User accounts and permissions manage who has access to Slate, and what capabilities a user is granted within a partner's database. Slate supports unlimited user accounts, so access can be granted to as many individuals as needed. Before a user can access a partner's database, a new user account must be created by a current user who is granted the Security Administrator permission.
User accounts may be created for institutional users, external users who may not work at the partner institution but need access to Slate, and service accounts such as SFTP. Security administrators are able to add new users, deactivate existing users, and manage user access to records and resources in Slate through the User Permissions module.
Use the following steps to add a new user account:
- Click Database on the navigation bar and select User Permissions.
- Click New User.
- Enter the following configurations:
- First Name
- Last Name
- Preferred/Short Name: A preferred or short name is required for each user.
- Primary Phone, Mobile Phone, Title, Department (optional): Enter the user's contact information, title, and department if desired.
- User Type: Select the appropriate user type. Refer to the next section for more information on user types.
- User ID: The User ID must match the single sign-on ID users regularly use at your institution if single sign-on is configured. User accounts in Slate must have unique user IDs regardless of active or inactive status.
- Home Country: Select the country where the user will access Slate most often.
- Active: Select to enable the user account for access. The user account will be created as an active user.
- Supervised (optional): Select if the user account requires supervised login.
- MFA (optional): Select to require multi-factor authentication for logins from unrecognized devices. If selected, a mobile phone number is required.
- Expires After (optional): Enter a date after which the user account will be automatically deactivated.
- Click Save.
Deactivate User Accounts!
If a user no longer needs access to Slate, simply uncheck the Active setting. It is best practice to deactivate user accounts as opposed to deleting them in order to preserve audit logs.
How does supervised login work?
The Supervised setting is useful for users who should only be able to access Slate from a computer in the office. Supervised login is a two-step process:
1. A non-supervised user must click the "Supervised Login" link on the Slate homepage.
2. The non-supervised user must copy the URL from the popup window to the clipboard. All browser windows must be closed, then a new browser window may be opened. Paste the saved URL in the new browser window. Then the supervised user may use their own credentials to login to Slate.
After a user account is created, the user may be granted permissions by selecting individual permissions on the Permissions tab, inheriting permissions through a role granted on the Roles tab, or through population permissions granted on the Populations tab.
User accounts can be created for the following user types:
A user is an individual who has an institutional account and needs access to Slate to view or edit record data. A user typically connects to Slate through the partner's single-sign-on system. The "User" type will be used for the majority of users accounts in a database.
An external user is an individual who does NOT have an institutional account but needs to access Slate to view or edit record data. Slate authentication will be used for these users, and an activation password must be set.
External users must login to Slate through the External Login URL, for example:
External User Access to Test Environment!
If an external user needs to access a test environment, the user must exist in test, and will need to login through the External Login URL specific to the test environment.
A service account or service account (remote) is configured for accounts that need access to the Slate SFTP servers only.
A user account may be granted direct SQL access to Slate, which a read-only interface into the partner's database through a direct, native SQL Server connection. Direct SQL access is granted through the Direct SQL Access exclusive permission, found on the Roles tab of the user account.