Overview
The Accounts card and Accounts menu bar let administrators manage existing users and create new users. These pages can only be accessed if the administrator has any of the following permissions on at least one MTOA supported service:
Create User
Read User
Update User
Create and invite users in any service
The table below describes what an administrator can do with a given permission.
Task | Read User | Create and Invite user | Update User Accounts | Create and invite users 1 |
Access user list | X |
|
|
|
Invite user to service |
| X |
| X |
Activate/Deactivate user | X |
| X |
|
Edit user | X |
| X |
|
1 Note on the use of “Create and invite users in any service” permission:
“Create and invite users in any service” (sometimes referred to as the “Master permission”) is a special permission in the “myTC Account Administration” service. Users with the “Create and invite users in any service” permission can invite any user (the current version only supports internal users) to in any of the services defined in the Admin Console supported services. However, the “Create and invite users in any service” is not a master permission, to view and edit users (and in some cases delete), the administrator still requires “read/add/update/delete” permissions. This is by design, allowing service administrators to manage their own users while when needed, users with this special permission can assume the service administrator role by enrolling their own account to any of the services defined in Admin Console supported services which they want to manage. While enrolling their own account to assume the service administrator role, the administrator still needs the Read User, Create and Invite User and Update User Account permissions. Without these permissions, even after enrolling themselves in a service, the administrator cannot read or manage users. If such an administrator also wanted to manage other resources, for example “Email Notifications” or “Notices” or “Service Settings” then those permissions would need to be assigned well.
Manage Users / Account Settings
The Manage Users card or Account settings menu bar display the list of internal users. User information consists of user name, services, permissions and status. Only services where the administrator has read permission are displayed. If the administrator does not have Update User permissions for a service, the Activate / Deactivate button will not be displayed. In the screenshot below, the administrator cannot activate or deactivate a user in the RTMR service. Furthermore, the “Invite New Member” button is displayed if the admin user has Create user permission.
Create/Invite New User
The Invite New Member button on the user list page and the Add New User button (Accounts card in home page) link to the invite page and allows the administrator to invite users. This is used for enrolling new users to services in MTOA, as well as granting permissions for a services.
Related Permissions/Services
In myTC Account Administration service, “Create and invite users in any service” permission in “myTC Account Administration” allows a user to change their own permissions.
The steps to invite a member (new or existing internal user) to a specific service are:
Step 1: Enter the member username or email in the search box and click on Search.
Step 2: If the user is found, their account details are displayed and two optional fields for phone number and PKI are shown.
Step 3: Select a service.
Step 4: Click Continue to display permissions for the selected service.
Step 5: Click Invite to invite the user.
Note: If the telephone number has been entered or modified with an invalid format, the form will not be submitted and an error message will be displayed.
Member Email Address or TC\Username
Enter a Windows user name or email address. You can include “TC\” at the beginning of user name to perform the search. If TC\ is not included, then it gets prepended to the Windows user name.
For example if you search for “myusername”, a search will be performed on “TC\MYUSERNAME”. This field is required and is case insensitive. The search is first performed in the MTOA database; if unsuccessful, it will search the TC Directory. If found, account details will be displayed on the page.
The user is not found
The user is found.
Service not selected | Service selected |
 |  |
Telephone Number and PKI are optional fields. For most services, PKI is optional, however to enroll an internal user in service like IZEV which needs PKI, administrators should make sure to assign a PKI so that enrolled internal users can access their service.
Telephone number must match Canadian format: 6139999999 / 613 999 9999 / (613) 999 999 / 613-999-9999 / (613) 999-9999.
Service
Services displayed in the dropdown list are those to which the user is not yet enrolled and the administrator has update permission. Once a service is selected, the Continue button will be enabled. Click on Continue to display permissions according to the selected service.
Note: With create and update user permissions, the administrator can manage all permissions in a service.
Invite
This button adds a user to a service in MTOA if they are found in the TC Directory and they are not yet in the MTOA database. If the user is already in MTOA, they will be updated with the new service and permissions.
Cancel
By clicking on the cancel button, you stop the process and you are redirected to the user list page.
Edit
Clicking on the Edit button takes you to edit user page. On the edit page, administrators can manage service specific permissions, the user status, and telephone number. The administrator must have Update User permissions to perform these actions. Without the permission, the status will be read-only. The user status can be either active or inactive.
Admin user has update user account permission | Admin user does not have update user account permission |
 
|   Note: Permissions are greyed out |
Save Changes
If the admin user has update user account permissions a Save Changes button is displayed. Once the changes are saved, the admin user is redirected back to the user list page.
Cancel
The process of editing a user is cancelled and you are redirected to the user list page.
Internal User Search
Internal Users can be searched from the “Internal Users List” tab. For details on Internal Users List see “Manage Users / Account Settings”.
Support
Internal user search is supported in Admin Console v1.2 or higher.
Related Permissions/Services
In order to search internal users, the Admin Console user must have a read user permission in at least one supported service.
From top menu area, click “Account Settings” or from home page of Admin Console click on “Manage Users” button shown on “Accounts” card
Enter the user name or email address in the “Search for internal users” text box
Click the search button or hit Enter while staying in search field.
This searches internal users by matching beginning letters in one or more of following fields:
· First name
· Last name
· Windows Account name
· Internal user’s email
The current search behavior is as follows:
The Admin Console lists users from only those services where an Admin Console user has Read Users permission
Leading and trailing spaces will be removed before searching
To limit search results, the search term needs to be a minimum of two characters (the "TC\" domain prefix will be ignored)
The search result will include internal users matching "first name"/"last name"/email/"windows user name" starting with entered search term
The matching result will ignore case
Note: accents must be specified while searching internal users
Activate / Deactivate
Activate or Deactivate allows administrators to change the user’s status to active or inactive. This action requires the update user account permission.
