Adding and Removing Concrete5 Users | OpsBlu Docs

Adding and Removing Concrete5 Users

Complete guide to managing users, groups, and permissions in Concrete CMS (formerly Concrete5)

Comprehensive guide for managing Concrete CMS user accounts, from creating new users to safely removing access.

Prerequisites

To manage users, you must have:

  • Administrator access in Concrete CMS
  • Permission to manage users and groups
  • Understanding of group-based permissions

System Requirements:

  • Concrete CMS v8 or later recommended
  • PHP with appropriate permissions
  • Database access for bulk operations

Adding Users to Concrete5

Method 1: Dashboard Interface

Best for: Individual user creation

Step 1: Access User Management

Dashboard → Members → Users → Add User

Screenshot reference: /screenshots/concrete5-add-user.png

Step 2: Enter User Information

Required Fields:

  • Username: Unique identifier (alphanumeric, hyphens, underscores)
  • Email: Valid email address (must be unique)
  • Password: Strong password required
    • Minimum 8 characters
    • Mixed case, numbers, symbols recommended

Optional Fields:

  • First Name: User's first name
  • Last Name: User's last name
  • Language: Interface language preference
  • Timezone: User's timezone

Step 3: Assign Groups

Select user groups:

  • Administrators (full access)
  • Editors (content editing)
  • Authors (content creation)
  • Registered Users (basic access)
  • Custom groups

Multiple groups: Users can belong to multiple groups

Permission stacking: Permissions from all groups combine

See Roles & Permissions for group details.

Step 4: Configure Additional Settings

User attributes (optional):

  • Profile information
  • Custom user attributes
  • Avatar/profile picture
  • Bio/description

Notification settings:

  • Email notifications
  • Workflow notifications
  • System updates

Step 5: Save User

  1. Click "Add User"
  2. Confirmation message appears
  3. User receives email (if configured)
    • Welcome message
    • Account details
    • Password reset link (if applicable)

Method 2: Public Registration (If Enabled)

Allow visitors to register:

Dashboard → System & Settings → Registration → Enable

Configuration:

  • Approval required: Admin must approve
  • Auto-approval: Instant access
  • Email validation: Verify email first
  • Default group: Assign new users to group
  • CAPTCHA: Prevent spam registrations

Workflow:

  1. User fills registration form
  2. Email verification (if required)
  3. Admin approval (if required)
  4. Account activated
  5. User can log in

Method 3: Bulk User Import

Best for: Migrating users, large teams

Prepare CSV File

username,email,password,firstName,lastName,groups
johndoe,john@example.com,TempPass123,John,Doe,Editors
janesmit h,jane@example.com,TempPass456,Jane,Smith,"Editors,Authors"
bobadmin,bob@example.com,TempPass789,Bob,Admin,Administrators

Using Add-on or Custom Script

Via Package/Add-on:

  1. Install user import package
  2. Dashboard → Users → Import
  3. Upload CSV file
  4. Map fields
  5. Configure options:
    • Send welcome emails
    • Require password reset
    • Assign to groups
  6. Import users

Via PHP Script:

use Concrete\Core\User\UserInfo;
use Concrete\Core\User\Group\Group;

$csv = array_map('str_getcsv', file('users.csv'));
$header = array_shift($csv);

foreach ($csv as $row) {
    $data = array_combine($header, $row);

    try {
        $userInfo = UserInfo::add([
            'uName' => $data['username'],
            'uEmail' => $data['email'],
            'uPassword' => $data['password']
        ]);

        // Add to groups
        $groups = explode(',', $data['groups']);
        foreach ($groups as $groupName) {
            $group = Group::getByName(trim($groupName));
            if ($group) {
                $userInfo->getUserObject()->enterGroup($group);
            }
        }

        echo "Created: " . $data['username'] . "\n";
    } catch (Exception $e) {
        echo "Error: " . $e->getMessage() . "\n";
    }
}

