User management: contractor expiration and domain whitelist

User management • LockSelf v4

Overview

The Management tab gathers the user management options. From there you configure two security controls: the expiration period for contractor accounts and the domain whitelist that restricts the email domains allowed for account creation.

Who can do this?

  • The Super Admin configures the settings at the global or organization level and manages both the global and organizational whitelist.
  • The Administrator configures the settings and the whitelist for their own organization only.
  • The Moderator can access the Management tab and edit the contractor expiration period; they have read-only access to the whitelist.

A note in the top-right corner of the tab reminds you of your scope of action: global for the Super Admin, limited to the sub-category for the Administrator and the Moderator.

Configure the expiration period for contractor users

To configure the expiration period applied to contractor accounts:

  1. Go to the Management → Users tab.
  2. Click "Applied by default" to enable the expiration period.
  3. Choose the frequency and the associated counter: days (1 to 31), weeks (1 to 52) or months (1 to 12).
  4. The configuration is saved and applies to newly created contractor accounts.

You can also select "Custom" so that no default expiration period is applied. If no configuration is set, the period defaults to 1 day.

When the period ends, the contractor account is locked and the user receives a notification email.

Enable the domain whitelist

The whitelist limits account creation to authorized email domains only. It applies only to new accounts: existing users are not affected.

Enable or disable the restriction

  1. Go to the Management → Users tab.
  2. Click "Edit".
  3. Enable (or disable) the whitelist restriction.
  4. The setting is applied immediately.

Add a domain

  1. Once the restriction is enabled, click "Add".
  2. Enter the name (label, required), the domain (e.g. @example.com) and the scope (global or organization). The Super Admin can choose either, the Administrator organization only.
  3. Confirm: the domain becomes active according to the selected scope.

Remove a domain

  1. Hover over the relevant domain in the list.
  2. Click the associated red cross.
  3. The domain is removed and can no longer be used to create new accounts. Existing accounts using this domain are not deleted.

Behavior and special cases

  • Inheritance: a domain added to the global whitelist by the Super Admin automatically applies to all child organizations. Administrators of sub-organizations benefit from it but cannot edit it (read-only).
  • Domain retention: disabling the whitelist does not erase the added domains; they are kept and reactivated if you re-enable the restriction.
  • Main Super Admin domain: added automatically on creation, it cannot be removed.
  • Existing administrators: never blocked by the whitelist, regardless of the configuration.
  • Traceability: every change is recorded in the logs (user, action, IP, User-Agent, date).

Updated