There are two modules under the header 'Users': 'Sitebox users' and 'registered visitors'. These two modules together are known as user management:

On this page:


There are two modules under the header 'Users': 'Sitebox users' and 'registered visitors'. These two modules together are known as user management:



Different kinds of users

Within Sitebox the administrator can manage two kinds of users: 'Sitebox users' and 'Registered visitors'.


 Sitebox users are those who can log into Sitebox. (Back-end)


 Registered visitors are those who can log into your website and access certain protected webpages. (Front-end)


Intranet users are managed in a different way. You can read more about this on the page 'Overview: Intranet'. This page is only available in Dutch.



Sitebox users

You will find the module 'Sitebox users' under the header 'Users':



On the left-hand side of the page, you will see an overview of all  user groups. Here you'll be able to add and manage the different user groups.


You can set Sitebox permissions on module-level, folder-level, or item-level. Permissions are always assigned to a user group, not an individual. This is why it's important to divide Sitebox users into user groups.


The function bar on the left-hand side of the page shows you the following actions:



 Add group


 More: When clicking this button, a drop-down menu will show the following actions: 


 Edit group


 Delete group


 Change group permissions


The right-hand side of the page shows you an overview of the different  Sitebox users within the user group that is selected on the left-hand side of the page. This is where you manage the individual Sitebox users.


The function bar on the right-hand side of the page shows you the following actions:


 Filter/search users


 Add user


 Edit user


 Delete user


 More: When clicking this button, a drop-down menu will show the following actions: 


 Change permissions


 Audit log: An overview of all edits to the user


At the bottom of the page, a summary appears when you select a user. The general part of the summary shows the name and e-mail address of the user, er well as any groups the user is a part of. In the section called account, you will find the current account status and the last time the user logged into Sitebox, including the IP-address used to log in. The properties show when the user was created and when it was last modified as well as who created or modified the user.




New user group

Within the module 'Sitebox users', click the action button  'add group' on the left-hand side of the page.


Fill in the name of your new group and click 'OK'. 




New Sitebox user

Within the module 'Sitebox users', click the action button  'add user' on the right-hand side of the page.


Fill in the input fields on the first tab. On the second tab, you have the option to add when the user should be deactivated. On the third tab, you can select the groups the user should be a part of. The mark behind the group will switch between a cross and a check when you click it. Click 'OK' when you're done.


image


To secure the user account, it's important the user immediately sets a new password. This can be forced by following these steps:


  1. Use a generic password when creating the account. The exact password isn't important.
  2. Once the account has been created, log out of Sitebox.
  3. On the log-in screen click 'Forgot your password?'.
  4. Fill in the e-mail address connected to the new account.
  5. The new user will receive an e-mail containing a link to set their new password. They will not require the password you set for them.


image


Users can always change their password through their profile within Sitebox.



Registered visitors

You will find the module 'Registered visitors' under the header 'Users':



On the left-hand side of the page, you will see an overview of all  visitor groups. Here you'll be able to add and manage the different visitor groups.


You can set Sitebox permissions on module-level, folder-level, or item-level. Accessibility is always set for a visitor group, not an individual. This is why it's important to divide registered visitors into visitor groups.


The function bar on the left-hand side of the page shows you the following actions:



 Add group


 More: When clicking this button, a drop-down menu will show the following actions: 


 Edit group


 Delete group


 Change group permissions


The right-hand side of the page shows you an overview of the different  Registered visitors within the visitor group that is selected on the left-hand side of the page. This is where you manage the individual Registered visitors.


The function bar on the right-hand side of the page shows you the following actions:


 Filter/search visitors


 Add visitor


 Edit visitor


 Delete visitor


 More: When clicking this button, a drop-down menu will show the following actions: 


 Change permissions


 Audit log: An overview of all edits to the visitor


At the bottom of the page, a summary appears when you select a visitor. The general part of the summary shows the name and e-mail address of the visitor, er well as any groups the visitor is a part of. In the section called account, you will find the current account status and the last time the visitor logged into your website, including the IP-address used to log in. The properties show when the visitor was created and when it was last modified as well as who created or modified the visitor.




New visitor group

Withing the module 'Registered users', click on the action button  'add group' on the left-hand side of the page.


Fill in the name of your new group and click 'OK'. 




New registered visitor

Within the module 'Registered users', click the action button  'add visitor' on the right-hand side of the page.


Fill in the input fields on the first tab. On the second tab, you have the option to add when the visitor should be deactivated. On the third tab, you can select the groups the visitor should be a part of. The mark behind the group will switch between a cross and a check when you click it. Click 'OK' when you're done.


image


Depending on the set-up of your webpage, your registered users may or may not be able to change their password. Make sure you share their password with them in a secure way, like in a text message.


For some websites the 'Registrated Visitors' are automatically imported from the 'Active Directory'. Never change the password of an account that was imported from the 'Active Directory'!



Permissions in the user modules

Setting permissions within the module 'Sitebox users' is sometimes the cause of some confusion. This is why this article pays some attention to this topic.


There are three places where you can set permissions within the module:


Module settings: 


In the module settings, you can set permissions for the different Sitebox user groups for the module itself. In the first tab, you can set who can see the module itself, as well as who can see and use the 'Module settings'. In the second tab, you can set whether a user group can see, add, edit, or delete all user groups and all users by default. You can also set who can change permissions within the module by default. This does not allow you to set what rights the users or user groups have in other modules.


Change group permissions:


By setting group permissions, you can set whether a user group can see, edit, or delete the selected user group. You can also set who can change permissions for this user group. This does not allow you to set what rights the users within this group have in other modules.


Groups and users are separate things that can be associated with each other but aren't linked like webpage's are to the folders they are in. Users can be associated with multiple groups, and deleting a group will not delete the users associated with the group. This is why having permissions for a group doesn't mean you have the same permissions for all the users in that group. 


Because the format for setting permissions is standard throughout Sitebox, you might find you can set permissions that aren't used for the level you are setting them for. Like the ability to add or publish the selected user group.


Change permissions:


By setting permissions for a specific user, you can set whether a user group can see, edit, or delete the selected user. You can also set who can change permissions for this user. This does not allow you to set what rights this user has in other modules.


You can set permissions per website, module, folder, or item and assign them to a user group. There is not a central way to assign Sitebox-wide permissions to a specific user group.



Two-factor authentication


Two-factor authentication (2FA) is a method of authentication where you need to complete two steps successfully in order to gain access to something.


In Sitebox the first step is filling in your username and password.

For the second step, you can choose between TOTP (Time-based One-time Password algorithm), or FIDO2 (Fast IDentity Online).


TOTP is a single-use code that is only valid for s short time. The code is generated by an app for your smartphone or tablet. The apps that can be used for Sitebox are Microsoft Authenticator or Google Authenticator.


FIDO2 uses a physical key. This is a small piece of hardware that may look like a USB-stick you can stick into the USB port of your laptop or computer. While some FIDO-keys are usable through Bluetooth or NFC (Near Fiel Communication), Sitebox requires your key to use the USB port of your laptop or computer.

Two-factor authentication can be set up for logging into Sitebox as a Sitebox user, as well as for visitors in order to gain access to the protected parts of your website.

 

Would you like to know more about setting up two-factor authentication for users or visitors as administrator? Read about it in the article 'How to set up two-factor authentication'.



Related articles: