Control a user's access
In some situations, supervisors may need to control a user's access to xMatters. For example, it may be necessary to log a user out of their mobile apps if they lose their phone, or force a user's password to expire every few months for security purposes. Supervisors may also have reason to disable a user's account so they are unable log in to xMatters or receive notifications.
If you have permission to activate and inactivate user accounts, you can quickly toggle whether a user account is active. This enables you to quickly disable an account without deleting it. Inactive users cannot log in to xMatters or receive notifications, but they retain their settings, group memberships, and subscriptions. Inactive users and their devices may appear grayed-out and struck through in the web user interface.
Inactive users count against licensing limitations. For more information about using search filters to locate inactive users, see Search for users and groups.
To inactivate a user account:
- Locate the user on the Users tab, and click their name.
- In the profile summary area, click the toggle next to User is active or User is inactive.
- The toggle is disabled if you do not have permission to change the active status of this user.
In some cases, supervisors may need to force a user’s password to expire. For example, manual password expiry may be necessary if a user has forgotten their password or if they learn that someone else knows their current password.
A user supervisor can disable the current password for any user they supervise and assign them a temporary password. When the user logs in to xMatters with the temporary password, they are directed to immediately create a new password.
To manually force a user's password to expire:
- In the xMatters web user interface, navigate to the user profile summary for the user whose password you want to reset.
- Click Change Login.
- On the Web Login tab, specify a temporary password for the user in the New Password and Confirm Password fields.
- Click Force Password Reset.
- Click Save.
- Inform the user of the temporary password you have set for them.
The next time the user logs in to the xMatters web user interface, they will need to use the temporary password. Once they have logged in, xMatters will guide them through the process of specifying a new password.
Note: The xMatters REST API does not require users to specify a new password after they sign in with a temporary password.
In some cases, supervisors may need to sign a user out of the mobile apps. For example, this may be necessary if a user loses their mobile device.
To sign a user out of the mobile apps:
- Sign in to the xMatters user interface.
- Locate the user on the User tab, and click their name.
- In the profile summary area, click Sign out of mobile apps.
- It may take up to fifteen minutes for the sign out to take effect.
This will not change the user's password or log them out of any web browser sessions. If they later find their phone, they will be able to sign back into their mobile app account with their user name and password, unless you force their password to expire.
If the user has access to multiple accounts on their mobile app, you will need to sign them out of each account individually.