Table of Contents
Users
Table of Contents
Fotoware Alto uses accounts and an Identity Server to identify users. Accounts control only if the account holder can connect to Fotoware Alto to access and edit that user's profile. Once connected, the Roles and Permission Sets of the account determine access to content and other parts of the system.
The Fotoware Alto Identity Server (previously Picturepark Identity Server) handles account registration. If a user has an identity server account, that user can log in to other Fotoware Alto systems. Their identity server account stays linked to their Fotoware Alto account. The Fotoware Alto administrator can then choose whether or not to approve the user and what roles to assign.
Single users do not have permissions in Fotoware Alto, but only through the role, they belong to.
Create a user
- Go to Users.
- Select + (Create).
- Enter the required user credentials.
Create user and assign roles.
You can choose not to Invite user immediately by turning off the toggle at the end of the page. By default, newly created users get an invitation email.
If you turn off this toggle, you need to invite users manually using the Invite user option.
After creating a user
- Fotoware Alto sends an invitation to the email when the immediate invitation is enabled.
- Fotoware Alto opens the details to assign a role. Without a role assigned, the user cannot access any content other than their own profile.
Search and find users
Find users using advanced searching.
Search: Find Users by Creation Date Range
Update and assign user roles
The most common case is to assign a role for one user to access the content in Fotoware Alto.
- Open the User Browser.
- Find your user by filtering for invited.
- Open the Details.
- Assign a Role.
Find user and update role.
You can also batch assign user roles to multiple users.
- Open the User Browser.
- Find your user by filtering for invited or searching for something.
- Select the Assign roles batch operation.
- You see the number of users affected in the upper text of the window.
- The dialog shows the user roles in available.
- You can choose whether to add (default action), remove, or overwrite (set) user roles.
- Select the roles.
- Save.
Finding users, adding roles to all, removing roles from some.
*remove only removes the role if the role is assigned.
Update and assign an Identity Provider
Users in Fotoware Alto will have the Fotoware Alto IDS configured as the default identity provider. You must change the Identity Provider after setting up federated authentication.
- Open the User Browser.
- Find the user via search or filter criteria.
- Open the Details.
- Edit.
- Update Identity Provider.
- Save.
Find the user and update the identity provider.
There is currently no batch operation in the UI for updating the Identity Provider. However, you can use Postman and update via API:
- Search Users: https://demo.picturepark.com/Docs/Rest/index.html#operation/User_Search
- Update Identity Provider for provided user IDs https://demo.picturepark.com/Docs/Rest/index.html#operation/User_UpdateIdentityProviderMany
Update a single user
- Open Users.
- Open Details of one User.
- Update.
- Save.
You can only update user details for users not authenticated via a third-party identity provider, such as users in Fotoware Alto, not users linked to the company active directory. For these users (federated users), you have to change the Identity Provider first.
No update for federated users, single update for Fotoware Alto ad user
Update multiple users
User management offers batch operations in the toolbar. When you open user management from the main menu (go to Access > Users, you can:
- Assign roles to all users,
- Invite users to your Fotoware Alto (sign-in),
- Lock all users.
- Delete users.
The numbers next to the action indicate the number of users affected by this operation; for example, assigning roles to 5 users and inviting 4 of 5 users.
This enables fast and easy user management in Fotoware Alto, in addition to working with filters and search, for use cases such as:
- Select the Invited Lifecycle filter to find all invited users and re-invite them if they haven’t followed your first request already.
- Select a supplier A user role, which you terminated and lock all users of that role.
- Select all locked users of supplier B which you partnered up again and unlock them.
- Select all users of your default role, e.g., Reader, and assign the corresponding editor role to them.
- Select inactive users and reactivate them.
Batch operations are limited to 1000 users per batch.
Update email and password
Fotoware Alto uses the Identity Server to house all user accounts. This means that your same email address can be used to connect to multiple Fotoware Alto instances. Log in with the same email address and password, and your account will be created in the new instance. Of course, an administrator for that instance will need to review it.
To change Email and Password
- Open the user profile from the main menu.
- Choose reset password.
- Change your password.
- Switch to Manage your account.
- Change your email.
Email and passwords are changed in the Fotoware Alto IdP.
Fotoware Alto stores all passwords encrypted using the sha256 algorithm.
Update gravatar
To update the gravatar, open https://en.gravatar.com (if you don't already have one). This is used as the user's gravatar in Fotoware Alto. If you do not already have an account on https://en.gravatar.com, you will need to click on sign up on the Gravatar site and either log in with Google or create a WordPress account. There is currently no other way to change the profile picture. Please do not use gravatars with transparency. These will display the default icon behind them in the current version of Fotoware Alto.
Lock a user
If you lock an account, the user will receive a notification email. An email will also be sent if you unlock the account.
Delete a user
To delete a Fotoware Alto user, go to Access > Users in the Main menu You can delete a user by selecting the user and using the Delete icon () or by right-clicking on the user and selecting Delete.
A deleted user will not be notified that they have been deleted, and their identity server account will not be affected.
When a user is deleted, their user information will be shown in the User Browser until the user retention time has passed. The user is then archived and their information is no longer shown in the User Browser.
If a deleted user sent or received shares, they are no longer shown in the Recipients panel.
If the deleted user worked with content or list items, the text Former user is displayed in the Activity panels.
