Under 'Related User,' select an already created user name or Create and Edit a new one.
     • Create and Edit: A user creation form opens. Complete:
       1. Name: Full name.
       2. Email: Same as work email.
       3. Save the user, then save the employee record.

The newly created user/employee above (Anna Anderson), has access rights that are automatically coming from the Default User Template. This means the person creating the user does not need to manually assign these access rights individually.

3.2 Secondary Method: Via Settings App > Users & Companies > Users

1. Open the Settings app.
2. Navigate to Users & Companies > Users. (The new user opens with the 'Default User Template', you can edit the access rights of the new user from the access rights tab.)
3. Click Create.
4. Fill in:
   1. Name: Full name.
   2. Email: Work email.
   3. Access Rights tab: Assign groups.
   4. Save the user.
5. Optionally, link to an employee record via Employees > Select Employee > HR Settings > Related User.

4. Portal User Creation

Portal users are external stakeholders (e.g., customers, vendors) with restricted access to specific features, such as viewing invoices or submitting forms. There are two methods to create portal users.

4.1 Method 1: Via Contacts App

1. Open the Contacts app.
2. Click Create to add a new contact or select an already created contact from your contacts.
3. Fill in:
   1. Name: Select whether this contact is an individual or a company. Enter the name (if it is an individual e.g., 'Andrew Tyler' or a company e.g., 'Acme Corp').
   2. Email: Valid email for login.
   3. Save the contact.
   4. From the contact's form view, click the Action dropdown > Portal Access Management.
   
   5. In the popup:
      • Check the box for 'In Portal'.
      • Click Apply.
4. CloudOffix sends an invitation email with login instructions.

4.2 Method 2: Via Settings > Users

1. Open Settings > Users & Companies > Users.
2. Click Create.
3. Fill in:
   1. Name: Contact's name.
   2. Email: Valid email.
   3. In Access Rights, ensure only the check box for 'Portal' group is selected.
   4. Save and send an invitation email.

4.3 Configuring Portal Access

Configuring portal access involves setting up which records (e.g., quotations, invoices) portal users can view or interact with via the portal interface.

Granting portal access does not automatically provide visibility to all portal objects, including both database-created and custom objects. For each portal object, access must first be explicitly granted to the portal group (Other: Extra Rights / Portal) through Access Control List (ACL). However, certain objects, (e.g., My Opportunities and My Leads), are provided directly from the database and will be visible to portal users when these database-provided objects are utilized.

Backend users, by default, have access to view records associated with their account on the portal interface, provided those records exist in the backend system. Specifically, users with access to CRM (Opportunity) in the backend will automatically see these records reflected in the portal. Below is the complete list of objects that are directly from the database and visible to portal users:

• My Opportunities: Backend users with access to CRM opportunities can view their assigned opportunities directly in the portal under the 'My Opportunities' section.
• My Leads: Leads are visible in the portal under 'My Leads' when the Reseller app is installed through Apps. To download this app assistance is needed. For example, if a third-party or distributor is involved, request the consultant to configure the Reseller setup to ensure leads appear in the portal view.
• Quotations – Sales Orders – Purchase Orders – Invoices: These records are visible to customers in the portal.
• My Appraisals: Any user associated with an appraisal can view and complete their assigned evaluations in the portal by logging in to their accounts.
• My Employee Profile: This supports the self-service HR vision. Upon joining the company, employees complete a one-time customized form to provide specific personal details, such as address, contact information, or other relevant data. This streamlined process eliminates repetitive manual updates. Employees can access the portal at any time to update their information, such as an address change, without needing administrator assistance. Customized forms can be tailored to collect specific employee data, and all employees can securely fill out and submit these forms through the portal, significantly reducing manual data entry for HR administrators.

Note: To make ‘My Employee’ visible in the portal view, follow either of these paths:
Employees app > Configurations > Scroll down and check the box for ‘HR Employee Portal’ > Save the changes
Settings app > General Settings > Employees > Scroll down and check the box for ‘HR Employee Portal’ > Save the changes

• Project: To allow customers to track projects in the portal.
• My Tickets: If a portal user submits a ticket through the website or a public user submits a ticket than later creates an account with the same email address the system recognizes the user and displays their tickets in the portal under 'My Tickets.' This functionality works regardless of whether the user signs up before or after creating a ticket.
• My Assets: When the Asset or IT Service Management application is installed, employees can view devices assigned to them in the portal under 'My Assets.' They can also submit requests related to these assets.

If the IT Service Management MSP module is installed, the following features are available in the portal:


• All Tickets: Displays all tickets associated with the company.
• All Assets: Shows all assets assigned to the company.
• Employees: Lists all employees within the company.


These features are visible only to users with MSP Manager (Company Manager) permissions, allowing them to manage and monitor tickets, assets, and employees.