Users

A user record must exist for every person who accesses the application and the portals. User records include basic information about the person and information such as:

Users can be assigned rights individually, or as part of a group.

 

Further on this page:

 

Users with Special Considerations

There are special considerations for these user types:

Users with System Administration Rights

A system administrator plays a key role in maintaining the application, especially in establishing and maintaining system security. There must always be at least 1 user with the System Administration, Access right. This right gives a user access to every object, function, and module in the application. See Default Administrator Accounts for list of default users with administration rights.

Users with Security Administration Rights

In a large marketing organization, maintaining system security can be time consuming. You might have a high volume of these requests:

  • Creating user records.
  • Inactivating or deleting user records for individuals who no longer need access.
  • Changing rights for current users.
  • Resetting expired or forgotten passwords.

Having a security administrator can reduce the volume of requests handled by the system administrator.

Service Users

A default service user record is created when the application is installed. The application's service components use this record to access and process various data. You can create a new service user record by setting the Service User field to Yes.

Note:
You cannot log on to Aprimo or the portals using a service user record.
Note:
Once a User is designated a Service User, the User Type cannot be changed; it will be disabled and display 'None'.

Anonymous Access Users

An anonymous access user is used to enable general access to create work requests from the configured work request categories. When someone navigates to the anonymous access user’s url link they will only be able to create new work requests for which they have been configured. You can create an anonymous access user record by clicking the generate new token button on the anonymous access tab.

Note:
You cannot log on to Aprimo or the portals using an anonymous access user record.

Self registering users

You can allow new users to self register to immediately allow them basic access, without having to first set up each new user. Self-registered users will start out with a basic configuration that you can control yourself. By default, users cannot self-register.

For more information about self-registration and how to set it up, please seeEnabling self-registration

 

Default Administrator Accounts

The following Admin accounts are provided by default, depending on which product modules have been licensed. Note that ANY account associated with an @aprimo.com address does not impact the license count.

Account Notes

ADMIN, ADMIN

Active default admin account for PM user account. This can be deactivated if desired.

Aprimo, Admin

Default admin account for PM. This can be deactivated if desired.

AprimoAdmin, Aprimo Default admin account for PM. This can be deactivated if desired.
AprimoPreCache, AprimoPreCache Used for system performance optimization. Required.
AprimoSupport, AprimoSupport Used for Customer Support troubleshooting. Required.
DAM Administrator Default admin for DAM. This can be deactivated if desired.
DAM Operator Used for system configs related to DAM. Required.
GW_Data Used for Data Loader Functionality. This can be deactivated, but that is not recommended.
MOSServiceUser, MOSServiceUser Needed for Aprimo services to run, i.e. workflow/notifications. Required.
pssupport, pssupport Test account used by Aprimo Professional services. Can be deactivated without causing issues with the system, but any service contacts you work with may use this account, so do so with caution.
ReportUser, ReportUser Used for reporting. Required.
ServiceUser, ServiceUser Needed for Aprimo services to run, i.e. workflow/notifications. Required.

User Passwords

Each user has a password to prevent other people from using his or her record to access the application. When you add a user record, a default password is created automatically. The user, system administrator, or security administrator can change the password. The new password must follow the password conventions.

Default Passwords

When you add a user record, the default password is the same as the login ID.

You can change the password by clicking Reset Password when viewing the user's record. A user can change his or her password by clicking Change Password from the My Settings button on the toolbar.

Note:
All passwords are case sensitive, including default passwords.

Password Conventions

User passwords are case sensitive, and must always meet these requirements:

  • Contain the minimum number of characters specified in the Minimum Password Length system parameter.
  • Contain less than 100 characters

If the Require Complex Passwords system parameter is set to Yes, the user passwords must meet these requirements:

  • Must contain all the character types:
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Special characters
  • Must not contain a character repeated more than three times, the user’s first name, last name, and login ID.
  • Must not contain any of the blacklisted text within the password:
    • p@ssword
    • computer
    • qwerty
    • secret
    • a1b2c3
    • 123
    • aprimo
    • teradata

Password Expiration

A user password can expire if 1 of these conditions occurs:

  • The user has too many consecutive unsuccessful login attempts.
    The allowed number of consecutive unsuccessful login attempts is controlled by the Number of Invalid Logins Allowed system parameter. An administrator must set a new password for users locked out for this reason.
  • The password expiration period passes.
    Users receive a warning before their password expires. Users who do not change their password before the expiration period passes can log on, but they must immediately change their password before accessing the application.

