User management

Learn how to manage user accounts in your organization.

On the User Management page, you can add, edit, or delete user accounts for your organization. By default, Mindful users log in with a combination of email address and password.

Multi-factor authentication (MFA)

A Mindful super admin can enable MFA for your organization, which will require all users to provide a one-time passcode from an authenticator app when logging in.

With MFA required, users of that organization will be shown the Multi-Factor Authentication page the next time they log in. On this page, they will be provided with a QR code and optional secret code to add a Mindful entry to their chosen authenticator app.

image of the multi factor authentication page

After successfully verifying a code from an authenticator app, users will be taken directly to their user profile page. At the same time, they will receive an automated email from noreply@getmindful.com with information about the change.

example of an MFA confirmation email

After this, users will be required to authenticate with MFA on each login.

Recovery codes

With MFA enabled, users will see a Show Recovery Code button on the Your Account page. They can click this button, then confirm their password, to view their personal MFA recovery code at any time.

image of the user profile page after clicking the show recovery code button

Add new user accounts

Note: For Government Users - Administrators do not have the ability to add new users. The addition of new users will be handled according to the policy of your organization.

Quick access: Organization > User Management

  1. On the User Management page, click Invite Users.image of the user management page
  2. In the Invite Users modal window, provide values for the two required fields:

    • Email: You can invite one or more users in this field. Follow the on-screen instructions for separating email addresses.

    • Roles: Click the dropdown menu to select a single or multiple Roles. All addresses invited in a group will receive the same Role permissions selected here.

  3. Click Invite to send a registration email with a temporary password to the listed users.

example of inviting users

Edit user accounts

On the User Management screen, click the Edit icon in the row of the user account you want to edit. This opens the Edit User modal.

image of the edit user page
  • Email - The user's email may be updated, but they will have to log in again with the new email address once this change is saved.
  • Name - The user's name may be updated.
  • Roles - The user's Role may be changed.

Click Save when finished.

Deleting user accounts

This action can only be performed by users with Administrator access.

  • On the User Management page, click Delete in the row of the user account that you want to permanently remove. When prompted, confirm the deletion.

User roles and permissions

Mindful includes several default user roles with different levels of access (Administrator, Manager, Viewer) for different components of the platform, in addition to allowing custom user roles with any combination of permissions. It is common to combine several default roles to achieve the level of access needed for administrators and other users.

Consult the following tables to view the permissions granted by each default role.

Note: All roles grant access to the user's personal profile page.

Callback

Callback user roles grant access to pages related to Call Targets, Scheduler widgets, reports, and more.

PageAdministratorManagerViewer
Callback Overview (coming soon)AllAllAll
Callback StatusAllAllAll
Call DetailAllAllAll
InsightsAllAllAll
ExportsAllAllAll except for Audit reports
Global SettingsMost settings (some are reserved for Mindful staff)Some settings (no messaging)No access
Call TargetsMost settings (some are reserved for Mindful staff)Most settings (some are reserved for Mindful staff)No access
Smart RulesAllAllNo access
Business UnitsAllNo accessNo access
Media SetsAllAllNo access
Phone NumbersAllAllView only
WidgetsAllAllNo access
TemplatesAllAllNo access
IntentsAllAllNo access
User Data SetsAllAllNo access
Access Control PoliciesAllView onlyNo access
APIAllAllNo access
AlertsAllAllView Only - cannot acknowledge/clear alerts

Connections

The Connections administrator role grants full access to configure and enable any available connection.

PageAdministrator
ConnectionsAll

Datastore

These roles grant access to the Lookup Data Set and Data Set Templates pages to manage Mindful Datastore.

AdministratorAgent
Lookup Data SetAllAll
Data Set TemplatesAllNo access

Handoff

Handoff user roles grant access to the Block List and Message Lookup pages. All Handoff roles can view and search for entries on both pages.

PageAdministratorManagerViewer
Block ListAllAllAll
Message LookupAllAllAll

Mindful API

The Mindful API user roles grant access to the Application Clients page.

PageAdministratorViewer
Application ClientsAllView only

Platform Management

These roles grant access to manage user accounts and roles.

PageAdministratorManagerViewer
User ManagementAllView and edit existing usersView only
Application RolesAllView default roles / View and edit existing custom rolesView only

Webhooks

Webhooks user roles grant access to the Webhooks page.

PageAdministrator Viewer
WebhooksAllView only

Authentication security

Several security measures are in place to restrict abnormal attempts to access the platform:

  • Passwords are masked in the UI on the login page and user account page.
  • Users are automatically logged out after 15 minutes of inactivity.

The following actions will cause a user account to be locked out for 30 minutes:

  • Three failed login attempts are made within 15 minutes.
  • A new attempted login occurs within three seconds of the last failed attempt.

Note that the count of login attempts does not reset based on a timer. Rather, it only resets upon a successful login, regardless of how much time has passed. Also, there is no way to lift the 30-minute lock-out period. After being locked out, a user must wait 30 minutes before attempting to log in again.