Magnolia 4.5 reached end of life on June 30, 2016. This branch is no longer supported, see End-of-life policy.
A user is an account that identifies the person accessing Magnolia. In addition to a username, Magnolia stores the user's full name, password, language preference and email address by default. Users inherit their permissions from the groups and roles the are attached to.
Types of users
| Type | Example |
|---|---|---|
| Users | People who work on site content such as authors, editors and publishers. |
| System users | Administrative accounts with permissions to configure Magnolia, install new modules and create new templates, for example. |
| Public users | End users or visitors of the site. They can be registered through the Public User Registration (PUR) module. Registering visitors allows you to provide them with personalized content such as members-only sections of the site, newsletters and mailing lists. |
Organizing users
In Magnolia, users are organized as follows:
- Users can have both roles and groups.
- Groups can have groups and roles.
- Roles can have only ACLs.
Permissions are defined in the ACL. Users inherit permissions from the roles and groups assigned to them.
In a small site you can manage users and groups in Magnolia. On a larger site (hundreds of users), it is better to manage users and groups in an enterprise-grade user management infrastructure such as Microsoft Active Directory. You would define roles and ACLs in Magnolia but manage users and groups in the external system.
Get a list of all permissions assigned to a user or group using the Permissions list tool.
Creating users
To create a user:
- Click Security.
- Click the type of user you want to create.
- Click New User in the toolbar.
A new user named "untitled" is added to the list. - Double-click the word "untitled" and type the user's username, then press ENTER. See tip below.
- Select the new user and click Edit user in the toolbar.
The Edit User dialog is displayed. - Fill in the user's account details:
- Full name
- Password. Verify by retyping the password in the field below.
- Email address. Used for various purposes such as in the workflow to notify the user about pending workitems.
- Language. Select the language AdminCentral should be displayed in for this user. Magnolia comes in many different languages.
- Groups: Click Choose and attach a group to the user. To attach several groups, click Add and browse again. Usually this setting is only available to administrators.
- Roles: Click Choose and attach a role to the user. To add several roles, click Add and browse again.
- Check the Enabled box. This is checked by default and allows the user to sign into Magnolia.
Be consistent in usernames and full names. Define a convention such as "first initial + last name" (ajones) for usernames. For full names use a convention such as "firstname lastname" (Andrew Jones) or "lastname, firstname" (Jones, Andrew).
Editing users
- Click Security.
- Select the type of user you want to edit.
- Double-click the icon of the user you want to edit.
- Edit the account details.
- Click Save.h2. Deleting users
Deleting users
- Click Security.
- Select the type of user you want to delete.
- Right-click the icon of the user and select Delete user.
- Click OK in the confirmation dialog.
Automatic lockout
The automatic lockout feature was introduced in Magnolia 4.4. It is a security precaution that prevents users from accessing AdminCentral after a number of failed login attempts. When a incorrect password is entered the user receives the following warning.
By default, the lockout is triggered by a minimum of five failed attempts and the account is automatically disabled. The number of failed attempts is configurable.
When a non-existent username is entered the same message is displayed, but lockout does not occur as the account does not exist.
The lockout applies to both systems users and admin users, i.e. users set up in Security > Users and Systems Users, but does not affect Public Users.
After lockout, a user’s access privileges can be re-enabled by an administrator in Security > Users or Systems Users by checking the Enabled option. When lockout occurs, this checkbox is cleared.
The number of failed login attempts that will trigger lockout is configurable at Configuration > /server/security/userManagers/system and /admin. Different values can be set for Users and Systems Users.
External services
The LDAP Connector module is a standard JAAS login module that connects to any LDAP V3 supported directory service. This module is useful where an enterprise-grade user management infrastructure already exists. With the JAAS standard support you can meet single sign-on requirements or connect to legacy LDAP/ADS directory servers.
Overview
Content Tools