Sugar Identity for SugarCRM is a new cloud-based identity solution for all SugarCloud customers. The solution is based on industry standards that support single sign-on for the Sugar application. It’s managed via the SugarCloud settings console where you can create and manage user records and password requirements securely, as well as set up configuration settings for LDAP and SAML or Single Sign On.

Teams use Sugar Identity tools to:

  • Create a more secure cloud environment for CRM users
  • Exert more control over the CRMs security requirements
  • Assign and manage user roles specific to their security access
  • Troubleshoot user issues through a first-person viewpoint within the system

To access Sugar Identity services, you must be an admin, your instance must be hosted in Sugar’s cloud environment, and it must be Sugar Identity enabled. 

You can check if your Sugar instance is enabled by navigating to your user profile and click “Edit”.  If your instance is enabled, a pop-up message will appear stating that you must log into SugarCloud settings to make changes to read only fields such as the name, title, or user ID.  If your instance is not enabled, the message will tell you to contact the Sugar administrator to make changes to these fields.

SugarCloud Settings

User Management

Sugar Identity is a central management point for user authentication and access where you can manage all end users in one place.

Creating New Users

Create new SugarCRM user

Users can be created in Sugar Identity manually using the Create New User option or by importing a list of users using a .csv file. When creating a new user, you have the option to select Send Email to User or Send Email to Imported User.  Sugar Identity will send the new user a welcome email that allows them to create their Sugar password and access their account.

If you wish to assign teams and roles to the user, it is recommended that you don’t enable this option until roles and teams have been assigned to the user, since the user could possibly log in to Sugar before their access has been appropriately restricted.

Editing Users

Edit SugarCRM user

User records may be edited at any time to modify or add information via the SugarCloud Settings console. When you try to edit a user record, you will be directed to SugarCloud Settings.  Any edits to other stock or custom fields that do not appear in Sugar Identity can be completed in SugarCRM.

Deactivating Users

Deactivate SugarCRM user

It is best practice to deactivate users who are no longer part of your organization instead of deleting them.

Users can be deactivated by changing the user’s status to “Inactive”. When users are deactivated, their historical data will remain intact in Sugar, but they will no longer have access to your instance or to the Outlook plug-in or Sugar Mobile app.  Deactivated users do not count against the number of licensed user accounts for your instance.

Impersonating Users

impersonate SugarCRM user

With Sugar Identity, administrators have the ability to log in as other users in their organization using the Impersonate option in SugarCloud settings. When impersonating a user in Sugar, admin users will be able to access and view the same modules and settings as the user without having to use their login credentials.

Impersonating a user can assist in reproducing or troubleshooting an issue directly from the user's account, previewing a new user's account to ensure that it is set up correctly before the user first logs in to Sugar, previewing a user's account after assigning new teams and roles to ensure that the proper permissions and restrictions are in place, and creating or configuring dashboards for users directly in their account.

Sugar Identity impersonation screen

When impersonating another user, a purple bar will appear at the top of your CRM page letting you know the Impersonate option is engaged.  There are certain guidelines you must follow when using the Impersonate feature, for example, you can only impersonate one user at a time and the session will remain active until the access token expires in typically 69 minutes.  Any changes you make while impersonating a user will be logged as being made by the administrator on the users behalf. To end the session, click Finish Impersonating.

License Management

SugarCRM license management

When creating new users in the SugarCloud Settings console, you may find that the users are not able to login to SugarCRM.  In these situations, a probable cause may be that there are no licenses available for your organization. You can purchase additional licenses for your organization by contacting Sugar or your Technology Advisors customer success manager.  Once the licenses have been purchased, you will need to revalidate the license via Admin>License Management in your Sugar instance to add the user in your CRM.

Password Management

SugarCRM password management

With Sugar Identity, auto generated passwords are sent to new users.  Administrators do not have the ability to set the users’ password in SugarCloud settings as they were able to in previous versions of Sugar. If a user forgets their password, an Admin can send a new email so the user can reset their password or the user can click Forgot Password on the login screen to generate a password reset email themselves.  Admin users also have the ability to configure password requirements including length, number and type of characters, password expiration, and login lockouts for failed attempts.

Sugar Identity is a powerful feature that helps teams create the most secure SugarCRM instance for their organization. It gives administrative users more control over user accounts and password settings, as well as a unique ability to troubleshoot concerns through the user’s own instance. If you have questions on Sugar Identity or need help setting it up at your organization, reach out to your Technology Advisors Customer Success Manager.

Posted in:

Looking for SugarCRM help?

We do training, customization, integration, and much more. Contact us today.