User Name

A string of characters that uniquely identifies this person. This can be an email address. It is not case sensitive.

Password

An encrypted field that you or the user can edit from within MinistryPlatform. Once added, the value cannot be recovered. When editing, note that changes are saved. The password field always shows eight dots for security.

Admin

When set to Yes, this user can run specific reports and tools that are not available to most users. This does not enable use of any applications using the API or provide any page or sub-page rights.

Contact

The Contact record containing the name, contact information, and other important details about this user. Each User record should have a unique Contact record. This is the required Foreign Key that links the User record to the Contact record.

Supervisor

The User record of the person to whom this user reports. This may be used by workflow Processes and Process Steps to gain the supervisor's approval when this user adds records to various pages in MinistryPlatform.

User GUID

A string of characters that become a secondary unique identifier for this user. This is generated automatically and used by certain applications that identify this user.

Can Impersonate

When set to Yes, this indicates this user can impersonate users in the Platform. Limit this ability to highly trusted and trained staff members.

Time Zone

The time zone or "standard time" of the user that affects the date and time displayed. Users can click their username in the top right of the Platform to change this setting.

Locale

The locale or "culture" of the user that affects the formatting of the date, time, and currency displayed. If blank, the system uses the Domain Locale. Users can clicking their username in the top right of the Platform to change this setting.

Setup Admin

Grants access to the System Setup area where you can manage Pages, Views, and more. Users with Setup Admin set to Yes have access to the Reset Auth App button in their user profile to recycle the app pool after they update their Identity Provider configurations.

Login Attempts

The number of attempts the user made to unsuccessfully login. Once the user reaches the Max Login Attempts value (as set on the Domain record), they'll be locked out. To unlock a user, they can reset their password or a SPoC can edit this value to be less than the Max Login Attempts value (typically, zero).

MFA Required

When set to Yes, users must use multi-factor authentication when they're prompted to log in.

Data Service Permissions

The Data Service Permissions relate to how the OData API allows users to access data remotely through the API. For almost all users, you can disregard these fields (leave them as No). You should only give these permissions for custom development and/or a third-party integration that uses the API.

Tabs

Roles

Add the permitted security roles that this user has.

User Groups

Add the user groups that this user is part of.

Identities

Track any external login authentication identities that this user logs in with, if applicable.

Assigned Tasks

Track any tasks assigned to this user.

Delegate Of

Add the permitted contact(s) that the user can send messages from. These contact(s) display in the From drop-down list of the New Message Tool.

Ministries Allowed

Add a permitted ministry for the user if you only want them to see records for that ministry on pages where you enabled this feature. If you don't specify any Ministries Allowed, the user can access all ministries.

Preferences

Track this user's Platform preferences. For more information, see User Preferences.

Notifications

Track any notifications this user has set up.

Global Filters

Add a permitted congregation or parish for the user if you only want them to see records for that congregation/parish as configured here. If you don't specify any Global Filters, the user can access all congregations/parishes.

Charts

Track any charts that this user has set up.