InventoryOnline

Contents

User Management

Overview

System → Accounts → System Users

The User Management system in Inventory Pro provides comprehensive control over user accounts, access permissions, and authentication settings. This system enables administrators to create, modify, and manage user accounts with granular control over warehouse access, supplier/customer restrictions, and individual user settings.

Key Features

  • User Account Creation: Create and configure individual user accounts
  • Bulk Import: Import multiple users from external systems
  • Access Control: Warehouse, supplier, and customer-specific restrictions
  • Password Management: Self-service and administrative password controls
  • Account Security: Lockout protection and account status management
  • Employee Integration: Link user accounts with employee records

Creating User Accounts

Adding a New User

System → Accounts → System Users → “Add User” Button

To create a new user account:

  1. Navigate to System → Accounts → System Users
  2. Click the “Add User” button
  3. Enter information onto the form:
    • User ID: Leave blank - the system will assign this automatically
    • Login Name: Enter a unique login name. If the user is an employee, the login name must match the employee’s login name
    • Password: Enter a password (record it elsewhere as it displays as asterisks)
    • Group: Select the appropriate group for the user (this determines their permissions within Inventory Pro)
    • Supplier ID: Select a supplier if this vendor should only access their own items (leave blank for access to all items)
    • Customer ID: Select a customer if this user should only access their own orders (leave blank for access to all orders)
    • Employee ID: Select to link the user with an employee record for purchasing limits and salesperson information
    • Use this Account: Check to enable the account
    • Warehouse: Enter a warehouse ID to restrict the user to one warehouse (leave blank for all warehouses)
    • Read Only Mode: Check to prevent the user from modifying data
    • Home Page: Defaults to Item Master List (../Inventory/item_master_list.asp). Change by entering the page path
  4. Click the “Save” button

Reset Passwords

Self-Service Password Reset

System → Accounts → Change Password

To change your own password:

  1. Navigate to System → Accounts → Change Password
  2. Enter your Current Password in the Old Password field
  3. Enter your New Password in the New Password field
  4. Re-enter your New Password in the Repeat New Password field
    • Note: If you enter an incorrect current password or the new passwords don’t match, the change will fail
  5. Click the “Change” button

Administrative Password Reset

System → Accounts → System Users → Edit User

If a user cannot change their password or has lost their password, system administrators can perform a password reset:

  1. Navigate to System → Accounts → System Users
  2. Click on the user’s login name to edit their account
  3. Enter the new password in the Password field
  4. Click the “Save” button
  5. Communicate the new password to the user securely

Best Practices:

  • Use temporary passwords that users must change on first login
  • Never share passwords via email or insecure channels
  • Document password reset requests for security auditing
  • Consider implementing password complexity requirements

Disabling Accounts

System → Accounts → System Users → Edit User

User accounts can be disabled manually by administrators or automatically through failed login lockouts.

To disable or enable a user account:

  1. Navigate to System → Accounts → System Users
  2. Click on the user’s login name to edit
  3. Toggle the “Use this Account” checkbox field:
    • Checked: Account is active and can log in
    • Unchecked: Account is disabled and cannot log in
  4. Click the “Save” button

When to Disable Accounts:

  • Employee termination or resignation
  • Extended leave or sabbatical
  • Security concern or policy violation
  • Account compromise or suspicious activity
  • Contractor project completion
  • Temporary access suspension

Important: Disabling an account does not delete historical data or transaction records. The user’s past activities remain in audit trails and reports.

Account Lockouts

System → Accounts → System Users → Edit User

Inventory Pro has two distinct lockout mechanisms that protect against unauthorized access. Understanding the difference is important for resolving login issues quickly.

User Account Lockout

Account lockouts occur automatically when a user fails password reset or authentication checks too many times consecutively. This locks the individual user account.

Lockout Triggers:

  • Multiple failed password reset attempts during forced password change
  • Repeated failed authentication checks at login

To unlock a user account:

  1. Navigate to System → Accounts → System Users
  2. Use the Locked Out status filter to find affected users
  3. Click on the locked user’s account to edit
  4. Toggle the “Use this Account” checkbox off, then back on
  5. Optionally reset the user’s password (see Administrative Password Reset above)
  6. Click the “Save” button
  7. Notify the user their account has been unlocked

Network Lockout (Brute Force Protection)

When too many failed login attempts occur from a single network location within a short window, the system temporarily blocks further login attempts. This protects against automated brute force attacks but can also affect legitimate users sharing a network (e.g., office networks behind a firewall).

Lockout Triggers:

  • Exceeding the configurable Max Login Attempts threshold from one network location
  • May affect multiple users at the same location

Symptoms: Users see login failures even with correct credentials. Multiple users at the same location report being unable to log in simultaneously.

To reset a network lockout:

  1. Navigate to Utilities → Other Utilities → Maintenance
  2. Click Reset Lockout Session (requires Super Admin access)
  3. Recent lockouts are cleared immediately

Tip: If a specific office location frequently triggers lockouts, consider adjusting the Max Login Attempts threshold in Security Options.

Lockout Prevention:

  • Train users on correct login procedures
  • Ensure users know their passwords before login attempts
  • Implement password managers to prevent typing errors
  • Monitor lockout frequency to identify usability issues
  • Document lockout procedures for help desk staff
  • Adjust the login attempt threshold for locations with many users

Best Practices

User Account Management. Establish consistent naming conventions for login names (e.g., first.last, flast). Document the user creation process with step-by-step guides for administrators. Create template accounts for common user types (warehouse staff, office users, managers) to speed up provisioning. Review user accounts quarterly to identify inactive or unnecessary accounts. Link user accounts to employee records for integrated reporting and workflow automation. Maintain an offboarding checklist that includes account disabling procedures.

Access Control. Apply the principle of least privilege - grant only necessary permissions for job functions. Use group-based permissions rather than customizing individual accounts. Regularly audit user permissions to ensure they match current job responsibilities. Restrict warehouse access for users who only need specific location access. Use customer/supplier restrictions for external users to limit data visibility. Document access decisions and approval workflows for compliance purposes.

Password Security. Enforce strong password policies through admin configuration and user training. Require periodic password changes for sensitive accounts. Never share passwords between users - create individual accounts for audit trails. Use temporary passwords for new users that expire on first login. Document password reset procedures and maintain reset request logs. Consider implementing multi-factor authentication for administrative accounts. Train users to recognize phishing attempts and social engineering.

Account Hygiene. Review user accounts monthly to identify unused or stale accounts. Disable accounts immediately upon employee departure. Remove test accounts and temporary access after projects complete. Verify employee-linked accounts match current organizational structure. Audit read-only vs full-access assignments to prevent privilege creep. Document account lifecycle from creation through termination. Maintain historical records of account changes for compliance auditing.

  • Group Management - Configure permission groups assigned to user accounts
  • Single Sign-On - Link user accounts to organizational authentication (Active Directory, Smart Cards, CAC)
  • Security - Security policies and permission management
  • Employee Management - Employee records that can be linked to user accounts
  • Admin Options - System configuration affecting user authentication and security

On this page