Users Configuration

From MintHCM Wiki

Short Description

Users create, edit, activate and deactivate users in MintHCM.

User Management

In this section you can manage user accounts and passwords.

Users Management

Basic view of this section is a list of MintHCM users.

From this point you can create new user, using Create New User button on the left side panel.

Also you can edit each user by proceeding to its record view and clicking Edit button or instantly by clicking Pencil Icon.

Create new user

In this section you can create a new user of MintHCM. It opens after clicking Create New User button.

Create New User

The section contains many fields in four tabs.

First tab - User Profile - contains general user information, such as position, status and personal data, Username, status and Last Name fields are required.

At the bottom of this tab, there are Email Settings.

Note Email Client field, where you can choose how the user will send emails. You can choose from:

  • MintHCM Mail Client: Send emails using the email client in the MintHCM application.
  • External Mail Client: Send email using an email client outside of the MintHCM application, such as Microsoft Outlook.

In second tab - Password - you can set new password for thew user.

If in Password Management you chose system generated password, this tab is not available.

In Advanced tab you configure usere's export/import preferences, reminders, date, time and currency format and so on.

Here you can also configure Calendar Options.

Publish Key - set to prevent unauthorized publishing of your calendar. If set, it generates URLs in fields below: Publish at my location, Publish at my location, iCal integration URL (Use this URL to subscribe to the MintHCM calendar within iCal).

Also, you can choose a First Day of Week displayed in Week, Month, and Year Views in Calendar.

Role Management

In this section you can manage role membership and properties. Roles allows to grant or restrict permission to access each module.


Roles are used to allow or restrict access to each pice of data in MintHCM, particularly modules and their records. There is a vast variety of configuration possibilities, so that each role can fit the needs of users.

Roles can be assigned to individual user or Organizational Unit.

Using left sidebar options, you can easily navigate through roles - using List Roles. And by using List Roles By User option you can select each user to preview their permission matrix and check to which roles they are assigned to.

Create Role

To create new Role, click Create Role button at top left side of Roles section.

Its quite simple, you just have to fill Name field (it is required) and eventually provide Description.

In second step, you should proceed to newly created Role record. Here you can set role's permissions for Accessing each MintHCM module. You can either Enable or Disable permission. You can also leave it as Not Set, which in fact equals to Enabled.

However, if user has several roles, that are contrary to each other, system will behave differently - it will take into consideration the most strict settings. So, if one role permission for module is Not Set and another is Disabled, in general permission is Disabled. If one role permission is Enabled and another is Disabled, in general, permission is also Disabled.

To edit permission click on Not Set text and choose permission value form the list. After all permission are set as wished, remember to save changes.

For Delete, Edit, Export, Import, List, Mass Update and View actions you can set several more options.

All - users will have access to all records.

Group - users will have access to all records assigned to members of the same group.

Owner - users will users access only to their own records.

None - users will not have access to this function for this module.

Role Record View

Assigning Users

To assign each user to a particular role, you have to go to role's record view and scroll to the bottom of the page. There, in the users subpanel, you can link an existing user to the role. To find a particular users, you can use filters.

Password Management

In this section you can manage password requirements and expiration

Password Management

System-Generated Passwords

Enable System-Generated Passwords Feature - when this feature is enabled, users will be emailed a system-generated link to reset their passwords. Requirements for this feature are: 1) a outbound email server must be configured properly in Email Settings, 2) users must have valid email addresses in their user records

System-Generated Password Expiration - this option is enabled, only if system-generated password is also enabled. You can choose from:

  • None
  • Password Expires in [ ] [ ] - here you can set amount of time, after which the password will expire. You can choose between days, weeks and months and determine their number.
  • Password Expires upon [ ] logins - determine number of logins after, which the password will expire.

Password Security Settings

Here you can set requirements that passwords must fulfill.

Password minimum length Information - if selected, password minimum length.

Password should contain uppercase characters - if selected, password should contain uppercase characters.

