Option to manually Create users has been removed

[MichaelNielsenDK]

Technically this might be a feature request, but I feel that it's an issue, as it's something that previously have been there, and now for some reason, has been removed.

Its' the "Create" option in Users. For any project using Umbraco ID, which is everything after v8.9.1, the "Create" option for users is no longer there.

The only option you have, is to either invite them through the backoffice, which requires SMTP settings to be setup, or to invite them through the Cloud Portal.

We usually don’t setup SMTP settings until late in the process, sometimes not at all, if they don’t use Forms or anything else that might require mails to be sent out.

We also don't want to create Portal users, just for adding Editors to the backoffice.

So is it not possible to get the "Create" option back for users?

[sajumb]

Hi Michael One of my clever and insightful colleagues has provided me with this answer. Let me know if you need more information than this :-)

You don't need to configure SMTP settings to send invites whether it's via Cloud or the backoffice, as they get sent through our Sendgrid. It works the same way on both projects using UmbracoId and the ones that aren't. You only need SMTP settings on non-cloud projects. Yes, inviting a user via the backoffice creates them also in the portal, as they need to be part of the UmbracoId in order to log in to the backoffice. The above is also the reason why the create user button was removed via the backoffice

[MichaelNielsenDK]

Hi Søren

Oh sorry about that, the invite is just not working on the project i'm sitting with right now, I just assumed the reason was missing SMTP settings, but good to hear it should work independently from that.

I will however maintain my request for having the Create button reinstated on Cloud, for a number of reasons:

• Invite messages often get caught in spam filters, either in the mail client or on the mailserver
• The invite link sometimes does not work, giving the user either an error message or just the login screen
• Sometimes clients, often the not so tech savvy ones, can have trouble creating the user and logging in, where it's just easier to create a user for them.

[sajumb]

Hi Michael, Your request for the create feature to return is noted. The removal of the feature was quite intentional then, and we still believe it to be the right reason due to security reasoning and having a centralized user repository with UmbracoID.

However we are really motivated to ease the pains that you lists.

• We will look into statistics for the outgoing mails send by other products to see if there is a problem that we should fix.
• We are currently improving the invite flow of the organization invites. For these invites mailserver software and automated inbox scanner could either accept or reject the invite prior to user interactive. For project invites I am not aware of a current issue where the user is presented for an error message. You are very welcome to create a issue ticket if that encounters once again, and we will definitely have a look :-)
• We know that the current workflow for creation an user in UmbracoID for some types of users can be confusing. We have already a few improvements to these workflow in the backlog that likely will be considered early 2022. We believe that these improvements will ease the creation and renew password functionality for the users. If you insight on what specifically confuses the personas that you are considering please create a ticket with this insight or send it to me. We are happy to consider these inputs as the login procedure naturally is important for all types of users to master.

[MichaelNielsenDK]

You won't be able to see if mails are blocked from any statistics, as this won't be reported.

Another argument is when the invite function fails, as it does on a project I'm sitting with right now. Instead of just manually creating a user, I have to wait for support, until our client can gain access and start working.

This is a HUGE pain, and it needs to be fixed ASAP!

[sajumb]

Currently, I believe that the Umbraco Cloud Portal offers the same process for project invites as other Saas solutions. However, just as other Saas services that like Umbraco Cloud Portal uses a well respective SMTP service as SendGrid for sending mail, there is (as you mention) no guarantee that every mail reaches the inbox of the to-address. We know services such as SendGrid constantly are working hard on improving their setup in order to reach a delivery rate as close to 100% percent, but we are aware that mails will be blocked due one reason or another.

It is by design that every (portal as backoffice) user will have to login using an UmbracoID. This is a necessary security measure that we cannot ignore.

But we would naturally ease the pain of mails not delivered. And here we would very much like to hear your suggestion for a solution. As I see it, we do not need a fix if nothing really is broken, but rather a supplemental approach of ensuring that the mail reaches the user.

One solution to ease the pain could be, that the cloud user who creates the invite is able to copy the invite text/html to the clipboard in order for the inviting party to resend the content using his own mail client or another secure messaging system. We will have to consider if this approach security-wise is safe, but if so, would that be a sufficient solution from your point of view? If you have a better solution please enlighten me of an approach or best-practice that we could consider to ease this pain of yours.

