User Management
This article describes all settings in the "User Management" tab within the user group configuration. Here you define which actions members of this group are allowed to perform regarding user accounts and related areas.
User Accounts
Manage Users
Allows viewing, creating, editing, and deleting user accounts. Without this permission, all sub-items of user management are view-only or hidden.
Bulk Edit
Allows editing multiple users simultaneously.
Master Data
Active Account
Allows targeted activation/deactivation of user accounts when needed.
Active From
Sets a start date from which the user account can be used.
Deactivate From
Sets an end date when the user account will be automatically deactivated (e.g., for temporary accounts).
Account Type
Determines the basic permission scheme of an account. Subtypes can only be assigned if the group is allowed to do so.
- Administrator: Full access to the system. Only for trusted individuals.
- Standard: Common, granularly assigned access and operation permissions.
- Guest: Highly restricted rights, primarily reading/presence.
Assign the "Administrator" account type sparingly. It bypasses many restrictions and can override security policies.
User Group
Defines to which user group the user is assigned. The group determines the permissions described in this article.
Username
Required for login to KentixONE. Must be unique across the system.
Name
Full display name of the user, used in logs and notifications.
Description
Free text field for additional information about the user account (e.g., function, location, contact).
Email
Used for alarm/system notifications and invitations.
Phone
Phone number for SMS notifications or inquiries.
Profile Picture
Allows assigning a profile picture, e.g., for biometric components.
Security
Password
Allows setting or resetting a password for user accounts.
Reset Password
Allows administrators to initiate a temporary reset and force the affected user to change it.
Auto Logout
Defines the inactivity time after which a user is automatically logged out. Enhances security at shared workstations.
API Tokens
Allows creating and managing an API token used for authentication with the SmartAPI.
API tokens should be treated like passwords. Keep them secure and delete tokens that are no longer needed.
Access
Access Profiles
Allows controlling when and where users have access (linked with areas).
Transponder ID
Allows managing a transponder ID to assign RFID tokens to a user.
RFID Data
Enables storing RFID-specific data (e.g., encryption ID).
Read RFID
Allows reading a transponder via a DoorLock/reader directly from the mask.
PIN
Maintaining the access PIN for authentication at wall readers.
Emergency Access
Permits users with emergency authorization to access areas even if normal connections are unavailable.
Switching Authorization via Access Components
Allows triggering alarm groups via access components (e.g., reader keyboard).
Switching permissions can trigger security-related actions. Assign them only to verified users.
Monitoring
Alarm Groups
Defines which areas and devices a user can view in alarm groups.
Notifications
Controls the notifications matrix; specifies which notifications a user receives.
Billing
Determines whether the user can be assigned and view billing information.
User Groups
Manage User Groups
Allows creating, editing, and deleting user groups and assigning permissions.
Access Profiles
Manage Access Profiles
Allows creating and editing access profiles (linking time profiles and access components).
Manage All Access Profiles
Allows managing all access profiles – even those not explicitly assigned to the group.
Time Profiles
Manage Time Profiles
Allows creating and editing time profiles that define when actions can be performed (e.g., access times).
Bulk Edit
Allows simultaneous editing of multiple users (e.g., assigning the same user group, resetting attributes, activating/deactivating). Useful for rollout or cleanup tasks.
Use bulk editing preferably in combination with filters to change only the desired users.