View and Manage Users

Users in our Org

Photo by cottonbro: https://www.pexels.com/photo/group-of-people-in-white-shirts-8088443/

The administrator can view and manage all users in an org. In fact, any user with the following permissions can view and manage all users.

  • View Setup and Configuration- To view users' lists.
  • Manage Users- To manage profiles and log in as a user.

In this blog, we are going to discuss following topics related to viewing and managing users in an org.

  • Guidelines for Adding Users
  • Adding a Single User
  • Adding Multiple Users
  • Considerations for Editing Users
  • Edit Users
  • Set Password Policies
  • Unlock Users
  • Considerations for Deactivating Users
  • Deactivate Users
  • Freeze and Unfreeze User
  • Restrict User Email Domains

So, let’s see them one by one.

Guidelines for Adding Users

  1. The username must be unique across all Salesforce orgs.
  2. The username must be in email address format, though it need not be a valid email address.
  3. The same email address can be used to create different users with unique usernames.
  4. Salesforce Customer Support can’t change usernames or deactivate users from an org.
  5. The account verification link emailed to new users expires in 7 days, and user must change their password the first time they log in.
  6. Users who click the Account verification link and don’t set the password need an admin to reset the password.
  7. All options are not available for all license types. For example, the marketing user isn’t available for the Lightning platform user license.
  8. We can move users between profiles based on user licenses that have the same record-sharing models.
  9. If we move a user with permission set assignments, the user is removed from the permission set.
  10. If we try to add the user back to the permission set, we receive a licensing error unless the new license allows the permission.

Adding a Single User

So now let’s see how to add a single user to our org. An administrator or any user with “Manage Internal Users” permission can add a user to our org.

Please follow the given steps to add a user.
[Use the given screenshot for reference]

  1. Go to the setup page and type users in the “Quick Find” box.
  2. Click on the “New User” button.
  3. Provide the following field values for the user. For example, we are creating a Standard User for now.
    (a) First Name
    (b) Last Name- Required
    (c) Alias- Required
    (d) Email- Required
    (e) Username- Required
    (f) Nickname- Required
    (g) Role
    (h) User License- Required
    (i) Profile- Required
  4. Check the “Generate new password and notify the user immediately” checkbox, to have the user’s login name and a temporary password emailed to the new user.
  5. If your organization has Approvals enabled, you can set the user’s approver settings, such as delegated approver, manager, and preference for receiving approval request emails. [Optional]
  6. Click on Save.
  7. User will receive a Welcome mail from salesforce for the Account Verification. Click on the Verify Account button.
  8. It will take us to a new page and ask for Resetting the password. Click on the “Reset Password” button.
  9. It will take us to the “Change Your Password” page where the user can provide the new password, confirm the password, choose a security question and provide the answer.
  10. Finally, click on the Change Password button and Bingo, the new user has successfully changed the password and logged into the org.
Users Page in Setup
New User Page
Generate New Password Option on New User page
Salesforce Welcome Mail
Ready for New Password Page
Change Your Password Page

Adding Multiple Users

We can even add multiple users at a time to our org. But we can add only up to 10 users at a time. Our Salesforce edition determines the maximum number of users that we can add. Other than Administrator any user with “Manage Internal Users” permission can add multiple users to our org. Just make sure you have that many user licenses available for your org, as all the users will have the same user license. For example, we are going to create 10 Internal users for our org.

Please follow the given steps to add 10 users.
[Use the given screenshot for reference]

  1. Go to the setup page and type users in the “Quick Find” box.
  2. Click on the “Add Multiple Users” button.
  3. Add Multiple Users page shows available user licenses in the org. It also shows the Role hierarchy of the org.
  4. From the User License dropdown, select the User License for all the 10 users. For example, we have chosen Identity for Identity User.
  5. Provide the following field values for the users.
    (a) First Name
    (b) Last Name- Required
    (c) Email (Username)- Required
    (d) Profile- Required
    (e) Role
  6. Check the “Generate new password and notify user immediately” checkbox, to have the user’s login name and a temporary password emailed to the new user. But we haven’t checked it as the username that we have used are not valid emails.
  7. If you haven’t checked the “Generate new password and notify user immediately” checkbox, then you should edit the user details to provide valid emails and then reset the passwords for them. We’ll discuss this in the next topic.
  8. Click on Save for creating these users.
  9. Bingo! all users created successfully.
Users Page in Setup
Available Licenses and Roles
User License Dropdown
Multiple New Users
Created Users

Considerations for Editing Users

So, before discussing editing users, let’s discuss the points to consider for editing users. Be aware of the following behaviours when editing users.