On deleting one or multiple users who hold ownership in in Fotoware Alto, you will be asked to select another user who will then take over ownership of their items. Deleted users who don't own anything in Fotoware Alto are shown at the bottom of the list in the Delete Users window or deleted automatically if all the users that are being deleted have no ownership. You can also select one user as the new owner to replace all of the owners who have been deleted. Only users with more or the same number of the following user role permissions, such as the deleted user, will appear in the dropdown for selection.
Note: Deleted users will not appear in the list, however those under review or locked will:
- manage content
- manage shares
- manage schemas
- manage permission set
- manage roles
Multiple users can be deleted in the Users menu. Select the users to delete and then select the Delete icon .
Reactivating users
A deleted user can be reactivated. In the Main Menu, go to Access > Users and select the reactivate icon. Multiple users can be reactivated at once by selecting these in the User management and hitting the reactivate icon.
Reactivation a deleted user with lifecycle “Deleted” .
A deleted user can be reactivated within 30 days (Standard can be configured per customer).
Requesting deletion of a single Fotoware Alto account
A user can delete themselves. If they choose to do so, they will be asked to confirm that they want to delete their account, and then they will receive an information window to let them know that their account has been deleted and they will be logged out. No emails are sent if a user deletes themselves. If they try to log in to Fotoware Alto with a deleted user they will receive a notification after login that their account is inactive. Note deleting their Fotoware Alto account does not delete their identity server account. Currently, users can delete themselves regardless of whether or not they have user role permissions to manage users.
If the user requests deletion, the account will be in the authorization state. User triggered deletion, their account will be locked, and all users in the Fotoware Alto with a role that has the Manage Users rights of that Fotoware Alto instance will receive an email that the user has requested deletion.
After the request you can:
- Delete the user's account. This will only delete the account from the Fotoware Alto where the account deletion was requested. This does not delete the User's Identity Server account as the user may want to stay as a user in another Fotoware Alto where this account is used.
- Cancel the deletion request: this will reactivate the user and send them an email saying their account has been unlocked.
Requesting deletion of an Identity Server account
A user can also request the deletion of their Identity Server account, which may have been added to multiple Fotoware Alto instances on the same platform. To do so, contact Support.
Required user information
Each account includes a fixed set of fields to hold user information:
- First Name *
- Last Name *
- Email *
- Language *
- Telephone
- Company
- Department
- Address
- Country
- Alternative Address
- City
- Zip
Required fields are marked with an asterisk (*).
Named accounts
Fotoware Alto accounts are named, meaning that each account should be created for and used by only one individual.
The benefits of named accounts include
- Users can share content from their email addresses, own content, and collaborate with others.
- Personalization features improve the user experience of named users.
- System logs and statistics can accurately identify which user did what at what time. Fotoware Alto can provide reporting on request.
Please note that sharing named user accounts among different individuals might result in falsified identities, identity theft, and erroneous behaviors of Fotoware Alto, and is excluded from all and any warranties. Sharing so-called "core users" among different individuals is also prohibited by our agreements or subject to specific requirements if an API-integration uses a named user. Please review our subscription plans and license agreements.
Licensing considerations
There are two user license types in Fotoware Alto:
- Regular User
- Core User
Regular User licensing refers to an Account's ability to access and contribute content.
Core User licensing refers to an Account's ability to also edit content and administer the system. These terms apply only to licensing, which is not necessarily equal to Fotoware Alto permissions.
Fotoware Alto permits unlimited Regular User Accounts, meaning there is no license-imposed limit on the number of users or external systems that may connect at any time.
Regular User access works for users and systems that need to find, access, or contribute content, but not edit content or manage the system. You can create as many Accounts for this purpose as you need, without affecting your license cost requirements. (Note that we charge traffic from Regular User Accounts against your traffic quota.)
Users and external systems that must be able to edit content or manage the system must have Roles assigned that grant them the required permissions. Once attached to such a Role, the account uses one of the system's available Core User licenses.
An Account never uses more than one Core User license, no matter how many editor Roles it is assigned. However, if the same account connects more than one Fotoware Alto session at a time, it consumes one Core User license for each session.
There is no Account setting that defines the account to be a Regular User or Core User. This is based solely on assigned Roles, so take care when assigning Roles that you don't inadvertently assign Core User roles to users who do not require that level of access.
Limitations
- A Fotoware Alto account is always in one of several states. The current state of an Account is shown in the Account Manager view.
- User information is stored on secured Fotoware Alto servers. Fotoware (the company) complies with the General Data Protection Regulation (GDPR) of the EU and other data privacy regulations but solely acts as a data processor.
- The privacy policy and other terms defined on login, signup, and in the help menu of your Fotoware Alto define how your personal data will be used as defined by the data controller.
- It is not possible to change user fields or field requirements in this release of Fotoware Alto.
- There is no way to "reject" a user's sign-up request.
- A user will not receive an email should their account be deleted, but if you lock them.
- The content and format of automated emails sent to users can be edited in templates Be aware that you must check customized templates after each release.
- Automated emails come from a "no-reply" email address (Customer Settings) that Fotoware Alto staff can configure in the Cloud Manager.
- There is currently no clean-up of accounts on the identity server that have been open longer than a certain period without being confirmed.
- The following attributes exist in the search:
- ✔isLocked:false
- ✔isSupportUser:false
The following attributes do not exist in the search: - ❌isReadOnly:false
- ❌isFederated:true
- ❌isDeleted:true