question

Dean Eckstrom avatar image
Dean Eckstrom asked Dean Eckstrom answered

Disable users from changing email in SSO

We want to be able to allow users access to "User Hours". Unfortunately Role permission to change it is grouped under "User Info" permission which contains other fields we can not allow users to change.

We disables "User Info" to prevent users from changing their account email address in our SSO environment. If they do that, they are unable to sign-in via campus SSO and they loose access to their RC account.

Some items underneath User Info->Settings and Permissions are appropriate and very useful to end users. For instance "User Hours".

Is there another way, or future plans, to allow users access "User Hours" without also allowing them to change the account email?

admin portalpermissions
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

jenn-community-moderator avatar image
jenn-community-moderator answered jenn-community-moderator commented

Hello @Dean Eckstrom! Yes, you can do that! By doing custom roles for your employees. Click HERE for more info. Thank you!

2 comments
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Dean Eckstrom avatar image Dean Eckstrom commented ·

I believe you can not do that. eMail and User Hours are part of the same permission 'User Info'.

One can not separate the two I believe. You can not disable email without disabling User Hours

see: https://support.ringcentral.com/article/Permissions-List-and-Details.html

0 Likes 0 ·
jenn-community-moderator avatar image jenn-community-moderator ♦ Dean Eckstrom commented ·

You can create a custom role and uncheck the "User Details" and save it. Then assign all of your employees to that custom role you created. Thank you!

0 Likes 0 ·
Dean Eckstrom avatar image
Dean Eckstrom answered

Jenn;

The 'User Info' permission applies Equally to these attributes of concern:

email address. - we want to disallow updates
password/pin - we want to allow updates
user hours - we want to allow updates

how does one Allow password and User hours, but Disallow updates to eMail? They are all part of 'User Info' role permission. The permission assignment needs more 'granularity'.

This is extremely critical in an SSO environment where login is based on email address. If a user changed email, they break their account access based on our testing. It also causes IT administrative headaches to correct API problems that result.

A general security philosophy is "Do not give users access to things that break things". Our user community has already, and will continuously, change this field if the App lets them.

For this reason we had to shut off User Info. However there are critical user features such as 'User Hours' and 'PIN Reset' (including via *86) that are also disabled by this permission setting.


1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Dean Eckstrom avatar image
Dean Eckstrom answered

Do not feel compelled to answer quickly. Examine the issues more carefully.

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Work together.
From anywhere.

Team messaging, video meetings
and phone - all in one app.


Get the new RingCentral app