👥 User Management

Learn how to add users, assign roles, and manage permissions across your organization.

Understanding User Roles

CEF Core uses role-based access control (RBAC) to ensure users only have access to features they need. There are three main roles:

🔐 System Admin

Full Access: All features and settings

Typical users: CEO, CTO, CFO

  • Add/remove users and assign roles
  • Configure system settings
  • Access all financial data
  • Approve high-value transactions
  • Manage organization settings

💼 Staff

Standard Access: Daily operations

Typical users: Loan officers, accountants, treasury staff

  • Create and manage loans and notes
  • Process payments and receipts
  • Generate reports
  • Manage customer relationships
  • View financial data (no editing)

👤 Customer

Limited Access: View-only customer portal

Typical users: Churches, investors, borrowers

  • View their own loans and notes
  • See payment history
  • Download statements
  • Update contact information
  • Submit support requests

Adding a New User

Only System Admins can add new users.

Step-by-Step:

  1. Navigate to Admin → Users in the top navigation
  2. Click the "+ Add User" button in the top-right
  3. Fill in the user details:
    • Email: User's email address (required)
    • Full Name: First and last name
    • Role: Select System Admin, Staff, or Customer
    • Department: (Optional) e.g., Treasury, Loans, Accounting
    • Phone: (Optional) Contact phone number
  4. Click "Send Invitation"
  5. The user will receive an email with:
    • Login link
    • Temporary password
    • Instructions to complete their profile

💡 Tip: The invitation email expires after 7 days. If a user doesn't complete registration in time, you can resend the invitation from the user list.

Managing Existing Users

Editing User Details:

  1. Go to Admin → Users
  2. Click on the user's name to open their profile
  3. Click "Edit" to modify:
    • Name, email, phone
    • Role and department
    • Active/inactive status
  4. Click "Save Changes"

Changing User Roles:

  1. Open the user's profile
  2. Click "Change Role"
  3. Select the new role from the dropdown
  4. Confirm the change (requires admin password)
  5. The user will receive an email notification

Deactivating Users:

Instead of deleting users (which would lose audit history), you can deactivate them:

  1. Open the user's profile
  2. Click "Deactivate User"
  3. Confirm the action
  4. The user will immediately lose access to CEF Core
  5. All their historical data and audit logs remain intact

⚠️ Important: You cannot deactivate yourself. Another System Admin must perform this action if needed.

Password Management

Users Can Change Their Own Password:

  1. Click on your name in the top-right corner
  2. Select "Profile"
  3. Click "Change Password"
  4. Enter current password
  5. Enter new password (must be at least 8 characters)
  6. Confirm new password
  7. Click "Update Password"

Admins Can Reset User Passwords:

  1. Go to Admin → Users
  2. Find the user who needs a password reset
  3. Click "Reset Password"
  4. The user will receive an email with:
    • Password reset link (valid for 24 hours)
    • Instructions to create a new password

💡 Best Practice: Enforce password changes every 90 days. You can configure this in Admin → Security Settings.

Security Best Practices

  • Principle of Least Privilege: Give users the minimum access needed for their job
  • Regular Audits: Review active users quarterly and deactivate those who no longer need access
  • Strong Passwords: Require at least 8 characters with numbers and special characters
  • Immediate Deactivation: When employees leave, deactivate their accounts immediately
  • Monitor Activity: Review the audit log regularly for suspicious activity

Troubleshooting

User Can't Log In:

  • Check if their account is active (Admin → Users)
  • Verify they're using the correct email address
  • Send a password reset link
  • Check if their invitation expired (resend if needed)

User Can't Access a Feature:

  • Verify their role has permission for that feature
  • Check if they need to be promoted to Staff or Admin
  • Review the role permissions in Admin → Security Settings

Invitation Email Not Received:

  • Check spam/junk folder
  • Verify email address is correct
  • Resend the invitation from the user list
  • Contact support if issues persist

Need Help with User Management?

Our support team can help you set up users, configure roles, or troubleshoot access issues.

Contact Support