Password should contain lowercase characters - if selected, password should contain lowercase characters.

Password should contain numbers - if selected, password should contain numbers.

Password should contain special characters - if selected, password should contain special characters.

User Reset Password

Enable Forgot Password feature - when enabled, users will have the ability to reset their own passwords at the Login page. Requirements to use this feature: 1) users must have email addresses provided in their user records, and 2) an outbound email server must be configured in the Email Settings page.

Generated Link Expiration - when enabled, a link is generated by the system and sent to the user to allow the user to access the Reset Password page. You can also determine time, after which link will expire.

Enable reCAPTCHA Validations - when enabled, user will have to do reCAPTCHA Validation. Captcha is a challenge-response test used to ensure that the response is not generated by a computer. Obtain a Public key and a Private key from reCAPTCHA at

Email Templates

In this section you can choose, create or edit email templates for emails regarding system-generated password, system-generated link to reset password and system-generated two-factor authentication code.

LDAP Support

Enable LDAP AuthenticationI - when LDAP authentication is enabled, passwords can only be handled through LDAP. None of the MintHCM Password Management feature settings will apply. You can find more information in your LDAP provider documentation.

SAML Authentication

Enable SAML Authentication - when SAML authentication is enabled, passwords can only be handled through SAML. None of the MintHCM Password Management feature settings will apply. You can find more information in your SAML provider documentation.

Organizational Unit Management

In this section you can create and manage Organizational Units.

MintHCM - Administration - Users - Organizational Unit Management

Organizational Units allow to define set of permissions for given group of users. In some cases this might be more efficient way of granting permissions.

To set permissions for a organizational unit, firstly you have to create a role and set its permissions. Instruction how to do it is provided above.

To create new Organizational Unit click Create a Organizational Unit button.

While creating a new Organizational Unit you have to provide its Name (this fields is required). You may also write a Description or check Not Inheritable option.

Not Inheritable - if selected, the organizational unit will not automatically be attached to any record.

As new organizational unit is created, you need to add users to it.

To complete the process add a role to the organizational unit. By this action, all users added to the organizational unit will share permissions given by the role related to the organizational unit.

For example: If you will create a role with all permissions set to Owner only, all members of the organizational unit will have Owner permissions. So in case presented below John smith and Anna Williams have Owner permissions to modules, because that is how the Owner only role is configured. Any other user added to the organizational unit will be granted the same permissions.

MintHCM - Administration - Organizational Units - Record View

Organizational Units Settings

In this section you can configure advanced options of Organizational Units.

MintHCM - Administration - Organizational Units Settings

Additive Rights - user gets greatest rights of all roles assigned to the user or the user’s organizational units. TODO

Strict Rights - if a user is a member of several groups only the respective rights from the organizational units assigned to the current record are used.

New User Organizational Unit Popup - if this is checked, a Organizational Unit popup will open when a new user is created, allowing you to add the user to a organizational unit.

User Role Precedence - if any role is assigned directly to a user that role should take precedence over any organizational unit roles.

Filter User List - with this selected, non-admin users can only assign records to users who are in the same organizational unit.

Use Creator Organizational Unit Select - adds a panel to a record creation screen if a user is a member of more than one inheritable organizational unit that allows a user to select one or more organizational unit (that the user belongs to) that should be associated with the newly created record. If a user is in just one organizational unit the normal inheritance rules will instead be applied.

Inherit from Created By User - the record will inherit all the organizational units assigned to the user who created it.

Inherit from Assigned To User - the record will inherit all the organizational units of the user assigned to the record.

Inherit from Parent Record - e.g. If a case is created for a contact the case will inherit the organizational units associated with the contact.

Inbound email account - locks down inbound email accounts in the email client to only list those that belong to the same group as the current user.

Default Groups for New Records - using this mechanism you can set organizational units that will be always attached to record created in a chosen module. You can add several of this dependencies.

Sub sections

Mentioned in other articles