Also.. When you write "when the invite function fails" is that an hard technical error that you encounter during the invite flow?

If so, please report this issue either in this thread or in a new one. We are currently not aware of a failure in the "invite function". And if it is an technical issue we would very much be aware of this in order to be able to fix it.

[MichaelNielsenDK]

@sajumb

...but we are aware that mails will be blocked due one reason or another. Well then I don't understand why you would remove the only alternative there is to create a backend user.

It is by design that every (portal as backoffice) user will have to login using an UmbracoID. This is a necessary security measure that we cannot ignore. Why? Why do all backoffice user have to login with UmbracoID? Why can't they just be Umbraco backend users as before, and as they are an every other hosting platform?

But we would naturally ease the pain of mails not delivered. Yea, except you can't. You won't know if mails are blocked or why. We have examples where it took a couple of days back and forth with clients IT departments, before mails sent with Mailgun, with SPF and DKIM setup, was let through their spam filter.

When you write "when the invite function fails" is that an hard technical error that you encounter during the invite flow? When sending out the invite, I got an error saying something like *Text cannot be empty or something like that. I don't know what caused it, it vanished after upgrading from 9.0.1 to 9.1.1.

I just want to be able to create a backend user manually, I don't understand why this option cannot be on Cloud.

[FransdeJong]

Although I don't fully agree on getting the backoffice user back without creating a portal user, I do agree there are to many issues in the invite flow.

We get errors ranging from yellow screens to instantly outdated invites. This wouldn't be a issue if there was a separate support queue for these issues but a simple issue takes support weeks to solve and this is not acceptable for a SaaS service. These issues come up when someone wants to work on a project and they need to be fixed straight away.

The risk in the return of the create button is that my clients are going to use them and I really like the added benefits and security of Umbraco ID and the possibility of 2FA in the future?

I think there should be a lot more logging on invite errors and they should be picked up with priority not by support but by blackops.

[sajumb]

Hi @FransdeJong Sorry to hear about the issues that you have encountered with the project invites. We know that it is essential for all parties that the project invite flow runs smoothly and that new users are onboarding at ease.

Accordingly, we are prioritizing any issue that are reported to us regarding the project invite flow. However, I have not heard or seen any issues with the mail invite flow. I have also quickly run through all support tickets and have likewise not found any support tickets with a mentioning of these. But I will contact support immediately to see if I have overlooked something.

Unfortunately, we currently do not have error reports when an error occur in all parts of the portal. We are continuously maturing and reworking most of the older parts on the portal and improving logging, fault tolerance and scalability as we progress. When we are to migrate the existing mail handling into our new CQRS architecture we will instantly see warnings and errors as they arise, as we currently do with the most critical entities such as projects and environments.

For now it will be really helpful for us to be notified when this errors occurs. Either in this public issue tracker. Or alternatively, mail me the errors you/the end users see. We really want to solve the issues, but in order to investigate any further we need to receive a screenshot or an explanation on which action that fails along with an error message and timestamp. Preferable a bug-report with a "how to reproduce" if possible.

Please send this to me directly or post it as a new issue. And I/we will consider these info ASAP.

[Sophiehillebrant]

Hi! We have also encountered problems with the mail invite being the only way to invite backoffice users with cloud environments. Our customers have their own mail configurations, which we are nor privy to neither have any access to, in terms of filters/settings. This means that it takes a long time and we sometimes need to find workarounds to get the customers able to access the backoffice at all. Although I do understand the reasoning which has led to the removal of the "create user" function in the backoffice, this is simply not working well in daily use, as is now. Another option, such as the one suggested in a precious comment, being able to copy the text/html and sending it in an email from the inviting party would be much appreciated! As it stands now, our customer can not access the backoffice of their stage or production environment....

[sajumb]

Hi @Sophiehillebrant, Thanks for the input. We are currently working on a new feature, that lets you extract the invite link of a pending invite to your clipboard. You can then mail the invite link to the email of the user that was invited. This could be helpful when the original invite mail is bouncing back or ends up in the spam folder of the user. We expect to deliver this within the next two weeks.

