Document Actions
System Users
This section details personnel or users, hierarchy levels of users, creation and management of users, user states, etc. Personnel are the end users of Mifos system and exist at all office levels. Each personnel or user is assigned to a single office at a time, but can be transferred to another office. Note: The terms “personnel” and “users” and "system users" have been used interchangeably.
General Features
- Users need to be unique across the MFI. Uniqueness of the user is defined by the following personnel attributes:
- Government ID (if applicable), or
- Name and Date of Birth
- Mifos system supports two-level hierarchy for the users:
- Non-Loan Officers, for users belonging to offices at all levels
- Loan Officers, at BO level only
- In addition to the hierarchy levels, roles are created and assigned to the users. These roles are a group of permissions and define the activities the user is allowed to perform.
- Users can access the Mifos system as long as their status is Active. If status is Inactive, all access to the system is revoked.
System User Creation
At each office, users are created and managed by other system users with required permissions:
- Any user with the required permissions can create personnel for any office in his/her data scope.
- When a user is created, a User system ID is generated.
After creation, some of the attributes of a user can be modified. For details, see the table below:
Attributes for User Creation
| s no. | attribute name/th> | data type | range | default | mandatory for active state | editable after active state | can be modified by user from the my setting section | description/notes |
|---|---|---|---|---|---|---|---|---|
| 1. | First Name | Alphanumeric | N/A | None | Yes | Yes | Yes | For details, see Name. |
| 2. | Middle Name | Alphanumeric | None | None | No | Yes | Yes | |
| 3. | Second Last Name | Alphanumeric | None | None | No | Yes | Yes | |
| 4. | Last Name | Alphanumeric | None | None | Yes | Yes | Yes | |
| 5. | Office | Click and select | As per data scope of logged in user. | None | Yes | Yes | No | This is selected from a list of offices. The values in the list are dependent on the data scope as per office hierarchy. |
| 6. | User Title | Drop-down | Options defined by HO | None | No | Yes | No | This is the personnel's actual title in the office, like CFO, Accountant, and Sr. Loan Officer. |
| 7. | User Hierarchy | Drop-down | Loan Officer; Non-Loan Officer | None | Yes | Yes | No | User hierarchy and the office level define the data scope of the user. Refer Data Scope
Non-Loan Officers exist at all levels of office. However, LOs exist only at the BOs. Note: Clients can be assigned to LOs only. And, the clients and LOs should belong to the same branch. |
| 8. | Alphanumeric | N/A | None | No | Yes | Yes | ||
| 9. | Roles | Drop-down - Multi- select | All Defined Roles | None | No | Yes | No | One or more roles can be selected from a list of membership roles. For more details, see Roles. |
| 10. | Government ID # | Alphanumeric | N/A | None | As per configuration | No | No | Government ID can be configured as mandatory or optional. |
| 11. | DOB | Date | N/A | None | Yes | No | Yes | Age calculated as per the DOB is mentioned in the Preview and User Details page. |
| 12. | Gender | Drop- down | Male; Female | None | Yes | Yes | Yes | |
| 13. | Language Preferred | Drop- down | English; Spanish | MFI language | No | Yes | Yes | One language can be designated as preferred. If left blank, system assumes MFI language as the user preferred language. |
| 14. | Address 1 | Alphanumeric | N/A | None | Yes | Yes | Yes | |
| 15. | Address 2 | Alphanumeric | N/A | None | No | Yes | Yes | |
| 16. | Address 3 | Alphanumeric | N/A | None | No | Yes | Yes | |
| 17. | City | Alphanumeric | N/A | None | Yes | Yes | Yes | |
| 18. | State | Alphanumeric | N/A | None | Yes | Yes | Yes | |
| 19. | Country | Alphanumeric | N/A | None | Yes | Yes | Yes | |
| 20. | Postal Code | Alphanumeric | N/A | None | No | Yes | Yes | |
| 21. | Telephone | Alphanumeric | N/A | None | No | Yes | Yes | |
| 22. | Custom Fields (10) | Alphanumeric/Numeric/Date | N/A | None | Configurable | Yes | No | For details, see Custom Fields |
| 23. | Username | Alphanumeric | N/A | None | Yes | No | No | This is the ID with which this user accesses the system. System verifies and ensures that no two users have the same username. |
| 24. | Password | Alphanumeric | 6 to 20 characters | None | Yes | Yes | Yes | Used to authenticate the users when they attempt to access the system. The user can modify passwords. It is also possible for administrative users to reset passwords of users for over whom they have administrative authority.
