Paradigm Knowledge Base
Home
Newsletter
Support
Knowledge Base

Assign a Permission Level and Provide Login Credentials to a Contact

Security Group

Security group determines the level of access the user is given in Paradigm. By default, new accounts are given staff security groups. For administrators and power users, this value is normally set to Full or Flex Admin. The table below are the types of Access Levels or Security Groups in Paradigm.

Staff Login Options

Paradigm EMS can let you choose the following password policies for new user logins: Contact our Support Team to set up your site to a specific student password policy as mentioned below:

  • Historic settings (Default) - The password is set based on the agreed password format settings for the site and falls back to a default plan. Each time a new contact record is created, your institution-specific workflow for sending the credentials has to be followed.

  • Randomised Password - Normally used for new staff and sent via email - will send a random password format. Each time a new contact record is created, an automatic email (STAFF_PWD_RESET_RAND data resource template) will be sent to the contact providing them with a system-generated (random) password. Learn more here.

  • Token-Based Password - Use the same system as password resets, where we send a token that is used by the user to set the password. Each time a new contact is created, an automatic email (STAFF_PWD_RESET_TKN data resource template) will be sent to the user providing them with a link to set their password. Learn more here.

  • Single-Sign-On (SSO) - This allows staff to log in to Paradigm, e.g. using their Microsoft account. Your site needs to be configured if you opt for an SSO login option.

  • Two-Factor Authentication with TOTP - This requires 2FA to log in to Paradigm. Read more here for the configuration and details.

Workflows

Assign a Security Group or Permission Level

  1. Load the Contact’s record, see Search for a Contact Record.

  2. With the Contact record loaded in the system, go to Contacts > Login menus on the side.

NOTE:

A Contact or User login can only belong to one security group at a time, so if a security group has already been assigned, remove the existing security group first, and then continue below – to assign the new security group.

Note that when you create a new Contact record, the default assigned security is set to STAFF, remove this security/permission level if this is not the intended Permission Level that you want for the Contact Record to have. If the Contact is intended to have a STAFF Permission Level, keep it and proceed to the Activate User Login instruction.

  1. In the ASSIGNED SECURITY FOR USER LOGIN Form section, click the drop-down list to select the permission level you want to assign for that contact record.

  2. Click the ASSIGN SECURITY button.

  1. After clicking the ASSIGN SECURITY button, the selected role will now show in the ASSIGNED SECURITY FOR USER LOGIN Form section.

Activate the Contact or User Login

  1. In the ACTIVATE USER LOGIN Form section, to enable the user’s login, click the ENABLE USER LOGIN button. This should put a Y on the Enabled field and the date when you’ve enabled the user login.

Forgot Password Link

  1. Open a different browser with the Paradigm Login page, and click the β€œForgot password?” link

  1. After clicking the β€œForgot password?” link, a new window will appear (as shown in the screenshot below) Copy the Username to the User Login Id/Student Number field and enter the Date of Birth of the user, as entered in the user or contact details record (use the format: dd/mm/yyyy).

    • The User Login Id field is allocated automatically by the system unless otherwise specified. It is located in the Contacts > Login screen under the ASSIGNED SECURITY FOR USER LOGIN section in the Login Id column. By default, it starts with the Contact's First Name.Last Name, e.g. Helena.Fernando

    • The Date of Birth field can be copied from the Contacts > Edit Details screen under the OTHER DETAILS section. Copy the DOB field from this Contact screen to the Date of Birth (dd/mm/yyyy) field.

  1. Click the RESET USER PASSWORD button. This will trigger the system to send an email to the user with their Paradigm Login credentials (Username and Password).

SUCCESS:

The Contact or User will receive the login credentials to get them started with accessing or using Paradigm according to their assigned Permission Level or Security Group.

Random Password Reset Email Template

This is applicable if you are using the Random Login Option as mentioned above. Check the email template called STAFF_PWD_RESET_RAND - this template uses the {user_login_currentPassword} mail merge field. Refer to the instructions on this workflow

Staff Password Reset Token Template

This is applicable if you are using the Token Login Option as mentioned above. Check the email template called STAFF_PWD_RESET_TKN - this template uses the {reset_password_url}ο»Ώ mail merge field. Refer to the instructions on this workflow

Related Workflows

If you want to customise or restrict the menu items the users can see on their Paradigm site who belongs to a certain Permission Level, refer to the Edit System Side Menus workflow.

You can control what a user is able to see, edit, and use within Paradigm depending on which permission level they belong. You can make the fields, buttons, or sections hidden, visible, editable, read-only, or required to certain permission levels. Refer to the Edit Form Fields workflow.

Option to lock some records for editing. You can check the records with Read-Only on that documentation and the workflow, see Make a record Read-Only

Note that reports and file attachment records in Paradigm can be set to the minimum (possible) Permission Level that can view or access them. e.g. Student Files, Report Builder - Save Report

PreviousAssign an AVETMISS ContactNextContacts Login Options: Randomised or Token-Based Password

Last updated