Skip to main content
System StatusContact Support Agility Community

User Security


Details about user access security and instructions on how to create and manage user accounts.

Application security uses log-in accounts with individual user names and passwords. Each user's account is associated with a global role that determines what actions that user can take within the system and a Team-level role that determines what actions that user can perform within a Team. For more information about Teams and Roles, see Access Control: Roles, Teams and Assignment Groups.

Administrators can configure password expiration intervals, password complexity requirements, and parameters for lock-outs after multiple failed log-in attempts.

LDAP/Active Directory integration is available in the Enterprise license.

Creating Users

To create new user accounts:

  1. Click the Administration icon ( ctm02.png ) at the top right and select People > Users from the menu.

2. Click Add New. The Create a New User dialog box appears.

  • Login ID (required) - the unique login ID for this User. The login ID can be up to 128 characters long.

  • Full Name (required) - the full name of the User. The name can be up to 256 characters long.

  • Email Address (required) - the email address of the User.

  • Status - The status of the user account: Enabled (default), Disabled and Locked. If set to 'Disabled' or 'Locked', the user will not be able to log in.

  • User Role - Three User Roles exist in the system.

    • Administrator - A User with the Administrator role has full access to every feature in the system. An Administrator is the only Role that can manage other User accounts.

    • Developer - A Developer can manage Tasks and Assets, but cannot change systems settings or security.

    • User - The User role has very limited access in the admin UI, and is primarily intended for higher level access to Continuum UIs and other end-user applications. Users cannot make changes to any Task code.

These roles are being deprecated in favor of the new RBAC model rolled out in Continuum 18.2. These roles are still functional but will be deprecated in a future release. For more information, see Roles

  • See Access Control: Roles, Teams and Assignment Groups to know about Is System Administrator, Is Shared Asset Manager, and Teams.

  • Authentication Type - Two user authentication types exist in the system.

    • local - a local system user account. All account information is stored in the application database.

    • LDAP - an account in an LDAP directory service or Microsoft Active Directory.

  • Password (required) - Select the 'Generate Random Password' check box to have a random password sent to the email address entered for the user, or clear the check box to manually enter a password.

    • Force Password Change - Select this box to force the User to change their password on the next login.

SSO would be the default authentication type if you have SSO enabled for Continuum. In addition, the Password field is not shown by default if SSO is enabled for Continuum.

Authentication Type on sites with SSO enabled

  • Expires On: Select a date when you want the user account to expire. 

Complete the required fields and click Save. The new user account is created. 

Modifying Users

To edit a new user, click a row in the list, or select multiple Users and click the Modify button at the top of the Users page. A popup dialog will appear with the same information as the 'Create User' dialog, with a few extra features:

  • Failed Login Attempts - If a user account has become 'locked' due to excessive failed passwords, the counter can be reset here.

Clicking the Save button after any change to the account will also reset the Failed Login Attempts counter.

  • Password Reset - An Administrator can manually reset a password on this dialog, or can elect to have a new password emailed to the User. 

These extra features are not available on sites with SSO enabled.

If you are editing a selection of multiple Users, clicking Save will move forward to the next User.

Additional Properties

Assignment Groups (Tags)

See Assignment Groups.


All Users can access basic features of the REST API and command line tools. Both require user credentials to be provided. For ease of use, a User Token can be assigned and used when accessing the API. The duration the token remains valid, and the ability to use token authentication at all, are system configurable settings.


Contributors in Continuum are related to user accounts that commit source code in one of the supported source code repositories. Creating a user account in Continuum is not required for Continuum to process the changes, however sometimes a user may have more than one account in the SCM, or more than one SCM may be submitting changes to Continuum for tracking purposes.

So that a person with multiple accounts in one or more SCMs does not overcount as more than one contributor in Continuum, the SCM account names can be identified on the Contributors tab on the User Edit page. Even if the person does not have an account within Continuum or even need to login to Continuum, a user account can be created to match up with their SCM accounts.

To make this association, first, create the user account within Continuum using the steps above. Then go to the Contributor tab and add their SCM ids separated by commas. Make sure to save the changes.

The user account ids are case sensitive. If in doubt, check the Contributors report under perspectives.

Disabling an Account

By changing the Status of a user to 'Disabled', the user is prevented from accessing the system.

Current User Status

To view a list of users currently logged into the system select Status > Current Users from the top menu.

View Login History

To view the login history of one or more users, select Status > Current Users from the top menu. Then click View Login History.

To view a specific User's login history, enter the user's name in the search box, and select Search.

By default the log listing shows the last 30 days. To change the selection click on the Begin Date text field and select a new begin date.