We hope that this first feature solves some of the issue that you currently encounters. We have planned various other improvements to ensure that the onboarding of project team members and backoffice users are more frictionless and flawless in the future. We want to solve the issues caused by mails bouncing and other mail infrastructure issues.

We are very much open to hear your inputs and suggestions on how we get the best customer experience for this critical feature.

[mastrup]

I just had an issue on Cloud on a project running 9.0.1. I guess it's a bit related to this issue.

When trying to invite a new user I get the following error:

I then navigate to the log to figure out what is going on, but the error isn't there - No errors at all!

[sajumb]

Hi @mastrup Thanks for the report. We are sorry to hear about the error that you encountered. I will contact you for some portal project related info in order for us to investigate further.

[MichaelNielsenDK]

I am stuck yet again , and cannot provide a client with a login to their site, because the invite is not working, and have to wait for support to fix it.

This is neither client nor user friendly!

[sajumb]

Hi @MichaelNielsenDK, I have seen your Zendesk ticket and can see your customer failed for an issue with the UmbracoID component. The issue has been resolved and auto-upgraded to all Cloud projects today. I can see that your project does have the latest version 10.0.18.0 and accordingly your user should not get the "The user was authenticated via Umbraco Id, but unauthorized for this back office. User is locked" error message.

Sorry for the inconvenience.

[MichaelNielsenDK]

@sajumb Thanks for the speedy resolve, however it is quite frustrating to have to wait for support, to give clients access to their own website.

I still don't understand why there isn't an option to manually create users, because this happens again and again.

If you think well the benefits of Umbraco ID outweighs the nuisances and inconveniences for both your clients and end-users, I have to tell you they really don't.

[MichaelNielsenDK]

We've again had the same issue with the user invite, where you get the error The user was authenticated via Umbraco Id, but unauthorized for this back office. User is locked., and an update to Umbraco Identity was needed to fix it.

It's very frustrating for both us, our clients and I imagine for you too, that we have to contact support, and wait for a fix, for clients to gain access to their sites.

If bringing back the option to manually create users is out of the question, then please figure out some alternative, so we are not put in this position again and again.

[sajumb]

Hi @MichaelNielsenDK, I have been following your ticket with our support. You were told by our supporter that the new update for UmbracoID possible could solve the issue, but this release was a maintenance release that did not contain any bug fixes. We are currently not aware of any bugs related to the user invite flow.

The specific issue with the two users getting the "The user was authenticated via Umbraco Id, but unauthorized for this back office. User is locked." was resolved by reenabling the users for the back office where they were listed as disabled (which they have been for some time. That the users were disabled could be related to the unfortunate issue that you reported 3 weeks ago).

We know a frictionless invite flow is crucial for a great onboarding of new team members. If you run into an issue with project invite flow or inviting from the back office once again, feel free to involve me as quickly as possible, as we want to have a rock-steady invite and user flow.

We are sorry about the inconvenience that the previously mentioned bug in UmbracoID has caused you and your client.

[MichaelNielsenDK]

Hi @sajumb

The recent ticket and the ticket from 3 weeks ago involved completely different projects and users, so no the users had NOT

been disabled for some time

These users were invited just before I raised the ticket, look, this is one of them https://prnt.sc/I-iLGHXvG8Rh created January 10th.

So the invite flow did not activate them properly.

As you mention, we had the same issue just 3 weeks ago, on a different project. At that time an update to Umbraco ID was necessary.

This new project had that update, but yet another upgrade was needed to this project.

So I don't think there's any doubt that the invite flow is neither steady or frictionless.

[sajumb]

Hi @MichaelNielsenDK , I just want to follow up on this issue by inviting users from the back office.

You were right. There was still an issue with a subset of cloud projects. Thanks to your fine reporting, we were able to detect it quickly and released a new hotfix a few days later.

Since this day, just over 3½ weeks ago, we have not received or independently registered issues with invitations from the back office.

So I consider the problem solved. Hopefully, I'm right this time! 😄

[MichaelNielsenDK]

Hi @sajumb

How do I check if the hotfix has been applied to a specific project, because I have just had another example if this today.

