Articles on: OneHash CRM | User and Permissions

How to add Users?

The System Manager can add users. To add users go to:
Home > Users and Permissions > User

There are two main types of users:

Website users: Customers, Suppliers, Students, Etc. who have access only to the portal and not to any modules.
System Users: People using OneHash CRM in the company with access to modules, company data, Etc.

Read more about difference between system and website user .

Under User, a lot of info can be entered. For the sake of usability, the information entered for web users is minimal: First Name and Email.

An Email address is the unique key (ID) identifying the Users.

How to Create a New User?

Go to the User list, click on New.
Add an Email address and name of the user.
Click Save.

Details like Username and Language can also be changed.


1. Setting Roles

After saving, you will see a list of roles and checkboxes next to them. Just check the roles you want the user to have and save the document. The roles have pre-defined permissions to know more about roles click here .

You can set Role Profiles to use as a template that selects multiple roles together.

2. More information

More information about the employee can be set from this section:

Mobile No
Birth Date
Banner Image

Ticking on 'Mute Sounds' will mute sounds that play on interacting with documents. The user may need to do a Settings > Reload for the changes to take place.

3. Change password

Set New Password: As a System Manager, you can set a new password for the user if it needs to be changed.

Send Password Update Notification: Send an email notification to the user that their password has been changed.

Log out from all devices while changing Password: When changing the user's password, this logs out the user from PC and any mobile device they may have logged into.

4. Document Follow

With this option, you can follow various documents in the system and get email notifications when they are updated. Know more here .

5. Email Settings

Send Notifications for Email threads: The user will get notifications for Email conversations in document types like Opportunities.

Send Me A Copy of Outgoing Emails: Sends the user a copy of their emails. This is useful for keeping track of the sent emails.

Allowed In Mentions: Allow user's names to appear in thread conversations so that they can be mentioned using '@'.

Email Signature: Adding an email signature here will default for all outgoing emails for the user. This is different from a footer which is set from the Company master.

6. Email Inbox

Subscribe the user to different mailing lists of your company from this section. Add a new row and select the mailing list to assign this user. For example, mailing lists can be jobs, support, sales, Etc. To know more about Email Inbox, click here.

7. Allow Module Access

Users will have access to all modules for which they have role-based access. If you want to restrict access to specific modules for this user, un-check the modules from this list.

2.7.1 Module Profiles

Role Profiles act as a template to store and select access to multiple modules. This Role Profile can then be assigned to a User. For example, HR Users will have access to multiple modules like HR, Payroll, Etc. Role Profiles are helpful to provide access to multiple modules at once when adding multiple users.

8. Security Settings

Simultaneous Sessions: Simultaneous login sessions, the user is allowed. You can use the same set of credentials for multiple users by allowing more sessions. This can be restricted from System Settings globally. For cloud accounts, the total number of simultaneous sessions cannot exceed the total number of subscribed users.

User Type: If the user has any role checked other than Customer, Supplier, Patient, or Student, they automatically become a System User. This field is read-only.

Login After, Login Before: If you wish to give the user access to the system only between office hours or during weekends, specify it here. For example, if office hours are from 10 am to 6 pm, set the Login After, Login Before hours as 10:00 and 18:00.

Restrict IP: Restrict user login to the IPs specified here. This can be used so that the user can log in only from office computers. Multiple IPs can be added separated by commas.

This section also shows other details like Last Login, Last IP, and Last Active time for the user.

9. Third-Party Authentication

This will allow users to use Facebook, Google, or GitHub to log in. To use this feature, signup for a developer account with Facebook, Google, GitHub, Etc. Create an app on their console, specify an app name, the originating URL and callback URL, copy the client ID and secret client info here to start using.

For more details, go to this page.

Use Facebook, Google or GitHub Authentication to login to Frappe, and your users will be spared from remembering another password.

The system uses the Email Address supplied by these services to match with an existing user in Frappe. If no such user is found, a new user is created of the default type Website User if signup is not disabled in Website Settings. Any System Manager can later change the user type from Website User to System User to access the Desktop.

Login screen with Social Logins enabled

To enable these signups, you need to have Client ID and Client Secret from these authentication services for your Frappe site. The Client ID and Client Secret are to be set in Website > Setup > Social Login Keys. Here are the steps to obtain these credentials.

Use https://{{yoursite}} if your site is HTTPS enabled


Go to
Click on Apps (topbar) > New App, fill in the form.
Go to Settings > Basic, set the Contact Email and save the changes.
Go to Settings > Advanced, find the field Valid OAuth redirect URIs and enter: http://{{yoursite}}/api/method/frappe.www.login.login_via_facebook
Save the changes in the Advanced tab.
Go to Status & Review and switch on "Do you want to make this app and all its live features available to the general public?"
Go to Dashboard, click on the show button besides App Secret, and copy the App ID and App Secret into Desktop > Website > Setup > Social Login Keys


Go to
Create a new Project and fill in the form.
Click on APIs & Auth > Credentials > Create new Client ID
Fill the form with:
Web Application
Authorized JavaScript origins as http://{{yoursite}}
Authorized redirect URI as
Go to the section Client ID for web application and copy the Client ID and Client Secret into Desktop > Website > Setup > Social Login Keys


Go to
Click on Register new application
Fill the form with:
Homepage URL as http://{{yoursite}}
Authorization callback URL as
Click on Register application.
Copy the generated Client ID and Client Secret into Desktop > Website > Setup > Social Login Keys


Go to
Create a new Azure Active Directory > App Registration.
Click on New Application Registration
Fill the form with:
Application Name
Application Type - Web app / API
Single Sign-on URL as http://{{yoursite}}/API/method/frappe.www.login.login_via_office365
Enable Multi-Tenant for the added App.
Go to the section Application ID and copy the Client ID and copy Client Secret by adding a new Password into Social Login Key

10. API Access

You can generate API Secret keys from this section using the Generate Keys button. This can be used to access your account's data from another application, for example, an offline POS system.

11. After Saving

After saving a user, these buttons will be seen on the dashboard area of the User master.


-> Set User Permissions: This Will take you to the User Permissions page of Bruce from where you can restrict Bruce's access to documents.
- > View Permitted Documents: This Will take you to the 'Permitted Documents For User' report for this user. Here you can see which documents does Bruce have access to them. For example, the list of Sales Orders Bruce has access to will be displayed on the selected Sales Order.


-> Reset Password: An email with instructions to reset the user's password will be sent to the user's Email Account.
-> Reset OTP Secret: Reset OTP Secret for logging in via Two Factor Authentication.

Create User Email will let you create an Email Account for the user based on the email entered in the User master.

Login Methods

In System Settings, under the Security section, if you check the 'Allow Login using Mobile No' checkbox, a mobile number can also be used to log in. While a Mobile No will be unique, it will not be treated as a user ID.

Login with Email:

Login with Email or Mobile:

After adding these details, save the user.

4. Related Topics
Role Based Permissions
User Permissions
Document Follow

Updated on: 01/04/2023

Was this article helpful?

Share your feedback


Thank you!