More generally, however, there will be instances where one user or a group of users cannot log in successfully but everyone else can.
In these situations, your People administrators can investigate this themselves first.
This includes identifying the exact reason for login failure using the audit log and resolving this with the user directly.
For some specific scenarios, our support team's assistance will be required instead, your People administrators can recognise this and be able to provide this detail for efficient support.
The investigative process to follow:
1. What error is the login page giving the affected user?
2. What does the audit log specify about the failed login?
3. Can a People administrator resolve this or does it need the Claromentis Support staff to assist?
1. What error is the login page giving the affected user?
When the Intranet does not allow a user to log in it will always provide an error message on the screen, giving a brief description of why this is.
Most commonly, this is about incorrect credentials being entered:


Or that their account is blocked:

When a user reports not being able to log in, ask them for a screenshot of the error they are being shown to understand how to move forward.
Other types of errors that could be given:
- SSO user login failed
- User already exists but as a local account
 
2. What does the audit log specify about the failed login?
Application administrators of the Audit Log application can access Admin > Audit Log > View Logs to search for the user's failed login attempts.
Choose the appropriate date & time, then 'system' and 'logins' as below, and click 'View' to see the recorded information.

Either search in the system for the user attempt or download the log to your computer using the "Get CSV file' button.
(This leads to faster searching offline as you can search for the user name directly)

Once located, the system will confirm the failed login reason and in some cases offer more information about this.
For incorrect credentials, it will look like this:

If a user has failed all their attempts and is now frozen the audit will reflect this:

Please note: The number of login attempts users have is determined by the Password Policy set up on your site, which People administrators can change if required.
e.g. After 3 incorrect login attempts a user is temporarily blocked (frozen) for 3 minutes before their attempts reset and they can try to log in again.
So, if you see the above in the audit and enough time has passed the user is no longer blocked and can attempt to log in again.
Blocked account:

Other errors will also be listed in the audit and provide more information about why the user cannot log in, take a screenshot of the log or save it to your computer to refer to later.
 
3. Can a People administrator resolve this or does it need the Claromentis Support staff to assist?
If a user has entered incorrect credentials, is frozen, was frozen or has a blocked account, this can be rectified by your People administrators.
Remember application administrators can be checked as below:

 
Incorrect credentials
- If LDAP or SSO user password is NOT set in Claromentis, your IT team will need to assist the user in resetting this
- If local accounts reach out to the user to tell them they are entering incorrect credentials - do they know their username/password?
- The user can reset their password using the 'forgot password?' facility on the login page
- A People administrator can advise of the user's username if they are unsure what this is
- A People administrator can reset the password on their behalf from Admin > People and email these credentials to the user
Frozen User
- Lockout only lasts as long as the timeframe set (generally a few minutes) after which attempts will reset and the user can try again.
- People administrators can reset user attempts early (if still in the timeframe required for attempts to reset) in Admin > People
- If the timeframe has already passed user can attempt to log in again, but it's likely they don't know their username/password and will still need to be contacted by a People administrator
 
Blocked User
- People administrators should know why an account is blocked if it is in this state e.g. via CSV import, LDAP sync or manual changes carried out by People administrators
- A sysadmin can check the user license totals on your site to ensure there is space to unblock users
- A People administrator can find blocked users in Admin > People using advanced search and make their account active (as long as user licenses are free)
- Once unblocked the user will be able to log in
Other instances that can prevent login will be specified in the audit and can be related to SSO or LDAP if you have a user sync.
In these instances take the screenshot of the error the user has received at login (obtained in section 1 above) as well as the specified error against their login in the audit log (obtained in section 2) and attach these to a support ticket for our teams to assist with further.
 
									