Local User Management
Only local users can be created via ConfigHub. In the case of an external Identity Provider (IdP), the users are synced instead and should be managed via the IdP.
To create users you will need to navigate to the “Users” section, placed under "Security" in the menu on the left.
|  | 
Note
You can review a list of user roles to each specific user using the “User role” column in the table.
From this view users can be added via the “Add user” button, located on the top right.
Available roles:
- Application Administrator - Note- Provides access to - TrendHub index manager 
- ContextHub platform management = schedule manager config of workflows and fields, digital twin builder, 
  - Users with this role would have the ability to administer “TrendHub”, “ContextHub” and “DashHub”. 
 
- System Administrator - Note- Provides access to - ConfigHub 
- All access that Application Administrator is having access to. 
  - Users with this role would also automatically receive the “Application Administrator” role. On top of the permissions the “Application Administrator” role is providing a user, having also the “System Administrator” role would also enable a user to access and administer "ConfigHub". 
 
- Shared space user  - For security reasons - assigning “Shared space user” role to a specific user would prevent you of assigning any administration role in combination with it. 
- Users with this role have the following fields as optional: “First name”, “Last name” and “Email address”. 
- An extended login timeout of 1 year is provided for such users to ensure their usability in shared spaces for displaying dashboards and other content for prolonged periods of time. 
- A forceful logout of such users can be initiated by clicking on the “Revoke token” in the “User edit” screen (to which you can navigate by clicking on an already created user in the table):  - Once that's done a confirmation dialogue would appear, from where you can also select for the user to have to update his password on next login:  - Note- The user can remain logged in for a maximum of 5 minutes after the process has been initiated, after which he will be forcefully logged out. 
 
After filling in all the required fields and clicking on the "Create" button in the top right - a green message saying ‘User is created’ indicates successful user creation.
Note
Usernames cannot be changed after a user has been created.
Password policy
When creating users locally, the password needs to adhere to the following rules:
- Have a minimum length of 8 characters 
- Contain at least one uppercase character [A-Z] 
- Contain at least one lowercase character [a-z] 
- Contain at least one digit [0-9] 
- Contain at least one special character [?!@#%$…] 
- Not have been recently used in the previous three passwords 
- Not a common password