Control a user's access
In some situations, supervisors may need to control a user's access to xMatters. For example, it may be necessary to log a user out of their mobile apps if they lose their phone, or force a user's password to expire every few months for security purposes. Supervisors may also have reason to disable a user's account so they are unable log in to xMatters or receive notifications.
If you have permission to activate and inactivate user accounts, you can quickly toggle whether a user account is active. This enables you to quickly disable an account without deleting it. Inactive users cannot log in to xMatters or receive notifications, but they retain their settings, group memberships, and subscriptions. Inactive users and their devices may appear grayed-out and struck through in the web user interface.
Inactive users count against licensing limitations. For more information about finding the inactive users in your system, see Filter the users list.
To deactivate a user account:
- Locate the user on the Users tab and click their name.
- At the top of their profile, next to their name, use the status drop-down to set whether the user is Active or Inactive.
- The drop-down option is disabled if you do not have permission to change the active status of this user.
A user's account may be 'locked out' if they enter an incorrect login credentials more than a specific number of times determined by your organization's password policy settings. When a user is locked out, they cannot attempt to log in again until a certain amount of time has passed, or a supervisor with the proper permissions has unlocked their account.
A user with a locked account has a Locked status beside their name on their profile summary. If you hover over the Locked status, a tooltip pops up that contains the following information:
- How many failed logins the user attempted
- The date and time in the user's time zone when the failed login attempts occurred
- How much time (in minutes) before the user can attempt to log in again
To unlock a user account from their profile summary:
- Locate the user on the Users tab and click their name.
- At the top of their profile, next to their name, there will be a Locked status if the user's account is locked.
- Use the Locked status drop-down and click Unlock Account to unlock the user's account.
- The drop-down option is disabled if you do not have permission to unlock the user.
- Once the user's account is unlocked, the Locked status will no longer be visible.
To unlock a user account from the More Actions menu on their profile:
- In the xMatters web user interface, navigate to the profile summary of the user whose account you want to unlock.
- From the More Actions menu, click Unlock Account.
- The option is disabled if you do not have permission to unlock the user.
- Once the user's account is unlocked, the Locked status on their profile summary will no longer be visible.
In some cases, supervisors may need to force a user’s password to expire. For example, manual password expiry may be necessary if a user has forgotten their password or if they learn that someone else knows their current password. Supervisors also have the option to sign a user out of all active web and mobile app sessions and revoke all the authentication tokens associated with their account. This option is useful if a user's password was compromised and you want their account logged out of all devices immediately.
A user supervisor can disable the current password for any user they supervise and assign them a temporary password. When the user logs in to xMatters with the temporary password, they are directed to immediately create a new password.
To manually force a user's password to expire:
- In the xMatters web user interface, navigate to the profile summary of the user whose password you want to reset.
- From the More Actions menu, select Change Web / App Password.
- On the Change Web /App Password dialog box, specify a temporary password for the user in the New Password and Confirm Password fields.
- Click Force Password Reset. You can select Sign Out Everywhere at the same time if you want to sign the user out of all their devices and revoke all the authentication tokens associated with their account.
- Click Save.
- Inform the user of the temporary password you have set for them.
The next time the user logs in to the xMatters web user interface, they will need to use the temporary password. Once they have logged in, xMatters will guide them through the process of specifying a new password. If you selected Sign Out Everywhere, the user has to sign in to all their devices and create new authentication tokens with their new password.
Note: The xMatters REST API does not require users to specify a new password after they sign in with a temporary password.
In some cases, supervisors may need to sign a user out of the mobile apps. For example, this may be necessary if a user loses their mobile device.
To sign a user out of the mobile apps:
- Sign in to the xMatters user interface.
- Locate the user on the User tab and click their name to view their user profile.
- From the More Actions menu, select Sign Out of Mobile Apps.
- It may take up to fifteen minutes for the sign out to take effect.
This will not change the user's password or log them out of any web browser sessions. If they later find their phone, they will be able to sign back into their mobile app account with their username and password, unless you force their password to expire.
If the user has access to multiple accounts on their mobile app, you will need to sign them out of each account individually.