In order to access the OneTrust platform, every user will need their own user profile. You can add users to the account directly from Global Settings. Users can be assigned multiple roles within multiple organizations, which can provide flexibility to accommodate each user's specific permissions needed to perform their respective job duties. Users can also be assigned to user groups through which they will inherit the roles associated with that user group in addition to their existing roles and permissions.
Note
For additional information, click here to reference frequently asked questions (FAQ) about user management.
To add a user
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the Add User button. The Add User Details section appears.
Complete the required fields and enter additional details, as needed. For more information, see Add User Screen Reference.
Click the Next button. The Assign Roles to User section appears. For more information, see Add User Screen Reference.
Click the Add Role button. The Add Role modal appears.
In the Role field, select a role to assign to the user.
In the Organization field, select the organizational group in which the user will have the defined role.
Click the Add button. The selected role appears in the Assign Roles to User section.
Note
You can assign multiple roles within multiple organizations to a user by repeating steps 5 - 8 or by clicking the Save and Add New button on the Add Role modal.
Click the Create button.
Note
The new user will be sent a Welcome email with a link to access the platform. Clicking the link will take the user to the OneTrust Login screen and the user will be prompted to create a password before accessing the platform.
If needed, you can resend the Welcome email by clicking the Context Menu icon corresponding to the given user on the Users list screen and selecting Resend Invite. Then click the Send button on the Resend Invite modal to resend the email. However, the Resend Invite option is only available if the user has never logged in to the OneTrust platform.
To disable sending the Welcome email to new users that will use basic authentication to log in to the platform (i.e. users with non-SSO email domains), disable the Welcome Email template on the Templates tab on the Email screen.
To disable sending the Welcome email to new users that will use Single Sign-On (SSO) to log in to the platform, disable the Welcome Email (Directory User) template.
For more information on disabling email templates, see the To disable an email template procedure in Emails: Branding & Templates.
Add User Screen Reference
Section
Field
Description
User Details
First Name
Enter the user's first name.
Last Name
Enter the user's last name.
Email Address
Enter the email address for the user. The email address must be unique and will be used to access the platform.
Note
The OneTrust platform only supports email addresses that contain less than 100 characters.
External User
Select the check box if this is an external user. Leave the check box blank if this is an internal user.
Enter Expiration Date
Enter the date on which an external user's access to the platform should automatically expire.
Note
This field is available when the External User check box is selected. This optional feature can be used when you need to add external users for a short period of time; for example, just the amount of time necessary for a vendor to complete an assessment.
Additional Attributes (Optional)
Business Unit
Enter the user's business unit.
Department
Enter the department with which the user is associated.
Division
Enter the division with which the user is associated.
Employee ID
Enter the user's employee ID.
Job Title
Enter the user's job title.
Manager
Select the user's manager from the list of users within the platform.
Manager (Legacy)
Enter the name of the user's manager.
Note
The Manager (Legacy) field will be deprecated in the future. OneTrust recommends using the new Manager field to populate this attribute for new and existing users.
Office Location
Enter the location of the user's office.
Assign Roles to User
Role
Select a role to assign to the user. You can select from the default roles provided in the platform or select a custom role. You can also assign multiple roles to the user.
Select the organizational group in which the user will have the defined role.
For more information about organizational groups and hierarchy, see Managing Organizations.
User Information tab
On the User Information tab on the Users screen, you can modify an existing user's details and any additional attributes configured when the user was created.
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user you want to edit. The User Information tab on the Users screen appears.
Hover over a field you want to modify, and click the Edit icon that appears. Editable fields become available.
Edit the fields, as necessary.
Click the Save button.
Editing a User's Email Address
Global Settings Configuration
Site Admins can configure whether a user is required to confirm changes to their email address using the Require Users to Confirm Email Address Change setting on the User Settings screen in Global Settings.
Based on the selected configuration, the following scenarios will apply:
Global Settings Configuration
Description
Require Users to Confirm Email Address Change setting is enabled in Global Settings
If a change is made to a user's email address, an email message will be sent to the new email address with a link to confirm the change. Another email message will be sent to the old email address to inform the user of the change request.
Note
The email address will be updated in the platform only after the change request is confirmed using the received link.
Require Users to Confirm Email Address Change setting is disabled in Global Settings
Changes made to a user's email address will be automatically updated and will take effect immediately. Users will not be required to confirm the change once submitted.
Things to Know
If SSO is enabled, Site Admins will need to ensure that the new email address is updated in the IdP for the change to take immediate effect. It is important to update the email address correctly in both the IdP and the platform to avoid user lockout and/or unwarranted access.
A user's email address cannot be updated in the following scenarios:
The user being edited is an External user.
The user being edited is an Invited user.
The user who is attempting to update the user's information is an External Site Admin. OneTrust Consultants are generally External users and cannot perform this action within your account.
The user who is attempting to update the user's information is not assigned to the root organization.
The user is attempting to update their existing email address on a domain verified for SSO to an email address that is not on a domain verified for SSO.
If the user's existing email address is on a domain verified for SSO, their new email address must also be on a domain verified by SSO. If this is not the case, the Site Admin can either add and verify the new domain for SSO or remove the existing domain from SSO when updating a user's email address.
If the user is experiencing issues with updating their email address, cancel any open email update requests for that user by navigating to the Users > User Information tab for that user and clicking the Cancel Change button. Then access the User Settings screen and disable the Require Users to Confirm Email Address Change setting. Navigate back to the User Information tab for that user in the platform and try updating the user's email address once more.
Users that belong to multiple OneTrust accounts in the same environment (multi-tenant users) can update their email address in a single account and have the change apply to all OneTrust accounts associated with that user. The update process will vary based on the user status:
For non-SSO users or users that have never logged in to the OneTrust platform: Email updates will apply immediately across all accounts.
For all other users: Email updates require verification through a confirmation link sent to the new email address that will require the user to authenticate with their existing credentials.
Note
Email updates for multi-tenant users will need to be confirmed regardless of whether the Require Users to Confirm Email Address Change setting is enabled or disabled.
To edit a user's email address
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user you want to edit. The User Information tab on the Users screen appears.
Hover over the Email Address field, and click the Edit icon that appears. Editable fields become available.
In the Email Address field, update the user's current email address to the new email address.
Note
The OneTrust platform only supports email addresses that contain less than 100 characters.
Click the Save button.
Roles tab
On the Roles tab on the Users screen, you can assign, edit, and remove roles from the user. Roles assigned to the user individually as well as roles inherited by the user through an assigned user group appear on the Roles tab. In addition, when the user logs in, they will then be able to see their access granted by their assigned roles.
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user to which you want to assign a role. The User Information tab on the Users screen appears.
Navigate to the Roles tab. The roles assigned to the user appear.
Click the Add Role button. The Add Role modal appears.
Field
Description
Role
Select a role to assign to the user.
Note
Only existing Site Admins can assign the Site Admin role to another user.
Organization
Select the organizational group in which the user will have the defined role.
Complete the fields, as necessary.
Click the Add button.
To edit an assigned role
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user for which you want to edit a role. The User Information tab on the Users screen appears.
Navigate to the Roles tab. The roles assigned to the user appear.
Hover over the role that you want to edit, and click the Context Menu icon that appears.
On the Context menu, select Edit. The Edit modal appears.
Modify the fields, as necessary.
Click the Save button.
To remove roles from a user
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user from which you want to remove a role. The User Information tab on the Users screen appears.
Navigate to the Roles tab. The roles assigned to the user appear.
Select the check boxes corresponding to the role(s) you want to remove from the user. Multiple check boxes can be selected.
Click the Remove button. The Remove Role modal appears.
Note
At least one role must remain assigned to a user.
Note
If the role you are removing is tied to an assigned user group, the modal below will appear stating that the user will be removed from the respective user group. All inherited roles and permissions granted by the user group will be removed from the user. You can identify which roles were inherited from a user group using the User Group column on the Roles tab.
Click the Confirm button.
User Groups tab
On the User Groups tab on the Users screen, you can assign the user to user groups. When a user is added to a user group that has additional roles that the user may not currently have, the user will inherit the roles associated with that user group in addition to their existing roles and permissions. When the user logs in, they will then be able to see their additional access granted by those new roles.
The following responses are supported solutions to frequently asked questions (FAQ) about user management. The OneTrust team continuously monitors these inquiries and will make additional FAQ available as they are identified.
1.
Why am I receiving the following error message: "Unable to add user as an email update is In progress."
This error message appears if an update to a user's email address is actively in progress and an attempt to create a new user with that same email address is made. You can locate the user record that is actively being updated on the Users screen > All Users list by either searching for the user's old email address or by searching for the user's first or last name.
The error can be resolved using one of the following methods:
The user can confirm the change via the link in the email message sent to the new email address.
If the user is unable to confirm the change, you can cancel the change, disable the Require Users to Confirm Email Address Change setting in Global Settings, and update the user's email address again. With this setting disabled, changes made to a user's email address will be automatically updated and will take effect immediately. Users will not be required to confirm the change once submitted.
