Identity for SugarCRM is a new cloud-based identity solution for all SugarCloud
customers. The solution is based on industry standards that support single
sign-on for the Sugar application. It’s managed via the SugarCloud settings
console where you can create and manage user records and password requirements
securely, as well as set up configuration settings for LDAP and SAML or Single
Teams use Sugar Identity tools to:
- Create a more secure cloud environment for CRM
- Exert more control over the CRMs security
- Assign and manage user roles specific to their
- Troubleshoot user issues through a
first-person viewpoint within the system
To access Sugar Identity services, you must be an admin, your
instance must be hosted in Sugar’s cloud environment, and it must be Sugar
You can check if your Sugar instance is enabled by navigating to your user profile and click “Edit”. If your instance is enabled, a pop-up message will appear stating that you must log into SugarCloud settings to make changes to read only fields such as the name, title, or user ID. If your instance is not enabled, the message will tell you to contact the Sugar administrator to make changes to these fields.
Sugar Identity is a central management point for user authentication and access where you can manage all end users in one place.
Creating New Users
Users can be created in Sugar Identity manually using the Create
New User option or by importing a list of users using a .csv file. When
creating a new user, you have the option to select Send Email to User or
Send Email to Imported User. Sugar
Identity will send the new user a welcome email that allows them to create
their Sugar password and access their account.
If you wish to assign teams and roles to the user, it is recommended that you don’t enable this option until roles and teams have been assigned to the user, since the user could possibly log in to Sugar before their access has been appropriately restricted.
User records may be edited at any time to modify or add information via the SugarCloud Settings console. When you try to edit a user record, you will be directed to SugarCloud Settings. Any edits to other stock or custom fields that do not appear in Sugar Identity can be completed in SugarCRM.
It is best practice to deactivate users who are no longer
part of your organization instead of deleting them.
Users can be deactivated by changing the user’s status to “Inactive”. When users are deactivated, their historical data will remain intact in Sugar, but they will no longer have access to your instance or to the Outlook plug-in or Sugar Mobile app. Deactivated users do not count against the number of licensed user accounts for your instance.
With Sugar Identity, administrators have the ability to log
in as other users in their organization using the Impersonate option in
SugarCloud settings. When impersonating a user in Sugar, admin users will be
able to access and view the same modules and settings as the user without having
to use their login credentials.
Impersonating a user can assist in reproducing or troubleshooting an issue directly from the user's account, previewing a new user's account to ensure that it is set up correctly before the user first logs in to Sugar, previewing a user's account after assigning new teams and roles to ensure that the proper permissions and restrictions are in place, and creating or configuring dashboards for users directly in their account.
When impersonating another user, a purple bar will appear at the top of your CRM page letting you know the Impersonate option is engaged. There are certain guidelines you must follow when using the Impersonate feature, for example, you can only impersonate one user at a time and the session will remain active until the access token expires in typically 69 minutes. Any changes you make while impersonating a user will be logged as being made by the administrator on the users behalf. To end the session, click Finish Impersonating.
When creating new users in the SugarCloud Settings console, you may find that the users are not able to login to SugarCRM. In these situations, a probable cause may be that there are no licenses available for your organization. You can purchase additional licenses for your organization by contacting Sugar or your Technology Advisors customer success manager. Once the licenses have been purchased, you will need to revalidate the license via Admin>License Management in your Sugar instance to add the user in your CRM.
With Sugar Identity, auto generated passwords are sent to
new users. Administrators do not have
the ability to set the users’ password in SugarCloud settings as they were able
to in previous versions of Sugar. If a user forgets their password, an Admin
can send a new email so the user can reset their password or the user can click
Forgot Password on the login screen to generate a password reset email
themselves. Admin users also have the
ability to configure password requirements including length, number and type of
characters, password expiration, and login lockouts for failed attempts.
Sugar Identity is a powerful feature that helps teams create
the most secure SugarCRM instance for their organization. It gives administrative
users more control over user accounts and password settings, as well as a
unique ability to troubleshoot concerns through the user’s own instance. If you
have questions on Sugar Identity or need help setting it up at your
organization, reach out to your Technology Advisors Customer Success Manager.