We've created a dev environment to an existing project, and invited the client to it, but the client get the error where it says they are locked out https://prnt.sc/WP20I1FNIq7p

[sajumb]

Hi @MichaelNielsenDK, The latest versions of the Umbraco.Cloud.Identity.Cms.dll are: CMS11: 11.0.29 CMS10: 10.0.26 CMS9: 5.0.14 CMS8: 4.0.142 CMS7: 3.0.343

Without getting into details, itt does seem like your V10 needs an update to the latest version. I would expect this to resolve the issue forwards, but you will properly have to toggle the "Locked" status in the CMS user section (or alternatively change the "Locked" status of the user in CMS DB for the environment) to ensure that the user will be able to login into the environment.

[tormnator]

I absolutely agree that it should be possible to create users directly, in the Cloud dashboard and in the Backoffice. We are going live (for testing) with a migrated U7 - U11 project (many months in the making), and I'm stopped because the invite from the dashboard doesn't work, and the invite in the Backoffice doesn't work either.

The "ANSWER INVITE" link in the invitation e-mail from the dashboard UI is to https://www.s1.umbraco.io/profile/pendinginvites which clearly must be wrong. There's nothing in that e-mail stating which user is trying to "answer their invite".

When trying to send an invitation from the Backoffice I get the following error:

As often is the case with Umbraco Cloud, this error dialog doesn't really tell me what action(s) I can take to resolve the issue. So yet again I'm stuck trial and error and troubleshooting something which you would think at this point would be rock solid in order for Umbraco Cloud to be a success (user onboarding). Sorry for the rant, and please let me know if I should create separate issues for any of these problems.

[sajumb]

Hi @tormnator, The problems that you report seem to be different from those that have been addressed in this thread.

But let's go through the two issues that you report above.

Invitation from the Umbraco Cloud Portal. I am not sure I quite follow what you are reporting here. :-) When invited to a project, the invitee will receive a notification and should be able to accept the invitation to the project at https://www.s1.umbraco.io/profile/pendinginvites. The user will have to be logged into the portal in order to visit this page. You can read a little conceptually about how the inviting process works here (https://docs.umbraco.com/umbraco-cloud/getting-started/the-umbraco-cloud-portal#pending-invites).

Invitation from the Umbraco Cloud Backoffice We have not registered this error (to my knowledge). Have you contacted our Umbraco Support for assistance with this error? They will certainly be able to help you through. Or alternatively, the matter escalates if there is an issue that needs to be rectified.

[MichaelNielsenDK]

@sajumb I'm seeing a similar error as @tormnator

When I try to invite users on a v12 project, I get this error https://prnt.sc/Yo6nb_zUW4UY

This is the error in the log https://prnt.sc/nfjFZth63xxk

I've also reported it to Support.

I am now stuck and cannot onboard the client. This is a huge pain point, and I can't understand your reluctance to aknowledging this.

[markadrake]

@sajumb invited two users from the Umbraco backoffice today. We got the same error message on both.

It's not clear to me or anyone else why invites from the Umbraco Backoffice do not work. It's unacceptable that an account cannot be created on behalf of my client without this invitation process. User accounts should be deployed along with the other content (when moving TO Umbraco Cloud from an existing project). The entire experience is frustrating.

[eligolf]

I absolutely agree that it should be possible to create users directly, in the Cloud dashboard and in the Backoffice. We are going live (for testing) with a migrated U7 - U11 project (many months in the making), and I'm stopped because the invite from the dashboard doesn't work, and the invite in the Backoffice doesn't work either.

The "ANSWER INVITE" link in the invitation e-mail from the dashboard UI is to https://www.s1.umbraco.io/profile/pendinginvites which clearly must be wrong. There's nothing in that e-mail stating which user is trying to "answer their invite".

When trying to send an invitation from the Backoffice I get the following error:

As often is the case with Umbraco Cloud, this error dialog doesn't really tell me what action(s) I can take to resolve the issue. So yet again I'm stuck trial and error and troubleshooting something which you would think at this point would be rock solid in order for Umbraco Cloud to be a success (user onboarding). Sorry for the rant, and please let me know if I should create separate issues for any of these problems.

I had this same issue as well. Most of the times I get the error and then suddenly one day it works. I have tried logging in/out, trying to invite different people and trying different invitation messages. However, the error appears like 95% of the times I try to invite someone.