Salesforce CRM:The Definitive Admin Handbook(Third Edition)
上QQ阅读APP看书,第一时间看更新

Managing users in Salesforce CRM

All users in your organization with access to Salesforce CRM require a username, an e-mail address, a password, and a profile along with an active user license.

Depending on the features your organization has purchased, you can have user options such as Marketing, Service Cloud, and Mobile, which give particular users the ability to access other features that are only available with a specific user license. A user can be assigned to one or more of these options.

You can also create and manage other types of users outside your organization by applying the appropriate licenses that provide limited access to your Salesforce organization, as detailed later in this chapter.

In association with the user license, you can govern all users' access to data using the options available in either the profile settings or the sharing features.

Profile settings control access to applications and objects, while sharing features control access to specific records.

To go to the user detail page, navigate to Setup | Manage Users | Users.

The user detail page shows you a list of all the users in your organization as well as any portal users.

Managing users in Salesforce CRM

To show a filtered list of users, select a predefined list from the View drop-down list, or click on Create New View to define your own custom view.

For example, you can create a view with search criteria of Last Login, less than, LAST 28 DAYS to show all users who have not logged in for 28 days, as shown in the following screenshot:

Managing users in Salesforce CRM

As the system administrator of Salesforce CRM, you can perform various user management actions, such as creating new users, resetting passwords, and even delegating user administration tasks to other users within your organization. The following list of user actions will be covered:

  • Creating new users
  • Viewing and editing user information
  • Password management
  • Session management
  • Logging in as another user
  • Creating custom user fields

Creating new user records

The steps to create a new user are as follows:

  1. Click on New User
  2. Enter fields in the General Information and Locale Settings sections
  3. Check the Generate new password and notify user immediately box
  4. Save the new user details

To create a new user for your organization, navigate to the user detail page. This page displays a list of all the users in your organization. To go to the New User page, navigate to Setup | Manage Users | Users. Now, click on the New User button.

Looking at the top section of the page, you will see the General Information section, as shown in the following screenshot:

Creating new user records

The mandatory user information is shown with a red bar and requires the entry of the user's last name, e-mail address, username user license, and profile.

Note

The length of users' passwords cannot exceed 16,000 bytes.

The e-mail address automatically becomes the username, but you can change it prior to saving it, if required.

Note

Restricting the domain names of users' e-mail addresses

You can restrict the domain names of users' e-mail addresses to a list of values such as xxx@WidgetsXYZ.com, yyy@CompanyXYZ.com, and so on. After this, attempts to set a user's e-mail address to an unlisted domain (such as xxx@MyNonCompanyWebMail.com) will result in an error.

This feature can only be enabled by sending a request to Salesforce customer support. When selecting a user license, note that some further options become unavailable depending on the license type you choose. For example, the Marketing User and Allow Forecasting options are not available for Force.com user licenses because the Forecasts and Campaigns tabs are not available to users with that license. Also, the selection of a profile from the available list depends on the user license you have chosen.

Note

You should consider the username that is entered. After the username is saved, it becomes a unique setting throughout the Salesforce.com universe; hence, you will not be able to use that same username in any other Salesforce CRM application.

You can select various checkboxes that give the user additional features or options. The types of additional features are available by selecting one or more of the following example checkboxes:

  • Marketing User
  • Offline User
  • Knowledge User
  • Force.com Flow User
  • Service Cloud User
  • Site.com Publisher User
  • Salesforce CRM Content User

You will not be able to select these features if they are not supported by your user license type. Also, you will be unable to save the new user record if you do not have any remaining licenses available for these features.

At the bottom of the New User edit page, there are further sections that include the Locale Settings section, as shown in the following screenshot:

Creating new user records

Saving new user records

Complete the required information, which is displayed with a red bar, and then check the Generate new password and notify user immediately checkbox, and save the details by clicking on the Save button. Upon saving, the user's login name and a temporary password are e-mailed via Salesforce.com to the new user.

Tip

Junk e-mail folder

If you have generated the new password to be sent but the new user cannot see the e-mail notification from Salesforce.com in his or her inbox, you might need to have the user check his or her junk e-mail folder.

The following table lists the key standard user fields with the required fields shown in bold:

Viewing new user records

After saving the User Edit page, you are presented with the details page for the user where you can view the information that was entered, as shown in the following screenshot:

Viewing new user records

In the view's User Detail page, the following types of read-only fields (among others) can be seen:

  • Used Data Space
  • Last Login
  • Last Password Change or Reset

Tip

Do not overwrite active or inactive user records with new user data

Salesforce recommends that you avoid overwriting inactive user records with new user data. Doing this prevents you from tracking the history of past users and the records associated with them.