Electronic Signatures

Administrators can configure Aprimo to require users to verify their identity in the application at various points, using an electronic signature. The setting of the Electronic Signature Verification Method system parameter determines whether the electronic signature is the user's Aprimo password or a Review PIN.

Review PINs

When the Electronic Signature Verification Method system parameter is set to Review PIN, all users must have a Review PIN to verify their identity in the application. When you add a user record, a Review PIN is not automatically created. Click the Reset Review PIN button in a user record to create a Review PIN for a user.

Users who do not have a Review PIN when they log in are immediately required to create one. Users who do not have a Review PIN and attempt to close a task that requires one are immediately required to create a Review PIN.

Review PIN Conventions

Review PINs must use exactly 6 digits. Letters and other characters are not allowed.

Review PIN Attempts

Users receive a warning after two unsuccessful attempts to enter a Review PIN. A third unsuccessful attempt locks the Review PIN field, which must then be reset by a system administrator.

Access Lists

Access lists work in conjunction with rights to determine whether a user has access to a particular object. Examples of objects with access lists include:

  • Activity proposals
  • Program proposals
  • Activities
  • Programs
  • Funding accounts

For objects with access lists, a user must have the appropriate domain rights and access rights to view or edit the object.

In general, these are the access levels for these objects.

  • Viewing object information

    A user can see all basic information for the object, but cannot change the information.

  • Editing object information

    A user can edit the object's basic information, give access to the object to other users, and delete the object.

If your organization has the financial modules, some objects have additional.

Financial Information Security

The application provides several security levels for financial information:

Finance Groups

Users who manage financial information can be assigned to a finance group. Finance groups are assigned to a particular domain when created. A finance group manages this financial information:

Rights

There are several rights that relate only to financial information. Each right controls access to a module that displays financial information. Users cannot access these modules unless they have the rights to that module.

Financial Administration Modules

Table 1.
Module Rights

Authorization Trees

  • Authorization Trees, View
  • Authorization Trees, Edit

Authorization Rules

  • Authorization Rules, View
  • Authorization Rules, Edit

Fiscal Periods Setup

  • Financial, General Administrator

Currency Setup

Financial Hierarchies Setup

Expense Categories Setup

Expense Hierarchy Setup

Fiscal Year Plans

  • Financial, Finance Group Administrator

Closeouts

Snapshots

Financials Modules

Module Rights
Funding Accounts
  • Funding Account, View
  • Funding Account, Edit
  • Financial, Finance Group Administrator
Financial Hierarchies
  • Financial Hierarchies, View
Expense Categories
  • Expense Category, List View
Expense Hierarchies
  • Expense Category, Hierarchy View
Resource Approvals
  • Resource Approvals, Access
Forecast Approvals
  • Forecast Approvals, Access
  • Forecast Approvals, Modify Reviewers
Period Status

No rights are necessary for general viewing.

Note:
You must have the Financial, Finance Group Administration right to view the audit log.

Commitments and Invoices Modules

Module Rights
Commitment Management
  • Commitments, View
  • Commitments, Edit
  • Commitments, Mass Entry
Invoice Management
  • Invoice, View
  • Invoice, Edit
  • Invoice, Mass Entry
Commitment Approvals
  • Commitment Approvals, Access
Invoice Approvals
  • Invoice Approvals, Access
Journal Voucher Management
  • Journal Vouchers, View
  • Journal Vouchers, Edit

Financial Access Lists

Access lists work in conjunction with rights to determine whether a user has view or edit privileges to a specific object. These objects have access lists for financial information:

  • Program proposals
  • Activity proposals
  • Programs
  • Activities

A user must have the appropriate domain rights and access rights to view or edit financial information for the object. For example, a user could have the right to edit an activity, but not be able to see any financial data for the activity. This enables you to control financial data in the application so only select users can access sensitive financial information.

These are the access levels for financial data:

  • Viewing financial information
    A user can see all financial information for the object, but cannot change it.
  • Editing financial information
    A user can edit the object's basic and financial information, give financial access to the object to other users, and delete the object.

Key Fields

This chapter explains the user administration page. You can find this page as follows:

  1. On the main application menu, click Administration
  2. On the left navigation, click Security
  3. Under Security, click Users
  4. Click on the user you want to administer from the Users List, or select the radio button and click View details.

On the user page, there are two areas that you can access using the Expand Menu icon on the top left.

  • User administration panel (default view)
  • Audit trail

User administration panel

Details

Field Description

Email

Type the email address to which the application sends notifications to the user.

Note:
If you map a participant record that does not contain an email address to a user record, notifications are sent to the address specified in this field.

Login ID

Type the login ID the user enters to access the application and portals.

If you use an Oracle database, login IDs are case-sensitive.

External Login

If you implemented a single sign-on solution for Aprimo, type the user's login ID for the solution.

Password Expires

Select whether the user must periodically change his or her password.

Tip:
Set this field to No if you are creating a service user record.

If you select Yes, the user's password is subject these system parameters:

When the password expires, the Change Password page appears when the user tries to log on to the application.

Client Logging Level

This field appears in the application in preparation for a future feature. The selections in this field do not have any effect on the application at this time.

Status

Select Active to enable the user to log on to the application and portals.

If your system contains the maximum number of user records specified in your license agreement, new user records must be set to Inactive.

User Type

Select the user's access level to the application and portals.

  • Full grants access to all portals and application modules licensed by your organization.
  • Contributor grants access to all portals licensed by your organization.
  • Consumer applies only to customers who have licensed Aprimo DAM. It grants access to browsing and downloading digital assets the user has permission to access.
Note:
For new users who need access to DAM, an admin need to grant them permission to log on to DAM:
Edit User > DAM Permissions Tab > Check the Security Permission "Log on to site Default". Enable this Permission by ticking the green arrow next to it. This should allow the user to log in. After this the user can be given access to various areas of DAM as per the roles.

Role

Select the user's assigned roles in the application.

Roles are used when designing project workflows to define the users and groups assigned to steps.

A user can be assigned to a single user role, or to 1 or more group roles. Labor rate calculations are based on a single user role, so group roles can contain users who are already assigned to single user roles.

Auto Save

If this field is set to Yes, when you edit a field on a page, the edit is saved when you leave the page.

Example:
You edit the project anchor date on an activity's Details tab, and click the Access List tab. The change is saved. If you choose to close the window while the tab is still in edit mode, you are asked if you want to save the changes.

Region and Language

Field Description

User Locale

Select the locale for the user's region. The locale sets the user's preferred date, time, and number formats to the locale's default formats. It does not change the language the user selects..

You can select different date, time, and number formats if needed.

Date Format

The user locale sets the default date format. Select a different format if needed.

Time Format

The user locale sets the default time format. Select a different format if needed.

Number Format

The number format determines which symbols represent decimals and separate groups of digits. The user locale sets the default number format. Select a different format if needed.

Language

Select the user's preferred language. This language is used on the user interface for Marketing Operations modules and features.

Note:
The user locale does not set or change the language you select.

DAM UI Language

Select the user's preferred language. This language is used on the Aprimo DAM user interface.

Note:
If no DAM UI language is specified, the Aprimo DAM user interface defaults to English (United States).

DAM Content Language

Select the language for digital asset fields that the user sees by default in Aprimo DAM. These are fields that your organization has defined for assets.

Notes:
  • If no DAM Content language is specified, digital asset fields in Aprimo DAM default to English (United States).
  • Only languages that are enabled for fields on the Language Details page in Aprimo DAM are available to select.

Time Zone

Select the user's time zone.

Default Currency

Select the currency that appears as the first choice when the user enters financial information.

Paper Size

Select the paper size typically used in the user's region.

Additional Options

Field Description

Domains

Select which domains the user can access.

Labor Rate

Select the user's standard labor rate.

Labor rates are used when calculating the estimated costs for activities, programs, and proposals.

Currency Code

Select how monetary information is stored for the user.

For information about using multiple currencies, see Using Aprimo Internationally .

Service User

Select whether the user is a service user. The application service components use a service user login ID and password to access and process the application data.

A service user record cannot log on to the application or the portals. Therefore, the User Type is disabled for a service user.

Note:
The Password Expires field must be set to No for the service user.

