User Approval Process
Written by afernandez
Updated at November 27th, 2024
Table of Contents
This article documents the process for approving new user accounts. This approval process normally only occurs with Single Sign On (SSO) accounts.
Please Note: In the example messages below, dynamic values (@something@) will be replaced before the message is sent or displayed. Text in brackets indicates a link to another page.
User Sign In
When a user signs in and his/her account requires approval (osUsers.ActiveStatus = 'P'), he/she is prevented from signing in. He/she will be shown a message:
Your account is not authorized to access @system.ProductName@.
[Request Access]
The entire message is configurable via the system property UserApprovalMessage.
Requesting Access
The [Request Access] is a link to ~/auth/approval-request/@CustomerID@/@UserID@. This page sends an email requesting access and then displays a message:
Message Sent
Your request for access has been emailed to the system administrator.
[Go back to the sign in page]
The message header (Message Sent) can be configured using the UserApprovalSentHeading system property. The rest of the content can be set using the UserApprovalSentMessage system property.
Email Approvers
The email will be sent to every user that has User Setup tool access and is not Eccovia Staff (domain -99). This can be configured via the UserApprovalEmail system property to send to the designated email address(es) instead.
The email will be sent with the subject:
@UserName@ is requesting access to @system.ProductName@
The subject can be configured via the UserApprovalEmailSubject system property.
The email body will be:
@UserName@ is requesting access to @system.ProductName@.
Account Source: @domain@
[Approve this request]
[Deny this request]
The body can be configured via the UserApprovalEmailBody system property.
Approve the Request
The link to approve the request will require login and directly link to viewform.aspx?FormID=308&PrimaryKey=@UserID@&PageID=1, the user entry form, within ClientTrack. This can be configured via the UserApprovalUrl system property. Form 308 has been modified to automatically set the ActiveStatus to A when the ActiveStatus was pending (P) and display a warning message that it did so. It has also been configured to send an email message with subject:
Your @system.ProductName|"ClientTrack"@ account has been approved.
and body:
You may now [sign into @system.ProductName|"ClientTrack"@].
Deny the Request
The link to deny the request links to ~/account/approval-deny/@UserID@. This page displays a message:
Deny the User Access Request
Are you sure you want to deny access to @UserName|""this user""@?
Account Source: @domain@
[Yes, @UserName|""this user""@ is not a valid user]
[Approve @UserName|""this user""@ instead]
The heading can be configured via the UserApprovalDenyHeading system property and the other message content via UserApprovalDenyMessage. The approval link is shown in case the user changes his/her mind.
Denying the account sets the active status to D. The account will then appear in the recycle bin within user management and if the user attempts to sign in again, he/she will get a message stating "Your account is not authorized to access this system."