  1. The username must be unique across all Salesforce org.
  2. The username must be in email address format, though it need not be a valid email address.
  3. The same email address can be used to create different users with unique usernames.
  4. Salesforce Customer Support can’t change usernames or deactivate users from an org.
  5. If we change a username, a confirmation email with a login link is sent to the email address associated with that user account.
  6. If an organization has multiple login servers, sometimes users can’t log in immediately after we change their usernames. The change can take up to 24 hours to replicate on all servers.
  7. If you change a user’s email address and the “Generate new password and notify user immediately” setting is disabled, Salesforce sends a confirmation message to the updated email address. Before the new email address is active, the user must click the link provided in the message.
  8. If we change a user’s email address and the “Generate new password and notify user immediately” setting is enabled, Salesforce sends a password reset link to the new email address. Before the new email address is active, the user must create a new password.
  9. If a user changes their own email address, Salesforce sends a confirmation message to the user’s new email address and a verification code to the old address. When the user receives the confirmation email, they must enter the verification code to finish updating their email address.
  10. Users can change their personal information after they log in.
  11. If the organization-wide default for the user object is Private, users must have Read or Write access to the target user to access that user’s information.
  12. We can restrict the domain names of users’ email addresses to a list of specific domains. Any attempt to set an email address with another domain results in an error message.

To enable this functionality for our organization, we need to contact Salesforce.

Edit Users

To change user details, we need to edit the user contact. An administrator or any user with “Manage Internal Users” permission can edit users in the org. For example, we will edit the 10 Identity users we created earlier.

Please follow the given steps to edit 10 identity users.
[Use the given screenshot for reference]

  1. Go to the user's detail page in the setup.
  2. Click on the Edit link in front of the user that we want to edit.
  3. Now Click on the Email field and provide the email you want to provide. For example, we are going to provide the same email id for all the identity users.
  4. Click on the Save button. It will show a confirmation dialog box, click on ok.
  5. Now we will repeat steps 2 to 5 for the rest of the 9 Identity Users.
  6. All these users will get email verification mail on the update email. This link expires in 72 hours.
  7. Woohoo, we have successfully changed the email for all the users.
Edit Link on User Detail Page
Edit User Page
Confirmation Dialog Box
Email Verification Mail

Set Password Policies

Now, before discussing unlocking users, let's discuss setting password policies. We can improve our Salesforce org’s security with password protection. We can set password history, length, and complexity requirements. We can also specify what to do when a user forgets the password.

However, there are a few default password and login policies for all user passwords and in all editions.

  • User passwords cannot exceed 16,000 bytes.
  • Logins are limited to 3,600 per hour per user.
  • A password can’t contain a user’s username and can’t match a user’s first or last name.
  • Passwords also can’t be too simple. For example, a user can’t change their password to “password”.
  • A password must contain at least eight characters, including one alphabetic character and one number.
  • The security question’s answer can’t contain the user’s password.
  • When users change their passwords, they can’t reuse their last three passwords.

To define your own password policies, please follow the given steps.
[Use the given screenshot for reference]

  1. Go to the Setup page.
  2. Type Password in the Quick Find box, then select Password Policies.
  3. We can customize the following settings from this page.
    - User passwords expire in
    - Enforce password history
    - Minimum password length
    - Password complexity requirement
    - Password question requirement
    - Maximum invalid login attempts
    - Lockout effective period
    - Obscure secret answer for password resets
    - Require a minimum 1 day password lifetime
    - Allow use of setPassword() API for self-resets
  4. Other than these we can also configure the forgotten password and locked account assistance information. [Note- This setting is not available for Self-Service portals, the Customer Portal, or partner portals.]

[Note- Please use the following table to understand these settings]

Password Policies Page
Password Policy Settings

Unlock Users

Users are locked out of their org when they enter incorrect login credentials too many times. Administrator or users with following permissions can unlock these locked out users to restore their access.

  • Manage Users- To view the number of failed login attempts for a user account.
  • Manage Internal Users- To unlock users.

Please use the following steps to unlock the locked user. For example, the standard user of our user is locked out of the org and we as an Admin have to unlock that user.
[Use the given screenshot for reference]

  1. Go to setup page and type users in the quick find box.
  2. Click on Users and then click on the name of the user which has been locked out of the org.
  3. The user which has been locked out will have the “Unlock” button at the top.
  4. Just click on the Unlock button to unlock the user.
  5. The unlock button will disappear once the user gets unlocked.
  6. The user will receive a mail once s/he will be unlocked.

[Note- The admin should reset the password of the user in case the user gets locked due to wrong login attempts as the user might not remember his/her password, and with resetting the password it will not even unlock the user but also gives him/her option to reset the password.]

User on the Users Page
Unlock Button on the User Detail Page
User Detail Page after Unlock
Mail to the Unlocked User

Considerations for Deactivating Users

Now, before discussing on Deactivating users let’s see the points to consider for deactivating users.

