The methods you use to add and deactivate users depend on what kind of Hyperscience instance you’re using.
On-premise / private cloud instances
You can add and deactivate users by following the processes below.
Adding new users
There are two ways to add users to Hyperscience, neither of which can be done through the main user interface:
Directly in Hyperscience:
Native, or local, users can be added in /admin/auth/user/add/.
Additionally, users can be added in bulk via CSV upload in /admin/auth/user/import-csv/.
The CSV file must be in the following format:
username,password user1,password1 user2,password2 ...
Through an external authentication provider: New users will be created in Hyperscience the first time they log in after being authenticated by your provider.
External authentication methods and API users
If you are using an external authentication method, you have the option of periodically revalidating API tokens for your users. If this feature is enabled, users can revalidate their tokens by signing in to the application through a browser. API-only users and users who cannot readily access the application through a browser should be added to a list of exempted users. For more information, see External Authentication Methods and API Users.
To learn about automatic token revalidation’s effect on your trainer user, see Trainer Installation (Production).
Deactivating users
Users cannot be deleted from Hyperscience. To revoke a user’s access, you must change their permissions so that they are no longer an active user. Deactivation is required regardless of how the user was created or what version of Hyperscience you’re using.
To deactivate a user:
If the user was created through an external authentication provider, delete the user in that system.
In Hyperscience, go to /admin/auth/user/.
Click on the ID of the user you would like to deactivate.
Under "Permissions," deselect the Active option.
Click Save.
Deactivation and API tokens
If you have an exempted user list as described above, you will need to remove users from the list in order for the system to deactivate their API tokens.
Resetting a user's password
The process for resetting a user’s password depends on how they log in to Hyperscience:
External authentication: A user who accesses the Hyperscience platform through an external authentication method (e.g., LDAP, SAML, ODIC) must reset their password through their authentication provider. These users’ passwords cannot be reset in Hyperscience.
Local authentication: A user who logs in through Hyperscience’s built-in authentication can have their password reset by their system administrator.
Users with system admin permissions can reset a local user’s password by following these steps:
Go to /admin/auth/user/
Click on the user’s ID, which appears to the left of their username.
Click on the link that appears in “Raw passwords are not stored, so there is no way to see this user's password, but you can change the password using this form.”
Enter the new password in the boxes provided, and click Change Password.
SaaS instances
The instructions for built-in user management below apply only to instances that are not integrated with an external authentication provider.
Adding users
Built-in user management
To add a user to your instance:
Go to the Users page (Users > Users), and click Add User.
Enter the user’s email address, first name, and last name in the text boxes provided.
In the Permission Group drop-down list, select the permission group that the user should be added to.
To learn more about permission groups, see Permission Groups.
Click Done.
The user’s information appears in the table of users on the Users page. The user receives an email instructing them on how to activate their Okta account.
External authentication provider
If you need to grant access to new users, you can add those users to your authentication provider’s system. When they log in to Hyperscience through your authentication provider for the first time, they will be automatically added to the list of users on the Users page in the application.
Resetting a user's password
Built-in user management
To reset a user’s password:
Go to the Users page (Users > Users), and find the record of the user whose password you would like to reset.
Click Actions, and then click Reset Password.
Click OK in the confirmation dialog box.
The user receives an email with a link to reset their password.
External authentication provider
If you are managing users through an external authentication provider, you must reset their passwords through your authentication provider. You cannot reset users’ passwords in Hyperscience.
Resetting MFA for a user
Built-in user management
To reset a user’s MFA information:
Go to the Users page (Users > Users), and find the record of the user whose MFA information you would like to reset.
Click Actions, and then click Reset MFA.
Click OK in the confirmation dialog box.
If the user had MFA set up for their account, their MFA information is cleared, and they can set up MFA again if they choose to.
External authentication provider
If you are managing users through an external authentication provider, you must reset their MFA information through your authentication provider. You cannot reset users’ MFA information in Hyperscience.
Updating a user’s information
Built-in user management
You can update a user’s first name, last name, and permission group in the application. You cannot update their email address.
To update a user’s information:
Go to the Users page (Users > Users), and find the record of the user whose information you would like to update.
Click on the user’s username, and click Edit in the dialog box that appears.
Edit the user’s first name, last name, or permission group as needed.
Click Done.
External authentication provider
If you need to update a user’s information, you must do so through your external authentication provider.
Deactivating users
Built-in user management
If you need to revoke a user’s access to Hyperscience, you can deactivate that user in the application.
To deactivate a user:
Go to the Users page (Users > Users), and find the record of the user you would like to deactivate.
Click Actions, and then click Deactivate User.
Click OK in the confirmation dialog box.
The user’s record no longer appears in the list of users on the Users page.
External authentication provider
To deactivate users, you can remove them from your authentication provider’s system. They will not be able to log in to Hyperscience, but their user information will remain in the application. You can contact your Hyperscience representative to have this information removed.
Viewing and reactivating deactivated users
Built-in user management
To view a list of deactivated users, go to the Users page (Users > Users), and click Show deactivated users >.
You can reactivate a deactivated user in the list. To do so, click Reactivate in the user’s row, and then click OK in the confirmation dialog that appears. The user’s record reappears in the list of users on the Users page.
If you add a user with the same username as a deactivated user, the deactivated user will be reactivated.
External authentication provider
If you are using an external authentication provider, it is not possible to view and reactivate deactivated users in the application.