Overview
The Accounts card and Accounts menu bar let administrators manage existing users and create new users. These pages can only be accessed if the administrator has any of the following permissions on at least one MTOA supported service:
Create User
Read User
Update User
Create and invite users in any service
The table below describes what an administrator can do with a given permission.
Task | Read User | Create and Invite user | Update User Accounts | Create and invite users 1 |
Access user list | X |
|
|
|
Invite user to service |
| X |
| X |
Activate/Deactivate user | X |
| X |
|
Edit user | X |
| X |
|
1 Note on the use of “Create and invite users in any service” permission:
“Create and invite users in any service” (sometimes referred to as the “Master permission”) is a special permission in the “myTC Account Administration” service. Users with the “Create and invite users in any service” permission can invite any user (the current version only supports internal users) to in any of the services defined in the Admin Console supported services. However, the “Create and invite users in any service” is not a master permission, to view and edit users (and in some cases delete), the administrator still requires “read/add/update/delete” permissions. This is by design, allowing service administrators to manage their own users while when needed, users with this special permission can assume the service administrator role by enrolling their own account to any of the services defined in Admin Console supported services which they want to manage. While enrolling their own account to assume the service administrator role, the administrator still needs the Read User, Create and Invite User and Update User Account permissions. Without these permissions, even after enrolling themselves in a service, the administrator cannot read or manage users. If such an administrator also wanted to manage other resources, for example “Email Notifications” or “Notices” or “Service Settings” then those permissions would need to be assigned well.
Manage Users / Account Settings
The Manage Users card or Account settings menu bar display the list of internal users. User information consists of user name, services, permissions and status. Only services where the administrator has read permission are displayed. If the administrator does not have Update User permissions for a service, the Activate / Deactivate button will not be displayed. In the screenshot below, the administrator cannot activate or deactivate a user in the RTMR service. Furthermore, the “Invite New Member” button is displayed if the admin user has Create user permission.
Create/Invite New User
The Invite New Member button on the user list page and the Add New User button (Accounts card in home page) link to the invite page and allows the administrator to invite users. This is used for enrolling new users to services in MTOA, as well as granting permissions for a services.
Related Permissions/Services
In myTC Account Administration service, “Create and invite users in any service” permission in “myTC Account Administration” allows a user to change their own permissions.
The steps to invite a member (new or existing internal user) to a specific service are:
Step 1: Enter the member username or email in the search box and click on Search.
Step 2: If the user is found, his account details are displayed and an optional fields for phone number is shown.
Step 3: Select a service.
Note: 1- if a PFTR or MD service is selected a required field for Pilot License number is displayed.
However, if there already a license number, it will be displayed and cannot be updated
2- if an iZEV service is selected, a required field for PKI is displayed
Step 4: Click Continue to display permissions for the selected service.
Step 5: Click Invite to invite the user.
Note: Before the form is submitted, required fields (PKI and Pilot License number), if needed and the telephone number format are validated. An error message is displayed accordingly if there is an error.
Member Email Address or TC\Username
Enter a Windows user name or email address. You can include “TC\” at the beginning of user name to perform the search. If TC\ is not included, then it gets prepended to the Windows user name.
For example if you search for “myusername”, a search will be performed on “TC\MYUSERNAME”. This field is required and is case insensitive. The search is first performed in the MTOA database; if unsuccessful, it will search the TC Directory. If found, account details will be displayed on the page.
The user is not found
The user is found.
Service not selected |
Non PFTR, MD or iZEV Service selected |
iZEV Service selected |
PFTR or MD Service selected |
Note: Telephone number must match Canadian format: 6139999999 / 613 999 9999 / (613) 999 999 / 613-999-9999 / (613) 999-9999.
Pilot License Number is not editable.
Service
Services displayed in the dropdown list are those in which the user is not yet enrolled and the administrator has update permission. Once a service is selected, the Continue button will be enabled. Click on Continue to display permissions according to the selected service.
Note: With create and update user permissions, the administrator can manage all permissions in a service.
Invite
This button adds a user to a service in MTOA if they are found in the TC Directory and they are not yet in the MTOA database. If the user is already in MTOA, they will be updated with the new service and permissions.
Cancel
By clicking on the cancel button, you stop the process and you are redirected to the user list page.
Edit
Clicking on the Edit button takes you to edit user page. On the edit page, administrators can manage service specific permissions, the user status, and telephone number. The administrator must have Update User permissions to perform these actions. Without the permission, the status will be read-only. The user status can be either active or inactive.
Admin user has update user account permission | Admin user does not have update user account permission |
| Note: Permissions are greyed out |
Active
Active button allow the administrator to activate the user in a service. Activation takes place instantly.
Inactive1
Inactive button allow the administrator to deactivate a user from a service. However, the administrator has two options while deactivating a user. He can deactivate the user immediately or in the future as shown in the image below.
Immediate deactivation
By clicking on “Immediately” button, the user will be deactivated instantly and he will no longer have access to that service.
Future deactivation
By clicking on “In the future” button, the administrator will select a date where the user will be deactivated. The default date is the next date as from the current date. The user will still have access to the service until the selected date. From the selected date, the user will no longer have access to the service.
Save Changes
If the admin user has update user account permissions a Save Changes button is displayed. Once the changes are saved, the admin user is redirected back to the user list page.
Cancel
The process of editing a user is cancelled and you are redirected to the user list page.
Internal User Search
Internal Users can be searched from the “Internal Users List” tab. For details on Internal Users List see “Manage Users / Account Settings”.
Support
Internal user search is supported in Admin Console v1.2 or higher.
Related Permissions/Services
In order to search internal users, the Admin Console user must have a read user permission in at least one supported service.
From top menu area, click “Account Settings” or from home page of Admin Console click on “Manage Users” button shown on “Accounts” card
Enter the user name or email address in the “Search for internal users” text box
Click the search button or hit Enter while staying in search field.
This searches internal users by matching beginning letters in one or more of following fields:
· First name
· Last name
· Windows Account name
· Internal user’s email
The current search behavior is as follows:
The Admin Console lists users from only those services where an Admin Console user has Read Users permission
Leading and trailing spaces will be removed before searching
To limit search results, the search term needs to be a minimum of two characters (the "TC\" domain prefix will be ignored)
The search result will include internal users matching "first name"/"last name"/email/"windows user name" starting with entered search term
The matching result will ignore case
Note: accents must be specified while searching internal users
Activate / Deactivate1
Activate or Deactivate allows administrators to change the user’s status to active or inactive. This action requires the update user account permission.
1Note on the use of “Deactivate” and “Inactive”
The following will be the impact on user enrollment:
The user enrollment is flag as inactive. The service will have to look up this flag in its application
The permission for this user will be render inactive
The user is still registered to the service
No service requests by this user have been removed or deleted