User Management release notes

User Management release notes 2024 and earlier

Released 12th of March 2025

Login of users (RTC-48180)

Users can sign in when their source Azure AD account has a different mail than the AD from where EG invites the user.

Store permissions - New scoped permissions for managing users (RTC-44599)

New permissions, "Manage users" and "View users", have been added to allow store managers to manage only the employees of the stores they have access to, without affecting employees from other stores/profiles.

Managers with "View users" permissions can only view users within their scoped access, while managers with "Manage users" permissions can both view and manage users within their scoped access. If a manager has access to a specific profile, and an employee is in both that profile and another store (outside of this profile), the manager will not be able to view and manage that employee.

Old permissions (`ViewUsers`, CreateNewUser, CreateNewUserWithPin, EditExistingUsers) are removed.

Released 19th of February 2025

Invite user (RTC-9315)

A user can be invited in User management, and they will be automatically added to Azure AD. The invited user will have 'Guest' status in Azure AD. A radio button has been added with two options: "Create new user" and "Invite external user".

If the "Invite external user" option is selected and the required fields are filled in, the user will be invited to both User management and Azure AD. It is not possible to invite a user who already exists in the database, an error will be displayed. When editing, activating, deactivating an invited user, all changes will also be updated in Azure AD.

If a massage and an email are provided in the Cc recipient field, an invitation massage will be sent to the specified user. When a user who exists only in Azure AD and not in the database, the user is invited and will be created normally in User Management. If such user is disabled in Azure AD, their account will be activated.

Create user (RTC-47255)

When creating or changing a password for a new user, Unicode characters are not allowed, and an error massage is displayed.

Released 12th of February 2025

Fix: Duplicated users and allow log in (RTC-45774)

Users with duplicated UPNs (email + source domain + destination domain) created by the Invite Job will now be deleted from both Azure and the Identity Database and correct users will be connected to source user. In situation, that there are no duplicated users, but users with incorrect UPNs (email + source domain + destination domain), they will be updated to have correct email address and to be connected with source user.

Extend user contract with status (RTC-46939)

Contract to import users is extended with status field. It can be 'Active' or 'Inactive'. Uploading file with status changes status of user accordingly to value of that field. By default status is 'Active', so when field is not in the file, it will be treated as if status was 'Active' . User export also contains status.

Entra ID permissions (RTC-26349)

ChainWebShell will now require new (much narrower) permissions from our customers, which improves security both for us and our customers. 

Depending on the configuration of our customer's Microsoft Entra ID, admins may need to provide consent for these new permissions.

Released 4th of February 2025

Create users as members in EG Entra ID (RTC-44592)

User created in User Management by filling form after clicking on button  'New user' in user grid is also created in tenant Entra ID and can sign in to Cloud. Form to create user requires username, display name, region, language and store access of user, other fields are optional. First Name and Last Name are set accordingly as first and last word of given name, but can be set manually. When display name is a one word, it is considered as Last Name. Username cannot have domain, as it will be taken from Microsoft and added to username after saving new user. Username and email are required to be unique per user.

Password of Microsoft security standard is generated by default and can be copied. However it an be set also manually, but needs to meet the standard. On first login to Cloud, user will need to change the password. 

Users can be edited and changes in user details are visible in Entra ID. Deactivating and activating users in UM changes user status in Entra ID.

In a situation, that user exists in Entra ID and not in UM, manually creating user with the same username will result in updating existing user in Entra ID with data provided in creating form.

New scoped permissions for managing users (RTC-44596)

New scoped permissions for managing users are added for the store role, to allow store managers to manage the employees of the store without being able to manage other stores personnel: 

Users - View Users and Manage Users 

The permissions can be saved /modified for the role, as well as assigned to the user. The permissions does not have affect on users actions yet.

System parameters user interface (RTC-42543)

The system parameters view is available for User Management. To access this view and edit values in it, user needs following permission: User management administrator-->Manage system parameters. The system parameters view contains two parameters for now: User language, responsible for what interface language is displayed to users by default, and Content language, responsible for what language the content will be displayed in.

Import group hierarchy to User Management ((RTC-43950)

Item hierarchy has been imported into User Management, and the IdentityService database has been expanded with 3 new tables:

User is exported when modifying the user access level (RTC-43671)

When a user is updated via the UI and the only change is the store access at the user level, the user is exported. The store access is then updated in the BackOffice

Fix: Store roles can be assigned on stores, when user has access to profile/team (RTC-43909)

If the user has access to the profile or team level, they can assign a store role on stores, belonging to this profile/team.

Fix: User invited from external AAD cannot sign in (RTC-43253)

When guest user in one directory is invited to EG directory, they're is correctly created in AAD and database. Such user can sign in to Cloud Chain Web. 

Async API documentation (RTP-35539)

The new async API documentation has been added: AvailableBlobEvent publish with its blob type variants and AvailableBlobEvent subscribe. Additionally,file processing information has been included: FileProcessInfo.