Creating & Managing Users


This article explains how to manage user accounts in a vault. Note that user accounts exist at the domain level, so in multi-vault domains, user details are shared across vaults.

Accessing User Management

To access the user administration area, navigate to Admin > Users & Groups > Users.

The Admin: Users permissions control access to user management options. Domain admins have additional options when managing users.

Understanding Vault User Name & Email Address

Each Vault user has a unique user name for logging in. In Vault, all user names include the domain name your company uses for its vaults. The user name format is username@domainname, for example, bruce.ashton@veevapharm.com. Although the user name has the same format as an email address, Vault does not send email notifications to the user name. Vault only sends email notifications to the address in the Email field. 

Creating & Editing User Accounts


How to Create New User Accounts

  1. From the Users page, select New User from the Add drop-down list. To create a cross-domain user, select Cross-Domain Userfrom the drop-down list. 
  2. Fill in the basic user information: User Name, Email, License Type, and Security Profile. If your domain includes multiple vaults, Vault checks to see if the user name exists in another vault and allows you to auto-fill the remaining fields based on the existing user information. 
  3. If your vault uses multiple applications, select the checkbox for an application to grant the user access. Choose an Application License Type for each selected application.
  4. Set the Generate temporary password and notify user checkbox to send an automated email to the new user with a temporary password.
  5. Fill in the user’s contact information: Name, Company, Title, etc. Asterisks indicate required fields.
  6. Select a Timezone for the user. Vault stores time and date information in UTC (Coordinated Universal Time), but displays that information to users in their time zones.
  7. Select a Locale  and Language for the new user. These options control localization options for the user (number and date formats and label language, respectively).
  8. Select a Security Policy.
  9. Optional: Select checkboxes under Notification Emails from Veeva to sign the user up to receive Vault emails. If your users can edit their own profiles, they can opt in or out of these notifications at any time.
  10. Optional: Enter a Federated ID to associate the user with an external user ID  for single-sign-on or other system integration purposes.
  11. Optional: Enter a Salesforce Username to associate the user with a salesforce.com or Veeva CRM user account for delegated authentication. This option will only be available if the selected security policy allows login via salesforce.com.  If you leave Salesforce Username blank, Vault will assume that the Vault user name and Salesforce user name are the same. 
  12. Click Save. New users are active immediately. Vault requires them to update their password the first time they log in.

How to Edit User Accounts

To edit a user account:

  1. From the Users page, click on a user row to open the user detail page.
  2. Click Edit and modify the information as needed.
  3. Click Save when finished.

Note that unless you have the standard Vault Owner security profile, you cannot edit the user details of another user with this profile.

How to Import Users from Other Vaults

If your domain includes multiple vaults, you can import users that already belong to another vault on the domain. To import users:

  1. From the Users page, choose Add Users to this Vault from the Actions menu.
  2. The Add Users to this Vault dialog opens, showing all users that exist on the domain and are not part of the current vault. Click the + icon for each user you’d like to add to the vault.
  3. Click Next.
  4. Select a License Type and Security Profile. Vault assigns the same license type and security profile to all users selected for import.
  5. Click OK.

Managing User Accounts


How to Reset User Passwords

To reset a single user password:

  1. From the Users page, click on a user row to open the user detail page.
  2. Click Reset Password.
  3. Vault sets a temporary password and sends an email notification to the user.

To reset all user passwords:

  1. Navigate to Admin > Settings > Security Policies.
  2. Click Reset All Passwords.
  3. Click Continue in the confirmation dialog.

How to Edit Users’ Group Membership

To see the groups to which a specific user belongs or to change a user’s group membership:

  1. From the Users page, click on a user row to open the user detail page.
  2. Click on the Groups tab. This tab lists the groups in which the user is a member.
  3. Click Edit Membership. In the dialog, click the + icon for a group to make the user a member or the - icon to remove the user. Click Done to close the dialog and save your changes.