Integrated Analytics User

Note:
This field applies to Aprimo Marketing Studio 9.1 only.

Select whether the user can access the Integrated Analytics module.

An Analytics user cannot access the Integrated Analytics module unless he or she has access to the application.

Integrated Analytics Reporting User Id
Note:
This field applies to Aprimo Marketing Studio 9.1 only.

This field is available if the Analytics User field is set to Yes.

Type the user's ID to gain access to the Integrated Analytics module.

Integrated Analytics Password
Note:
This field applies to Aprimo Marketing Studio 9.1 only.

This field appears if the Analytics User field is set to Yes.

Type the user's password to gain access to the Integrated Analytics module.

Application Workbench User
Note:
This field is available in Aprimo Marketing Studio 9.1 only.

Select whether the user can access the Application Workbench.

Contact Information

Field Description

Notification Type

Select how the user is notified of significant events regarding items managed in the application.

HTML Email

Select whether the user can receive email messages in HTML format.

Office

Select the office with which the user is associated.

The associated office's address is used as the default shipping office for Print on Demand requests.

A digital asset template can be configured to automatically insert the contact information for the user's associated office. For more information, see Print on Demand Approvals.

Additional Fields, Sections, and Tabs

Your system administrator can create additional fields for some objects and make them available for certain system types. Additional fields appear on the Details tab in the Additional Details section or in other sections or on other tabs that the system administrator creates.

For more information about an additional field, section, or tab, contact your system administrator. For more information about additional fields in general, see Additional Fields.

User Groups

Select the user groups to which the user belongs. When you associate a user record with a user group, the user receives the group's rights.

Domain Rights

Select the rights for each domain selected for the user. Rights determine which modules the user can access, and which system functions the user can perform in those modules.

Example:
A user needs to add activities in the GlobalMarketing and NortheastMarketing domains. You must edit the rights for each domain separately.

Backup Users

Administrators can select allowable backup users and groups for each user. In My Profile, users can choose from only these allowable users and groups to be their backups for Out of Office.

Field Description

Allowable Users

Select the list of backup users from which this user can choose in each of these four sections:

  • Workflow Backup
  • Activity Financials Backup
  • Concept Review Backup
  • Investment Review Backup

Allowable Groups

Select the list of backup groups from which this user can choose in each of these four sections:

  • Workflow Backup
  • Activity Financials Backup
  • Concept Review Backup
  • Investment Review Backup

Print On Demand

Complete this section for every Digital Asset Portal user who submits Print on Demand requests. The information on this tab is included in the correspondence sent regarding a Print on Demand request.

Tip:
If you are completing this tab for a user, be sure to also complete the Office field on Details tab. The selected office's address is used as the default shipping office for the user's Print on Demand requests.
Field Description
Employee Number

Type the number your organization uses to identify the user.

Cost Center

Select the cost center that corresponds to the user. This is typically the department or unit in which the user works.

Department Code

Type the code that the your accounts payable department uses to identify the department in which the user works.

Accounts Payable

Select the office that processes the invoices sent regarding Print on Demand requests.

The associated office's address is used as the accounts payable address in the correspondence sent to the supplier regarding a Print on Demand request.

This list is limited to the offices specified as accounts payable offices.

Supplier Information

Use this section to specify the suppliers to which the user can submit Print on Demand requests.

For a supplier to be available for selection, this information must be configured in the master supplier record:

Field Description
Supplier

Select the supplier that can fulfill the user's Print on Demand requests.

You should verify the quantity and cost information configured for the selected supplier in the digital assets this user will be ordering. For more information, see Print on Demand in the Digital Assets topic.

PO Number

Type the purchase order number that should be referenced in the correspondence sent to the supplier. The purchase order should be able to include funds needed to pay for the print orders submitted by the user.

You use the Print on Demand tab in the corresponding master supplier record to configure the list of available purchase order numbers.

Anonymous Access

Generate a token from this screen if this user account is going to be used for anonymous work request access.

Tip:
If you are generating a token for this user, be sure to also add the domain right "Job Starter Portal, Access" and "New Navigation, Access" to that user.
Field Description
URL

Stores the url for anonymous work request access. The url is generated by clicking the generate new token button.

Audit trail

Here you can see modifications to the user, like changes in user group membership. To access the audit trail, click the Expand Menu icon on the top left on the user page.