![only-white-logo[1]](https://wiki.xontel.com/wp-content/uploads/elementor/thumbs/only-white-logo1-r4xw50nggqekqtw76u0qr9ifzorofm2nm4i8qg31j0.webp "only-white-logo[1]"){kind=logo}
User List
The User List tab displays all registered users in system and from actions can edit, deactivate or delete users.
The Deactivate User popup lets you temporarily disable user accounts for a specific time range.
User activation log
The User Activation Log provides a clear history of when each user account was deactivated and reactivated. This is especially useful for auditing user access and tracking system usage over time.
Add User
Personal info
User Name: A unique login ID for the new user.
Password: Must meet the following security requirements:
Confirm Password: Re-enter the password to ensure it matches.
First Name / Last Name (optional)
Email: Used for notifications or password recovery.
Mobile: Useful for SMS notifications or contact.
Company: To associate the user with an organization.
Avatar
The Avatar tab allows you to personalize a user’s profile with an image or icon.
Click the “Choose File” button to select an image from your computer.
Permissions
Receive Email: Enable to allow the user to receive system emails.
Receive SMS: Enable to receive SMS alerts (e.g., for ticket updates or reminders).
Use OTP: Enforces One-Time Password (OTP) authentication for secure login.
Active: Determines if the account is currently enabled. If off, the user cannot log in.
Superuser Status: Grants full administrative access to the system.
Is Supervisor: Marks the user as a supervisor.
Groups: Assign the user to predefined Groups for role-based access.
User Permissions: Select specific permissions.
Agent
Is Agent: Toggle to identify the user as an agent. Enables additional telephony fields and queue assignment options.
Force Change Password: When enabled, the user must change their password upon next login.
Tickets Permissions: Dropdown to assign ticket-level permissions if ticketing system is enabled.
Queues: Assign the agent to one or more queues for handling incoming calls.
Extension: Manually enter the PBX extension number that corresponds to this user.
Phone Topology: Select External phone or Web phone, depending on the system design.
Extension User Name: Enter WebRTC username registered on the PBX.
Extension Password: Enter the password for registering this user’s phone.
End user
The End User tab is used for linking system accounts to external or non-staff users, such as clients, customers, or partner contacts. This is useful in environments where external parties need limited access.
Is End User: Enable this toggle to mark the user as an end user (not internal staff or agent). End users often have restricted access to Ticket System.
Is Company Supervisor: When enabled, this user becomes a designated supervisor for their company — useful for client-side visibility or approval roles.
Related Contact: Select an existing contact from the dropdown to link this user with their contact.
Authentication
After creating users, you can typically edit their account settings to enable 2FA (Two-Factor Authentication) / CAPTCHA enforcement.
The Authentication section provides administrators with tools to strengthen user account security by enabling features like Two-Factor Authentication (2FA) and CAPTCHA.
Two-Factor Authentication (2FA)
When an admin enables 2FA for a user, the system generates a unique QR code linked to the user’s account. This QR code must be scanned using an authentication app such as Google Authenticator, Microsoft Authenticator, or any TOTP-compatible app.
📧 The QR code can be automatically sent to the user via email, ensuring a smooth and secure setup process.
Once scanned, the authentication app will generate 6-digit codes that the user must enter during login after entering their username and password. This ensures that even if login credentials are compromised, unauthorized access is prevented.
CAPTCHA
The CAPTCHA option helps block automated login attempts. When enabled for a user, they will be prompted to complete a CAPTCHA challenge during login, verifying that the request is from a human and not a bot.
Together, these features significantly enhance account security and protect sensitive call center operations from threats.