How to Make User Accounts Inactive

For audit and compliance reasons, Vault users cannot be deleted. Deactivating users prevents them from accessing Vault, but does not remove the user account from the system. To make a user inactive:

  1. From the Users page, click on a user row to open the user detail page.
  2. Click Change Status
  3. In the confirmation dialog, click OK. Vault does not notify users when their accounts become inactive. Note that if you deactivate a user on a multi-vault domain, the user only becomes inactive in the current vault.

How to Delegate Users’ Account Access

You can use the Delegated Access feature to grant a user access to another user’s account. For example, if Thomas leaves work without first delegating his account access, you could delegate Thomas’ account access to another user, Gladys. 

Note that on multi-vault domains, you must have the permission Users > Delegate Admin in each vault to which the user has access.

To delegate a user’s account access to another user:

  1. From the Users page, click into the user’s account profile. For example, open Thomas’ profile to give Gladys access to his account.
  2. Navigate to the Delegate Access tab.
  3. Click on the blue create user icon to delegate a user.
  4. In the Delegates field, select the user(s) to which you will grant access. See delegate requirements details below
  5. Select a Start Date.
  6. In End Date, select an end date or select Never. If you select an end date, Vault automatically revokes access on that date. With either option, you can return to the user’s account profile and manually revoke access.
  7. Click Grant Access.

Delegate Requirements

  • Each user account can be delegated to up to 25 users. 
  • A single user cannot have delegated access in more than 10 user accounts on a single vault at a time. 
  • Users without the Allow As A Delegate permission cannot be selected as delegates. 

How to Revoke Access

To revoke access, return to the user’s account profile and click Revoke Access from the delegate’s action menu. You can click Edit from the delegate’s actions menu to modify the delegate user, start date, or end date. 

Managing Delegates

Admins can view, edit, and create new delegates from Admin > Users & Groups > Active Delegations. Click on the action icon to Edit or Revoke Access to a specific delegation, and use the blue create user button to add a new delegate to this vault. Clicking a user’s name will bring you to their detail page.

Remember that because delegation is vault-specific, only delegations in the current vault are accessible.

Enabling Delegated Access

To enable delegation, turn on Enable Vault Level Delegate Access in Admin > Settings > General Settings. Turning on this setting automatically turns on Allow non-Admin users to delegate access to their own accounts, which allows users the ability to delegate their account through their user profile. If an organization needs to prevent users from delegating their own accounts, an Admin can turn off the setting. Remember that these settings are vault-specific, so Admins must turn them on or off for each specific vault.

Viewing User Accounts


How to Customize the User Grid

On the Users page, an Actions menu appears in the grid and offers options for editing how data appears:

  • Edit Columns allows you to make the most frequently referenced fields on user accounts visible without opening the user detail page and also controls which fields are included when you export the user list.
  • Truncate Cell Text/Wrap Cell Text options let you toggle between truncating (showing only the first part of the value) and wrapping (showing any characters that don’t fit on a second line) text that is too big to fit in its column.

When you use these options to customize how your data displays, the changes do not affect other users. Vault remembers your last selections and reapplies them when you return to the page.

How to Export the User List

From the Users page, select Export to CSV or Export to Text from the Actions menu. This action exports the user list that you are currently viewing, ignoring pagination. For example, if you are viewing only active users in the current vault, the export will not include inactive users or users from another vault. However, the export will include all “pages” of users, even if your current view limits you to 25 per page. The exported file only includes the visible columns, so you may want to edit the visible columns before exporting.

Note that CSV is only available if your vault does not use localization settings, and Text is only available if it does.

Assigning Security Profiles

When you assign security profiles to users, Vault checks to see if you have all of the permissions included in the security profile you’re assigning. Vault does not allow you to assign a profile that includes permissions which you do not have.

When you search for users, Vault executes a “begins with” search on the users’ first and last names. A search for “thom,” Vault would find “Thomas Chung” and “Ella Thomason,” but a search for “hom” would not find either of these users.

Security Overrides

From the user details page, you can open the Security Overrides tab. This tab displays any field-level security overrides applied to the user or groups to which the user belongs.