User Management: Best Practises

1. Assign Roles Carefully

  • Start with the minimum permissions needed
  • Grant additional access as required
  • Review permissions regularly
  • Follow the principle of least privilege

2. Use Consistent Naming

  • Standardize email addresses (@company.com)
  • Use clear role names
  • Maintain consistent team/site names

3. Onboard in Batches

  • Add users in logical groups (by department, site, role)
  • Provide training materials alongside invitations
  • Schedule group onboarding sessions if adding many users

4. Monitor Invitation Status

  • Check that users accept invitations promptly
  • Resend invitations if not received
  • Follow up with users who haven't activated accounts

5. Plan Your User Structure

Before adding users, consider:

  • How many approval levels do you need?
  • Which sites or teams should be separate?
  • Who needs cross-site access?
  • What budget limits should apply to each role?

Resending invitations

If a user didn't receive their invitation email:

  1. Go to Users & Roles
  2. Find the user (they'll show as "Pending" or "Invited")
  3. Click the Resend Invitation button
  4. Check spam/junk folders with the user
  5. Verify the email address is correct

Deactivating users

When a team member leaves or no longer needs access:

  • Preserves historical data and audit trail
  • User cannot log in
  • Can be reactivated if needed
  • Maintains reporting accuracy

Troubleshooting

User didn't receive invitation email

  • Check spam/junk folders
  • Verify email address is correct
  • Resend the invitation
  • Check organisation email filters aren't blocking OmniPATH emails

User can't accept invitation

  • Ensure they're clicking the link in the email
  • Try a different browser
  • Clear browser cache and cookies
  • Check if their IT department blocks external signups

Wrong role or site assigned

  • Edit the user's details in Users & Roles
  • Update role and assignment
  • Save changes (takes effect immediately)

User can't see expected data

  • Verify correct site/team assignment
  • Check role permissions
  • Ensure data exists for their assigned location
  • Review any custom permission settings

Security considerations

Email verification

  • All users must verify their email address
  • Invitation links expire after 7 days
  • Expired invitations must be resent

Access control

  • Regularly review active users
  • Deactivate accounts for departed staff promptly
  • Audit user permissions quarterly
  • Monitor for unusual activity

Data privacy

  • Users only see data relevant to their role
  • Site assignments restrict data visibility
  • Administrators should limit their number
  • Use audit logs to track user actions

Still need help? Contact Us Contact Us