Define user details

When you edit information for an existing user or manually create a user account, you need to define user details.

To define user details:

  1. Log on to the District or Intermediate Organization view.
  2. Click the Admin tab.
  3. Click the Users side-tab.
  4. Do one of the following:
    • To edit information for an existing user, click the user's name, then click the Details side-tab.
    • To manually create a new user, on the Options menu, click Add.
    • Note: It is recommended that you use the Create User Accounts wizard, rather than manually creating a new user account. See Creating Aspen User Accounts.

    • The Details page appears:

  1. Use the following table to enter information in the fields:
  2. Field Description

    First name

    Middle name

    Last name

    Type the user’s name information.

    Note: To link the user to an existing staff member, begin typing the name and select the one you want, or click Search icon. to make a selection from a pick list.

    Login ID

    Type the code you want the user to enter in the Login ID field on the Logon page.

    Password

    Click Edit to define the user’s password. The Set Password pop-up appears. Type the password twice, and click OK.

    Account expiration date

    Type the date or click Select Date icon. to select the date that this user’s account expires.

    Note: If you mass-create teacher user accounts, the date you created the account appears. This ensures that users create their own password the first time they log on to the system.

    Password expiration date

    Type the date or click Select Date icon. to select the date that this user’s password expires. On that date, the user must create a new password.

    Use active directory

    Select this checkbox to authenticate this user through Active Directory.

    Active directory ID

    If there are two Active Directories defined in the District Active

    Directory preferences, type the ID for the Active Directory to be used for this user. If this field is left blank, the first Active Directory defined in the preferences is used.

    Login

    Allow access from

    Type the IP address from which the user can access the district's Aspen server. The user is able to access the server from this IP address only. If you leave this field blank, Aspen uses the value defined for the security roles assigned to this user.

    Session timeout

    Type the number of minutes a user can be idle in the system before Aspen automatically logs him or her off. If you enter 0 or leave this field blank, Aspen uses the value defined for the security roles assigned to this user.

    Attempts allowed

    Type the number of consecutive times a user is able to type an incorrect password without being locked out of the system. If you enter 0 or leave this field blank, Aspen uses the value defined for the security roles assigned to this user.

    Login Status

    Use this drop-down to specify the status of a user's account (enabled or disabled). The drop-down also determines whether the user can re-enable their account using password recovery if they exceed the specified number of login attempts. The options are:

    • Enabled: Account is accessible with the correct Login ID and Password.
    • Disabled but allow re-enable from password recovery: Account was set to Enabled, but the user exceeded the specified number of login attempts. The user can re-enable their account using password recovery.
    • Disabled and locked: Account is disabled, and the user cannot log in unless it is set to Enabled again. For example, you might disable and lock the account of a user who leaves your district.
    • Disabled access violation: Account is disabled. The number of attempts to access the account has surpassed the value set at the system preference sys.security.access.violation.allow on the System Preference Key Definition table. User cannot log in unless it is set to Enabled again.
      Note: 

      sys.security.access.violation.allow

      has a default value of 0 (meaning the access violation check is off). When set to 1 or more, it defines how many times a user is allowed a login attempt before the account is disabled. The User system table has an 'Access violation' column to track the number of access attempts.

    Invalid attempts

    Aspen automatically updates this field with the number of invalid login attempts by this user. When a user successfully logs in, Aspen automatically resets this value to 0.

    When this number exceeds the number in the Attempts allowed field, the user’s account is disabled. When you enable a user's account, you need to reset this value to 0.

    Authentication type

    Use this drop-down to specify the method Aspen employs to authorize a user. The options are:

    • Aspen: The user logs in using their username and password that are stored in Aspen.

    • Active Directory (AD): The user logs in using their username and password. Aspen checks the value in the Active Directory ID field against the value stored in the Active Directory category in the District (Root Organization) preferences. If they match, authentication is granted.

      Note: This option is not supported for new Aspen installations.
    • Single Sign-on (SSO): The user clicks the AASP button to go to their authorization provider. SSO requires an AASP record.

    • Note: The name of the button might not be AASP, based on how your district has implemented this feature.

    • Aspen Multifactor Authentication (MFA): The user logs in using their username and password, and then enters a six-digit confirmation code by either scanning a QR code or entering a code received via email. See Set up multi-factor authentication and Use multi-factor authentication.

    • Note: To remove a user's current multi-factor authentication settings, click Reset MFA.

    Active directory ID

    Type the active directory ID for the user. This ID must match the ID for the user on the District (Root Organization) Preferences page, Active Directory category.

    Note: this option is no longer supported for new installations of Aspen.

    Password recovery

    Generated password

    If you used the Create User Accounts option on the Staff tab in the School view, the system-generated password appears here. Aspen prompts users to change this password the first time they log on to the system.

    Disabled

    Select the checkbox to disable password recovery for this user.

    Invalid attempts

    Aspen automatically updates this field with the number of invalid attempts by this user to change his or her password. When a user successfully resets his or her password, Aspen automatically resets this value to 0.

    When this number exceeds the number in the Attempts allowed field, password recovery is disabled for this user. When you enable password recovery for this user, you need to reset this value to 0.

    Secondary Password
    Secondary Password Click Edit to define the user’s secondary password. The Set Password pop-up appears. Type the password twice, and click OK.
    Expiration date Type the date or click Select Date icon. to select the date that this user’s secondary password expires. On that date, the user must create a new password.
    Disabled

    Select this checkbox to disable the user’s secondary password outside of the trusted networks. This does not affect the primary password.

    Note: If the user surpasses the Attempts allowed, Aspen automatically disables his or her account and selects this checkbox.

    Invalid attempts

    Aspen automatically updates this field with the number of invalid logon attempts of the secondary password by this user.

    When a user successfully logs in, Aspen automatically resets this value to 0.

    When this number exceeds the number in the Attempts allowed field, the user’s account is disabled.

    When you enable a user's account, you need to reset this value to 0.

    Secondary Password recovery
    Generated password If you used the Reset Passwords option on the Admin tab, Users side-tab in the District view, the system-generated password appears here. Aspen prompts users to change this password the first time they log on to the system.
    Disabled for secondary password Select this checkbox to disable secondary password recovery for this user.
    Invalid attempts for secondary password

    Aspen automatically updates this field with the number of invalid attempts by this user to change his or her secondary password.

    When a user successfully resets his or her secondary password, Aspen automatically resets this value to 0.

    When this number exceeds the number in the Attempts allowed field, password recovery is disabled for this user.

    When you enable password recovery for this user, you need to reset this value to 0.

  1. Click Save. Now, you can assign a role to the user and link the user to the appropriate school(s).