User management: contractor expiration and domain whitelist

User management • LockSelf v4

Overview


The Management tab brings together the user management options. Here you configure two security controls: the expiration period for contractor accounts and the domain whitelist that restricts which email domains are allowed for account creation.

Who can do this?

  • The Super Admin configures the settings at the global or organization level, and manages the global and organizational whitelist.
  • The Administrator configures the settings and the whitelist for their own organization only.
  • The Moderator can access the Management tab and change the contractor expiration period; they have read-only access to the whitelist.

A text in the top right of the tab reminds you of your scope: global for the Super Admin, limited to the subcategory for the Administrator and the Moderator.

Configure the expiration period for contractor users


To configure the expiration period applied to contractor accounts:

  1. Go to the Management → Users tab.
  2. Click "Applied by default" to enable the expiration period.
  3. Choose the frequency and the associated counter: day (1 to 31), week (1 to 52) or month (1 to 12).
  4. The configuration is saved and applies to the new contractor accounts created.

You can also select "Custom" to not apply a default expiration period. If no configuration is set, the period is initialized to 1 day.

On expiry, the contractor account is locked and the user receives a notification email.

Enable the domain whitelist


The whitelist restricts account creation to authorized email domains only. It applies only to new accounts: existing users are not affected.

Enable or disable the restriction

  1. Go to the Management → Users tab.
  2. Click "Edit".
  3. Enable (or disable) the whitelist restriction.
  4. The setting takes effect immediately.

Add a domain

  1. Once the restriction is enabled, click "Add".
  2. Enter the label (name, required), the domain (e.g. @example.com) and the scope (global or organization). The Super Admin chooses either; the Administrator only organization.
  3. Confirm: the domain becomes active according to the chosen scope.

Delete a domain

  1. Hover over the relevant domain in the list.
  2. Click the associated red cross.
  3. The domain is removed and can no longer be used to create new accounts. Existing accounts using this domain are not deleted.

Behavior and special cases


  • Inheritance: a domain added to the global whitelist by the Super Admin automatically applies to all child organizations. Sub-organization administrators benefit from it but cannot edit it (read-only).
  • Domain retention: disabling the whitelist does not delete the domains added; they are kept and reactivated if you re-enable the restriction.
  • Main Super Admin's domain: added automatically at creation, it cannot be deleted.
  • Existing administrators: never blocked by the whitelist, whatever the configuration.
  • Traceability: every change is recorded in the logs (user, action, IP, User-Agent, date).

Updated