Magnolia 4.5 reached end of life on June 30, 2016. This branch is no longer supported, see End-of-life policy.
People who work on site content such as authors, editors and publishers.
Administrative accounts with permissions to configure Magnolia, install new modules and create new templates, for example.
End users or visitors of the site. They can be registered through the. Registering visitors allows you to provide them with personalized content such as members-only sections of the site, newsletters and mailing lists.
In Magnolia, users are organized as follows:
In a small site you can manage users and groups in Magnolia. On a larger site (hundreds of users), it is better to manage users and groups in an enterprise-grade user management infrastructure such as Microsoft Active Directory. You would define roles and ACLs in Magnolia but manage users and groups in the external system.
To create a user:
Be consistent in usernames and full names. Define a convention such as "first initial + last name" (
ajones) for usernames. For full names use a convention such as "firstname lastname" (
Andrew Jones) or "lastname, firstname" (
The automatic lockout feature was introduced in Magnolia 4.4. It is a security precaution that prevents users from accessing AdminCentral after a number of failed login attempts. When a incorrect password is entered the user receives the following warning.
By default, the lockout is triggered by a minimum of five failed attempts and the account is automatically disabled. The number of failed attempts is configurable.
When a non-existent username is entered the same message is displayed, but lockout does not occur as the account does not exist.
The lockout applies to both systems users and admin users, i.e. users set up in Security > Users and Systems Users, but does not affect Public Users.
After lockout, a user’s access privileges can be re-enabled by an administrator in Security > Users or Systems Users by checking the Enabled option. When lockout occurs, this checkbox is cleared.
The number of failed login attempts that will trigger lockout is configurable at Configuration >
/admin. Different values can be set for Users and Systems Users.