A password generator is out of scope. Admin has to specify the new password while resetting password for a user. The user is required to change the password after the first login. For details, refer Passwords. The passwords can be edited from the User Details page. Users can change the passwords from their My Settings section. |
| 25. | Confirm Password | Alphanumeric | 6 to 20 characters | None | Yes | Yes | Yes | The passwords entered in Password and Confirm Password fields should match. |
| 26. | Date of Joining MFI | Date | N/A | Current date | No | No | No | |
| 27. | Date of leaving last office | Date | N/A | None | No | No | No | This is the system-generated date of leaving the last branch. This is recorded by the system when the user is transferred to another office. |
| 28. | Date of joining office | Date | N/A | None | N/A | N/A | No | System generated. This is the date when user record was created. |
| 29. | Status | Drop-down | Active; Inactive | None | N/A | N/A | N/A | There is no restriction on the number of times the status of users can be changed from Active to Inactive and vice versa.
When a Loan Officer is marked as Inactive, all the clients, groups, and centers should either be transferred to another Loan Officer or should be Closed/Cancelled. |
| 30. | Notes | Alphanumeric | N/A | None | No | Yes | No |
User States
- Users can be in an Active or Inactive status.
- The status of a user can be changed from Active to Inactive, and vice versa.
- LOs can be made Inactive only if there are no customers assigned to them.
- There is no restriction on the number of times the status of a user can be changed from Active to Inactive and vice versa.
System User Accounts
Access to the Mifos system is through user accounts. User accounts have a username and password assigned to them. This function ensures the security of operations in the Mifos system.
Personnel Account Creation
The administrator creates the accounts and passwords for users. After logging in for the first time, the user is required to change the password. Passwords should be a minimum of 6 to maximum 20 alphanumeric characters.
- A user can change the password after login. The user is prompted for the following before confirming the password change:
- Old Password
- New Password
- Confirm New Password
Security is ensured through the following functions:
- Password Encryption
All passwords are stored in the database in an encrypted format. If a user forgets the password, a request can be submitted to the administrator. Administrator can reset the password and communicate to the user through a communication method external to Mifos (for example, verbally). The user can change the password at the next login. - Number of unsuccessful login attempts:
If the user enters incorrect password five times consecutively, then the account is locked. The user then needs to contact the administrator to unlock the account, and get a new password. If the user is locked, the status remains Active, but the user cannot access the system. - Last Login Time Display
- Every time a user logs in, the login time is displayed. The last login time of the user is displayed on each login. Users can use this functionality to crosscheck their login sessions and activities.
- If a user is already logged in to another machine, the last login time still displays the latest login time of the user. Last login time is not dependent on whether the user has logged off or not.
- Session Time-Out
- If the user has logged in to the system, but is inactive for some time (specified by admin), the session times out. The user needs to login again. Any unsaved data gets lost when a session times out. The session timeout duration is configurable by the administrator at the web server level; however, the default is set to 30 minutes. Multiple sessions can run simultaneously on the same or different machines.
Data Scope of Personnel
Data scope denotes the data accessibility of users in an MFI. It refers to the data a user can view and also the data on which a user’s permissions apply (like, edit, and create). The data scope is defined and limited by two factors: the user’s personnel hierarchy and the office hierarchy.
- Limiting the scope by personnel hierarchy: There are two levels of personnel hierarchy in any MFI, “Loan Officer” and “Non-Loan Officer”.
- If a user belongs to “Loan Officer” hierarchy, the user’s data scope is limited to his/her own clients only. For example, if the user has “modify client data” permissions, he/she is able to edit only his/her clients and not the clients assigned to other Loan Officers.
- If the user belongs to “Non-Loan Officer” hierarchy, the data scope is limited to the user’s office and other child offices. That is, a Non-Loan Officer with required permissions at an AO is able to view and edit other Loan Officers’ client records belonging to the same office or the respective child offices.
- Limiting the scope by office hierarchy: The data scope of any user is limited to his/her office and the respective child offices only. For example, if a Non-Loan Officer at HO has “Modify” permission, the user has access to all the client records in all the BOs under the HO. However, a Non-Loan Officer with “Modify” permission at a BO has access to client records in that office only, and not to any higher-level offices.