User Management in ERPNext

User Management in ERPNext helps administrators create and manage user accounts, assign roles, configure permissions, and control access to company data and modules. By defining roles and access levels, organizations can ensure that users only see and interact with information relevant to their responsibilities.

Users can be added and managed by a System Manager. To access the User master, navigate to:

Home > Users and Permissions > User

ERPNext supports two types of users:

• Website Users – Customers, suppliers, students, and other external users who only have access to the portal.
• System Users – Internal users who can access ERPNext modules, company records, and business processes.

Every user is uniquely identified by their Email Address, which serves as the User ID in ERPNext.

1. Creating a New User

Follow these steps to create a new user account:

1. Open the User list and click New.
2. Enter the user’s Email Address and Name.
3. Save the document.

Additional details such as Username, Language, and Profile Information can be configured after saving.

2. User Features

2.1 Setting Roles

After saving the user, you can assign one or more roles by selecting them from the Roles section.

Roles come with predefined permissions and determine which modules and documents a user can access.

Role Profiles can be used as templates to assign multiple roles at once, simplifying user onboarding.

2.2 Personal Information

The User master allows you to store additional user information such as:

• Gender
• Phone Number
• Mobile Number
• Date of Birth
• Location
• Interests
• Bio

You can also enable Mute Sounds to disable interface sounds during document interactions.

2.3 Password Management

System Managers can manage passwords directly from the User document.

Available options include:

• Set New Password
• Send Password Update Notification
• Log Out From All Devices While Changing Password

These controls help maintain account security and ensure users are informed about password changes.

2.4 Document Follow

Users can follow documents and receive notifications whenever those records are updated.

This feature is useful for tracking important business transactions and staying informed about changes.

2.5 Email Settings

The Email Settings section provides control over communication preferences.

Options include:

• Send Notifications for Email Threads
• Send Me a Copy of Outgoing Emails
• Allowed in Mentions (@mentions)
• Email Signature Configuration

Email signatures configured here are automatically added to all outgoing emails sent by the user.

2.6 Email Inbox

Users can be subscribed to company mailing lists such as:

• Support
• Sales
• Recruitment
• Marketing

This allows emails from specific business functions to be routed to the appropriate users.

2.7 Module Access Control

Users automatically gain access to modules based on their assigned roles.

However, administrators can further restrict module access by unchecking specific modules in the Allow Module Access section.

Module Profiles

Module Profiles act as templates for module access and can be assigned to multiple users.

For example:

• HR Users may receive access to HR and Payroll modules.
• Sales Users may receive access to CRM and Selling modules.

This helps standardize module access across teams.

2.8 Security Settings

ERPNext includes several advanced security controls:

• Simultaneous Sessions – Limit the number of active logins.
• Login After / Login Before – Restrict login times.
• Restrict IP – Allow access only from specific IP addresses.
• User Type – Automatically categorized as Website User or System User.

IP restrictions can be used to allow access only from office networks, improving security.

The section also displays details such as Last Login, Last IP Address, and Last Active Time.

2.9 Third-Party Authentication

ERPNext supports authentication through third-party providers including:

• Google
• Facebook
• GitHub

After configuring the required Client ID and Secret Keys, users can log in using their external accounts.

2.10 API Access

Users can generate API Keys and API Secrets from the User document.

These credentials allow external applications to securely access ERPNext data through APIs.

Typical use cases include:

• POS integrations
• Mobile applications
• Third-party software integrations

3. Actions Available After Saving

After a user record is saved, additional administrative actions become available.

Permissions

• Set User Permissions – Restrict access to specific records.
• View Permitted Documents – Review documents accessible to the user.

Password Actions

• Reset Password
• Reset OTP Secret for Two-Factor Authentication
• Create User Email for setting up an Email Account

Impersonate User

Introduced in Version 15, the Impersonate feature allows Administrators to temporarily access the system as another user for troubleshooting purposes.

Important points:

• An activity log is created whenever impersonation is used.
• Document changes record the original administrator who performed the action.
• The user being impersonated receives a notification.

4. Login Methods

ERPNext supports multiple login methods.

By default, users log in using their email address. However, administrators can enable mobile number login through:

System Settings > Security > Allow Login Using Mobile No

When enabled:

• Email Address remains the primary User ID.
• Mobile Number can also be used for authentication.

Mobile numbers must be unique to ensure successful login authentication.

Related Topics

• Role Based Permissions
• User Permissions
• Role Profiles
• Document Follow
• Email Account
• System Settings