  1. Due to record ownership and membership we might not be able to deactivate a user. In these cases, we must freeze the user’s account first to prevent logins while we reassign ownership, memberships, and so on, as needed. Then we can deactivate later.
  2. A deactivated user doesn’t count against our organization’s available user licenses.
  3. We can’t deactivate a user that’s selected in a custom hierarchy field even if we delete the field. To deactivate a user in a custom hierarchy field, delete and permanently erase the field first.
  4. Processes can’t update records that are owned by inactive users. When we deactivate a user, we also need to transfer that user’s records to an active user to avoid failed processes.
  5. We can’t deactivate a user that’s assigned as the sole recipient of a workflow email alert.
  6. We can’t deactivate a user that’s selected as a Customer Portal Administrator.
  7. Deactivated users lose access to any records that were manually shared directly with them, or implicitly shared with them as team members. Users higher in the role hierarchy relative to the deactivated users also lose access to those records. However, we can still transfer their data to other users and view their names on the Users page.
  8. If we deactivate users in an organization where Chatter is enabled, they’re removed from the Following and Followers lists. If we reactivate the users, the subscription information in the Following and Followers lists is restored.
  9. If we deactivate multiple users, subscription information isn’t restored for users that follow each other.
  10. Files owned by a deactivated user aren’t deleted. The deactivated user is the file owner until an admin reassigns the files to an active user.
  11. Inactive users can be listed in Created By fields even when they’re no longer active in an organization.
  12. We can create and edit accounts, opportunities, and custom object records that are owned by inactive users.
  13. Deactivated users are no longer assigned to territories and are removed from the territories they were assigned to.
  14. Deactivated users are removed from the default opportunity and account teams of other users. The deactivated users’ default opportunity and account teams aren’t removed.
  15. When a user on an account team who has Read/Write access is deactivated and then reactivated, access defaults to Read Only.
  16. If we deactivate users in an organization where opportunity splitting is enabled, they aren’t removed from any opportunity teams where they’re assigned a split percentage.
  17. When a delegated external user admin deactivates a portal user, the admin can’t remove the portal user from teams that user is a member of.

Deactivate Users

We can’t delete a user in an org, but we can deactivate a user’s account so they can’t log in to Salesforce. The reason for this is removing a user from Salesforce affects many processes in the org. After departure from the org, we don’t want the user to retain access to their account. But merely deleting a user can result in orphaned records and the loss of critical business information. Hence, deactivating rather than deleting the user is the appropriate action to take.

Administrator or any user with “Manage Internal Users” permission can deactivate a user in an org.

To deactivate a user, please follow the given steps.
[Use the given screenshot for reference]

  1. Go to the setup page.
  2. Type users in the quick find box and click on users.
  3. From the Users Page, click on the user which you want to deactivate. For example, we are going to deactivate one of the Identity user.
  4. Click on the Edit button from the User’s Detail Page.
  5. Uncheck the Active checkbox.
  6. Click on Save, It will show a confirmation box, click on ok.

Hurray! we have successfully deactivated the user.

User Page
User’s Detail Page
Active checkbox on user’s Detail Page

Freeze and Unfreeze User

We have already discussed that in some cases we can’t directly deactivate the user, in such situation we have to freeze the account first, transfer the records and then deactivate the user.

Administrator or any user with “Manage Users” permission can freeze or unfreeze any user.

Please follow the given steps to freeze or unfreeze user.
[Use the given screenshot for reference]

  1. Go to the setup page and type users in the quick find box.
  2. Click users and from the user page click on the user which you want to freeze.
  3. Click on the freeze button on the user’s detail page. [The same page will show unfreeze button for already freezed user]
Users Page
User’s Detail Page
User’s Detail Page for Freezed User

Restrict User Email Domains

We can define an allowlist to restrict the email domains allowed in a user’s Email field. Administrator or any user with “Manage Users” permission can restrict user email domains. Allowed Email Domains page will only be visible if the allowlist is enabled.

So, let’s first see how to enable the allowlist. Administrator or any user with “Customize Application” permission can enable the allowlist.

Please follow the given steps to enable the allowlist.
[Use the given screenshot for reference]

  1. Go to the setup page, and type “user man” in the quick find box and click on “User Management Settings”.
  2. Click on the “Email Domain Allowlist” toggle button to enable it.
User Management Settings Page

Now we are ready to restrict user email domains.

Please follow the given steps to “Restrict User Email Domains”.
[Use the given screenshot for reference]

  1. Go to the setup page, and type “user man” in the quick find box and click on “Allowed Email Domains”.
  2. Click on “New Allowed Email Domain” button.
  3. Enter a Domain, we can enter a top level domain or a subdomain.
  4. Click Save.
Allowed Email Domains Page
Allowed Email Domain

We can can repeat the steps to add more email domains to the allowlist. After we’ve added one or more email domains, the Email field for each new user must match an allowed domain.

and that marks the end of this blog. Hope you have enjoyed it.

See you soon, with a new blog, till then Thank you & Happy Trailblazing.

Don’t forget to leave your comments and give a clap to the blog, if you find it helpful.

Thank you so much

You can follow me on -

LinkedIn| Facebook | Twitter

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store