UBU Finance Frontend Application Documentation — User Management V2.0

Introduction

This documentation provides a comprehensive overview of the enhanced User Management features in the UBU Finance Frontend application V2.0. The application implements a sophisticated role-based access control (RBAC) system with advanced security features including:

• Single Session Authentication: Users can only be logged in from one location at a time
• Account Lockout Protection: Automatic lockout after 5 failed login attempts
• Enhanced User Status Management: Separate login lock and active/inactive status controls
• Default Password System: Configurable default passwords for new users
• Comprehensive User Information: Enhanced user profiles with detailed metadata
• Unit Code Integration: Branch-based organizational unit codes

This enhanced structure ensures maximum security while providing administrators with granular control over user access and system security.

Enhanced Authentication Flow

Single Session Authentication

Aspect	Description
Functionality	Users can only be logged in from one device at a time for a single account
Security	Prevents unauthorized access from multiple locations
Resolution	Contact administrator with reset password permission
Process	All access tokens are invalidated on password reset

Process Flow:

1. User attempts to login from new location while already logged in elsewhere
2. System blocks login attempt
3. User must contact administrator with reset password permission
4. Administrator resets password, invalidating all existing tokens
5. User can login with new password

Enhanced Login Process

Step	Description
1. Access Portal	Navigate to system login page
2. Enter Credentials	Input user code and password
3. Session Check	System validates no existing active session
4. OTP Verification	Enter one-time password sent to registered email
5. First Login Setup	Change password on first login for security
6. Access Dashboard	Gain access to system features

Account Lockout Protection

Aspect	Description
Trigger	5 consecutive failed login attempts
Lock Type	Login lock (separate from active/inactive status)
Resolution	Administrator with "Unlock User" permission
Security	Prevents brute force attacks

Lockout Process:

1. User enters incorrect password 5 times
2. Account is automatically locked for login
3. User cannot login even with correct credentials
4. Administrator must unlock account using unlock feature
5. User can then login with correct credentials

Enhanced User Creation and Management

Default Password System

Aspect	Description
Configuration	Set via "default_password" setting in System Settings
Option	Choose whether new user uses default password
Display	User code shown on successful creation
Access	User can login with default password initially

Default Password Process:

1. Administrator creates new user
2. Selects "Use Default Password" option
3. System uses configured default password
4. User code is displayed on successful creation
5. User can login with default password and user code

Enhanced User Information Display

When viewing user information, the system now displays comprehensive details including:

Field Category	Information Displayed
Basic Info	User code, username, email, full name
Personal	User gender, phone number
Organizational	Unit code, unit name, role
Status	Active/inactive status, login lock status
Audit	Created by (name and user code)
Security	Two-factor authentication status

User Status Management

Dual Status System

The system now implements two separate status controls:

1. Active/Inactive Status

Aspect	Description
Control	Administrator controlled
Purpose	Business/administrative status management
Requirement	Reason required for deactivation
Permission	"Update User Status" permission required

2. Login Lock Status

Aspect	Description
Control	System controlled (automatic)
Purpose	Security protection against failed attempts
Trigger	5 consecutive failed login attempts
Resolution	Administrator with "Unlock User" permission

Inactivation Reason Requirement

Aspect	Description
Requirement	Mandatory reason when deactivating user
Validation	Minimum 3 characters required
Storage	Reason stored with user record

Inactivation Process:

1. Administrator clicks status toggle to deactivate
2. System prompts for deactivation reason
3. Administrator must provide valid reason (min 3 characters)
4. User is deactivated with reason recorded
5. Reason is visible in user details

Enhanced User Management Features

View Users List Feature

Aspect	Description
Permission	View Users
Functionality	View enhanced users list with new status indicators
Access	User Management Sidebar button
New Features	Separate login lock and active/inactive status columns

Create New User Feature

Aspect	Description
Permission	Create Users
Functionality	Add new users with default password option
Access	User Management sidebar button, then create user tab
New Features	Default password selection, user code display

Enhanced User Details Feature

Aspect	Description
Permission	View User Profile
Functionality	View comprehensive user information
Access	View button on user row in users list
New Fields	Gender, unit code, created by info

Manage User Status Feature

Aspect	Description
Permission	Update User Status
Functionality	Activate/deactivate with reason
Access	Status toggle on user row
New Features	Reason requirement for deactivation

Unlock User Feature

Aspect	Description
Permission	Unlock User
Functionality	Unlock user account after lockout
Access	Unlock button on user row
New Features	Resolves login lock status

Two-Factor Authentication Management Feature

Aspect	Description
Permission	Update Two-Factor Authentication
Functionality	Enable/disable 2FA for users
Access	2FA toggle on user row

Password Reset Feature

Aspect	Description
Permission	Reset Password
Functionality	Reset user password and invalidate all tokens
Access	Reset Password button on user row
New Features	Invalidates all existing sessions

Enhanced Organization Units

Unit Code Integration

Aspect	Description
Functionality	Unit codes serve as branch codes
Creation	Added during organizational unit creation
Purpose	Branch identification and organization
Display	Visible in user information and unit details

Unit Code Features:

• Unique identifier for each organizational unit
• Used as branch code for organizational purposes
• Displayed in user information
• Helps in branch-based access control

System Settings Integration

Default Password Configuration

Aspect	Description
Setting	"default_password" in System Settings
Access	System Settings management interface
Functionality	Configures default password for new users
Security	Can be updated by authorized administrators

Security Enhancements

Session Management

Aspect	Description
Single Session	Users can only be logged in from one location
Token Invalidation	All tokens invalidated on password reset
Security	Prevents unauthorized concurrent access

Account Protection

Aspect	Description
Lockout	Automatic lockout after 5 failed attempts
Separation	Login lock separate from active/inactive status
Resolution	Administrative unlock required

Audit and Compliance

Aspect	Description
Status Changes	All status changes logged with reasons
User Creation	Creation details including creator information
Access Logs	Comprehensive logging of all user activities

User Interface Enhancements

Enhanced User Table

The user management table now includes:

Column	Description
User Code	5-character user identifier
Role	User's assigned role
Unit	Organizational unit and unit code
Status	Active/inactive status toggle
2FA	Two-factor authentication status
Login Lock	Login lock status indicator
Created	Creation date
Actions	View, Edit, Reset Password, Unlock buttons

Status Indicators

Status Type	Visual Indicator
Active	Green toggle (enabled)
Inactive	Gray toggle (disabled)
Login Locked	Red "Locked" badge
Login Unlocked	Green "Unlocked" badge

Summary of New Features

Feature Category	Description	Access Method
Single Session Auth	One login per account at a time	Automatic
Account Lockout	5 failed attempts = automatic lockout	Automatic
Default Password System	Configurable default passwords for new users	User Creation
Enhanced User Info	Gender, unit code, creator details	User Details
Inactivation Reasons	Mandatory reasons for user deactivation	Status Toggle
Unit Code Integration	Branch codes for organizational units	Unit Creation
Unlock User Feature	Administrative unlock for locked accounts	User Actions
Enhanced Status Management	Separate login lock and active/inactive status	User Table

See Also

• User Management V1.0 - Original user management features
• System Settings - System configuration management
• Organization Units - Organizational structure management