The Manage Administrators screen is available only to "Site Administrators", who are Enterprise Administrators with full access to one or more Sites. Site Administrators can add new Administrators and can edit existing Administrators.
You can edit the properties for an Administrator by clicking edit. You can delete an Administrator by clicking delete. Clicking on the security icon will load a screen which displays the current security settings for that Administrator.
Each Administrator must have the following attributes:
- Username: This is the "login name" that the Administrator will use to gain access to Enterprise. Usernames should be easy to remember (usually a first name or first initial/last name combination). Usernames can contain only letters and numbers (no spaces, dashes or other special characters).
- Password: Each Administrator has a password that allows him or her to log in to Enterprise. We recommend using something that will be easy for the Administrator to remember, but difficult for others to guess. Administrators should never write their password down or share it with others.
- E-mail Address: Enterprise sends e-mail notifications to Administrators when certain events occur (e.g. when a mailing is sent), so each Administrator must have a valid e-mail address.
- Use SSL?: Administrators who do not have this box checked role must log in to Enterprise using the Secure Sockets Layer protocol (as evidenced by a yellow padlock icon in the lower right corner of the browser window), but they are then redirected to a non-secure (non-SSL) connection for the duration of their Enterprise session. Administrators who do have this box checked (as they do by default) retain the secure SSL connection for the duration of their Enterprise session. The only reason not to leave this box checked is to prevent the following warning message when editing or previewing messages containing images hosted outside of Enterprise:
This security warning can also be prevented by changing your browser's security settings (in Internet Explorer, Tools > Internet Options > Security > Custom Level > Miscellaneous > Display mixed content).
- Sites/Roles: Each Administrator you add or edit must be granted at least one role in at least one Site. Roles determine which Enterprise functions the Administrator is authorized to access. If you are a Site Administrator, for example, you have complete access to all functionality of Enterprise and can create Administrators in any of the available roles. If you are a List Administrator, on the other hand, then you have access only to the Members module of Enterprise, not to the Mailings and Reports modules. The various roles are described below:
- Site Administrator: A Site Administrator has full access to all modules of Enterprise and has the ability to create new Administrators in any of the various roles. When you create a new Administrator, if you check the box for "Site Administrator" you do not need to check the boxes for the other roles, as Site Administrators automatically inherit all permission levels. Site Administrators can't remove their own Site Administrator role, but they can remove the Site Administrator role from other Site Administrators.
- List Administrator: A List Administrator has access to the Members module of Enterprise. He or she may create and modify Lists, Members and Segments, as well as import or export Members. List Administrators do not have access to Mailings or Reports.
- Mailing Administrator: A Mailing Administrator has access to all areas of Mailings except for Templates. A Mailing Administrator can create new mailings, edit existing mailings, manage images in the Image Library, send test mailings, and schedule mailings for deployment. A Mailing Administrator does not have access to Members or Reports functionality.
- Content Administrator: A Content Administrator can create new mailings, edit existing mailings, and deploy test messages. He or she cannot schedule mailings for deployment or manage the Image Library. A Content Administrator does not have access to Members or Reports functionality.
- Template Administrator: A Template Administrator can create and modify templates and upload images to the Image Library. He or she cannot create, edit or deploy mailings. A Template Administrator does not have access to Members or Reports functionality.
- Image Administrator: An Image Administrator can manage the Image Library and can upload new images. He or she cannot create, edit or deploy mailings. An Image Administrator does not have access to Members or Reports functionality.
- Report User: A Report User can view any of the Reports module, but does not have access to any Members or Mailings functionality.
- API User: An API User can access the Fishbowl Enterprise API. Refer to the Getting Started section for more information on how to use this role.
Note: A single Administrator may have multiple roles within the system. For example, you may want to create an Administrator who has access to Members and Reports, but not Mailings. To do so, simply create an Administrator who is both a List Administrator and a Report User.
Once you have entered the appropriate information for your new Administrator, click the "Save" link to create the Administrator account. You may also click "Cancel" to return to the main setting screen without adding a new Administrator.
Note: Administrators are not automatically added as Members or subscribers of the Site. In other words, it is possible to be an Administrator for a Site without being a Member of that Site. This is important to keep in mind if you want to add your new Administrator to your Testers list. Each Tester must also be a Member of the Site with a complete Member profile (for more information see the Testers topic). Because of this, you may also want to add your new Administrator as a Member of the Site at this time by going to the Add New Member screen in the Members section.
Security Settings for each Administrator can be viewed by clicking the security icon next to their username on the Manage Administrators page. The Security Settings screen displays the date/time of the most recent successful login and failed login for each Administrator; this information can be used, for example, to determine whether an particular Administrator account has ever been used.
The Authorized IP addresses/networks section of the Security Settings screen provides the ability to "pre-authorize" Administrators for specific locations. For security reasons, each time an Administrator logs in to Enterprise Email from a new location, the system sends an "authorization" message to the email address specified on the Edit Administrator screen (see above). The Administrator must then click on a link in that email in order to confirm their identity.
If the email-based authorization process proves burdensome for Administrators in your organization, you can use the Security Settings screen to manually authorize them to log in from specific locations. A "location", in this context, refers to a single IP address, or an IP network consisting of multiple IP addresses.
If your intent is to simply to authorize an Administrator to log in from your current location, click on the "Add My Network" button.
If, on the other hand, you're attempting to authorize the Administrator for a different location than your current one (e.g., from a different office, or from a home computer), you'll need to type in the appropriate IP address or network, then click the "Add This Network" button. The following three syntaxes are supported:
- A single IP address consisting of four numbers between 0 and 255, separated by periods. For example: 172.16.100.112
- An IP network address in "CIDR notation", consisting of an IP address followed by a forward slash, followed by a number between 1 and 32 (in most cases, this number will be 24, which indicates that the network contains 256 IP addresses). The number following the slash determines how many IP addresses are in the network. For example: 172.16.100.0/24
- An IP address followed by a slash, followed by a "subnet mask". The most common subnet mask is 255.255.255.0, which indicates that the network contains 256 IP addresses. For example: 172.16.100.0/255.255.255.0
Most networked computers have a "private" IP address for communicating with other devices on the same network, as well as a "public" IP address for communicating with other devices on the Internet. Only "public" IP addresses can be added on the Security Settings screen. If you attempt to add a "private" IP address, or one that's "reserved" for special purposes, Enterprise Email will display an error message indicating that the specified address or network is invalid.