Method 4: API User Creation

For integrations and automation:

use Concrete\Core\User\UserInfo;
use Concrete\Core\Support\Facade\Application;

$app = Application::getFacadeApplication();

$data = [
    'uName' => 'newuser',
    'uEmail' => 'newuser@example.com',
    'uPassword' => 'SecurePassword123!'
];

try {
    $ui = UserInfo::add($data);

    // Add attributes
    $ui->setAttribute('first_name', 'New');
    $ui->setAttribute('last_name', 'User');

    // Add to group
    $group = Group::getByName('Editors');
    $ui->getUserObject()->enterGroup($group);

    return $ui;
} catch (Exception $e) {
    // Handle error
}

Managing Existing Users

View Users

Dashboard → Members → User Search

Search and filter:

  • By username or email
  • By group membership
  • By registration date
  • By active/inactive status
  • Advanced search options

Edit User Information

  1. Dashboard → Members → User Search
  2. Find user
  3. Click username
  4. Modify details:
    • Email address
    • Password (reset)
    • Groups
    • Attributes
    • Permissions
  5. Save changes

Change User Groups

Add to group:

  1. Edit user
  2. Groups tab
  3. Select group
  4. Save

Remove from group:

  1. Edit user
  2. Groups tab
  3. Deselect group
  4. Save

Bulk group changes:

  1. Dashboard → Members → Group Sets
  2. Select users (bulk selection)
  3. Add to group or remove from group

Reset User Password

Admin-initiated reset:

Edit User → Change Password → Enter new password → Save

User-initiated reset:

Login page → Forgot Password → Enter email → Reset link sent

Force password change on next login:

$ui = UserInfo::getByID($userID);
$ui->setAttribute('must_change_password', true);

Activate/Deactivate User

Deactivate (suspend):

Edit User → Deactivate User

Effects:

  • Cannot log in
  • Retains all data
  • Can be reactivated
  • Preserves group membership

Use for:

  • Temporary suspension
  • Inactive employees
  • Security incidents
  • Pending investigation

Removing Users from Concrete5

Pre-Removal Checklist

  • Review user's content: Pages, files, blocks created
  • Reassign ownership: Transfer to another user
  • Export user data: For compliance (GDPR)
  • Check workflows: Any pending approvals
  • Document removal: Reason and date
  • Notify team: If applicable

Method 1: Delete via Dashboard

Step 1: Navigate to User

Dashboard → Members → User Search → Find user

Step 2: Delete User

  1. Click username to edit
  2. Scroll to bottom
  3. Click "Delete User" button
  4. Confirmation dialog:
    Are you sure you want to delete this user?
Content created by this user will be preserved.
This action cannot be undone.
  5. Click "Delete" to confirm

What happens:

  • User account deleted
  • Cannot log in
  • Content preserved (pages, files, etc.)
  • Username becomes available

Method 2: Bulk User Deletion

Via user search:

  1. Dashboard → Members → User Search
  2. Filter users to delete
  3. Select users (checkboxes)
  4. Bulk actions → Delete
  5. Confirm deletion

Via script (careful!):

use Concrete\Core\User\UserInfo;

$userIDs = [123, 124, 125]; // IDs to delete

foreach ($userIDs as $uID) {
    $ui = UserInfo::getByID($uID);
    if ($ui) {
        try {
            $ui->delete();
            echo "Deleted user ID: " . $uID . "\n";
        } catch (Exception $e) {
            echo "Error deleting " . $uID . ": " . $e->getMessage() . "\n";
        }
    }
}

Method 3: Soft Delete (Deactivate Instead)

Better approach for most cases:

  1. Deactivate user instead of delete
  2. Preserves complete user history
  3. Can be reactivated if needed
  4. Maintains data integrity
$ui = UserInfo::getByID($userID);
$ui->deactivate();

Special Scenarios

Removing Administrator

Cannot remove last administrator:

  • System requires at least one admin
  • Create backup admin first
  • Then remove original

Steps:

  1. Add new administrator
  2. Verify new admin can log in
  3. Test admin permissions
  4. Remove original administrator

Emergency Access Removal

Security incident:

  1. Deactivate immediately: Edit user → Deactivate
  2. Change password: If compromise suspected
  3. Review recent activity: Check logs
  4. Audit changes: Pages edited, files uploaded
  5. Remove from groups: Strip permissions
  6. Document incident: Security log

Post-incident:

GDPR Compliance

Right to be forgotten:

use Concrete\Core\User\UserInfo;

// Anonymize user data
$ui = UserInfo::getByID($userID);

// Remove personal data
$ui->update([
    'uEmail' => 'deleted-user-' . $userID . '@example.com',
    'uName' => 'deleted-' . $userID
]);

// Remove attributes
$ui->clearAttribute('first_name');
$ui->clearAttribute('last_name');
$ui->clearAttribute('avatar');

// Optional: Delete account entirely
$ui->delete();

Group Management

Create New Group

Dashboard → Members → Groups → Add Group

Configuration:

  • Group name
  • Description
  • Parent group (if hierarchical)
  • Default permissions
  • Expiration (optional)

Assign Permissions to Group

Dashboard → System & Settings → Permissions → Advanced Permissions

Set permissions:

  • Page permissions
  • File manager permissions
  • Sitemap permissions
  • Task permissions
  • Custom permissions

Apply to group:

  1. Select permission area
  2. Add group
  3. Configure access level
  4. Save

Monitoring and Auditing

View User Activity

Dashboard → Reports & Workflow → Logs → Authentication

Tracked events:

  • Login/logout
  • Failed login attempts
  • Password changes
  • Permission changes
  • User creation/deletion

Filter by:

  • User
  • Date range
  • Event type

Regular Audits

Monthly review:

  • List all active users
  • Verify group memberships
  • Check inactive users (90+ days)
  • Review administrator accounts
  • Update documentation

Quarterly audit:

  • Full permission review
  • Remove unnecessary accounts
  • Update group structures
  • Security assessment

Best Practices

Adding Users

Security-first:

  • ✓ Use strong password policy
  • ✓ Assign to appropriate groups only
  • ✓ Enable email verification
  • ✓ Require admin approval for sensitive sites
  • ✓ Use least privilege principle
  • ✓ Document user purpose
  • ✓ Set review date

Avoid:

  • ✗ Giving Administrator by default
  • ✗ Sharing accounts
  • ✗ Weak passwords
  • ✗ No email verification

Removing Users

Clean offboarding:

  • ✓ Deactivate same day as departure
  • ✓ Review and reassign content
  • ✓ Export data if required
  • ✓ Document removal
  • ✓ Update team documentation
  • ✓ Audit permissions

Avoid:

  • ✗ Delaying removal
  • ✗ Leaving inactive accounts
  • ✗ Forgetting content ownership
  • ✗ No documentation

Troubleshooting

Can't Add User - Duplicate Email

Error: "Email address already in use"

Solutions:

  • User already exists (search for them)
  • Use different email
  • Delete old account first
  • Check for typos

User Can't Log In

Checklist:

  • Account active (not deactivated)?
  • Correct username/password?
  • Email verified (if required)?
  • Not locked out (too many failed attempts)?
  • Browser cookies enabled?

Common fixes:

  • Reset password
  • Activate account
  • Clear cache
  • Check error logs

Cannot Delete User

Possible causes:

  • Last administrator (can't remove)
  • User owns content with restrictions
  • Database constraints
  • Permission denied

Solutions:

  • Create backup administrator
  • Reassign content ownership
  • Check database integrity
  • Verify your permissions

Bulk Import Fails

Common issues:

  • CSV formatting errors
  • Duplicate emails/usernames
  • Invalid group names
  • Missing required fields
  • Character encoding (use UTF-8)

Debug:

  • Check CSV format
  • Validate data
  • Import small batch first
  • Review error logs

Next Steps

Nach oben