There are also situations where you might consider it appropriate to recycle an active user record, but it is better to deactivate users when they are no longer using Salesforce and create a new record for each new user.

A typical real-world example of recycling a user record, and one to avoid, is sometimes encountered when a sales team is organized into sales territories.

The sales team user records in Salesforce are stamped with a territory indicator, and any account records that are located in their particular territory are assigned to the user record (set as the record owner). This way, the user record simply acts as a container for the territory.

Managing user records in this way results in both audit and maintenance issues. For example, if Tina Fox changes her sales territory, all her personal information (username, password, e-mail, address, phone number, and so on) has to be transferred to a new user record, requiring Tina to reactivate a new password and re-enter both personal details and all her personal preferences in the Salesforce application.

The issue worsens if the user record (or territory) that Tina is getting reassigned to is held by, say, Timothy Little, as he would also need to reset his personal details.

This approach leads to a technically complex method of territory reassignment and a very disappointing user experience for your sales team. Fortunately, Salesforce provides features such as criteria-based sharing rules, sales teams, and territory management to better manage the organization of sales territories.

Adding multiple users

If you have several users to add, you can add more than one at a time. To add multiple users, navigate to Setup | Manage Users | Users. Now, click on the Add Multiple Users button.

As you can see, this can be a quick method to create users, as not all required fields have to be entered in this page:

Adding multiple users

If, however, after initially saving multiple user records, you attempt to edit a user record via the user edit screen, you will be prompted to fill out all mandatory fields.

Delegation of user management

If you have an organization with a large number of users or a complex role hierarchy, you can delegate aspects of user administration to users who are not assigned with the system administrator profile.

This allows you to focus on tasks other than managing users for every department or structure that your company has within Salesforce. This provides further benefits for global organizations that encounter time zone and cultural differences, as it allows a user based in that region with local knowledge to create users, which saves time and results in a better user experience.

For example, you might want to allow the manager of the Asia Pacific Operations team to create and edit users in the Asia Pacific Operations Team Leader role and all subordinate roles.

There are currently two options to provide this delegated user management access:

  • Create a profile with the Manage Users permission
  • Use delegated administration

Creating a profile with the Manage Users permission

This option is not recommended and should be very carefully considered, as it allows a much greater range of system administration functions to be carried out by the user.

In addition to creating and managing users, the Manage Users permission also allows the user to perform the following:

  • Expire all passwords
  • Clone, edit, or delete profiles
  • Edit or delete sharing settings
  • Edit user login hours

By providing users with the Manage Users permission, as you can see, there are many other permissions that are switched on, which introduces security risks.

Using delegated administration

Delegated administration is a more secure method to provide delegated user management access, as it allows you to assign limited administrative privileges to the selected non-administrator users in your organization.

Delegated administrators can perform the following tasks:

  • Create and edit users and reset passwords for users in specified roles and all subordinate roles
  • Assign users to specified profiles
  • Log in as a user who has granted login access to his or her administrator

To create delegated groups, navigate to Setup | Security Controls | Delegated Administration. Now, click on the New button or select the name of an existing delegated administration group.

Using delegated administration

Here, we look at the existing group that has been named User Management:

Using delegated administration

The Delegated Administrators section allows you to select and add the users that are to be given the delegated administration permission.

The User Administration section allows you to select and add roles that the delegated administrators can assign to the users they create and edit. They can assign users for the stated roles and all subordinated roles.

The Assignable Profiles section allows you to select and add profiles that the delegated administrators can assign to the users they create and edit.

To enforce security, profiles with the Modify All Data permission (such as the System Administrator profile) cannot be assigned by a delegated administrator. See the following example message that is shown when you attempt to allow the delegated administrator to assign the System Administrator profile:

Using delegated administration

Tip

If a user is a member of more than one delegated administration group, be aware that he or she can assign any of the assignable profiles to any of the users in roles he or she can manage.

Select the Enable Group for Login Access option if you want to allow delegated administrators in this group to log in as users who have granted login access to their administrators and are in the roles selected for the delegated administrator group.

Using delegated administration

To look at how users can grant login access to their administrators, refer to the Logging in as another user section toward the end of this chapter.

Tip

Agreement in using active user licenses by delegated user administrators

If you have established delegated user management in your organization, you will need to have an agreement between yourself and the delegated user administrators about how many of the available licenses can be used for each area of the organization. You cannot automatically limit the number of active users that can be created by users with these permissions.