Skip to main content

User account management

Manage existing candidate and admin user accounts across your Access Volcanic website, including password resets, email updates, and secure account removal.

Grace avatar
Written by Grace
Updated over a week ago

Overview

This article explains how to manage existing user accounts for both candidates and admins on your Access Volcanic website. You'll learn how to reset passwords, update email addresses, manage account deletion safely, and improve email deliverability for account-related notifications.

Key benefits

  • Reset passwords quickly for any user account.

  • Resolve login errors, including invalid credentials and autofill issues.

  • Update email addresses safely for both candidate and admin accounts.

  • Delete or suspend user accounts following proper security protocols.

  • Improve deliverability for password-reset and verification emails.

  • Manage bulk operations for inactive candidate accounts efficiently.

Before you start

Before managing user accounts, make sure you have:

  • Admin access to your Access Volcanic platform.

  • Knowledge of your organisation's user management policies.

πŸ“Œ Note: For security and compliance reasons, Access staff (including Support) cannot manage your user accounts directly. Only your internal admins can invite, view, amend, or delete users.

Password management

Resetting passwords for any user

Both candidates and admins can reset their passwords using the same process:

  1. Visit your website's Login page and click Forgot password?

  2. Enter the email address for the account

  3. Click Reset my Password

πŸ€“ Tip: You can also direct users to the reset page by adding /users/passwords/new to your domain, such as https://www.yoursite.com/users/passwords/new.

Password-reset timing and validity

Password-reset emails typically arrive within a few minutes, though standard email processing times may vary. Reset links expire after 48 hours, so users must complete the process within this timeframe.

If users don't receive the password-reset email, ask them to check their spam or junk folders. For business email accounts, check the quarantine folder, which is managed by their IT or email provider.

Password requirements

All passwords must meet the following requirements:

  • At least 10 characters

  • At least 1 uppercase letter

  • At least 1 lowercase letter

  • At least 1 number

  • At least 1 special character

πŸ€“ Tip: Add password hints to your forms to help users understand these requirements upfront.

Managing user details

Updating candidate email addresses

Candidates can change their email addresses directly from their candidate dashboard. For security, after updating their email and confirming with their password, they're automatically logged out and must log in using the new email address.

If a candidate registered with an incorrect email:

  • Option 1: Remove their candidate profile so they can register again with the correct email

  • Option 2: If they can access their dashboard, have them update the email directly

Updating admin email addresses

Admin users don't have access to a candidate dashboard. To correct an admin's email address, you must delete their existing admin profile and create a new one with the correct email address.

Account deletion and suspension

Managing candidate accounts

You can manage candidate accounts via individual account suspension and deletion as well as bulk clean-up operations or inactive users.

πŸ“ŒNote: To learn more about removing candidate accounts, see our Candidate accounts guide.

Managing admin accounts

You can manage admin users accounts via individual account suspension and deletion.

πŸ“ŒNote: See our Admin accounts guide to learn more about managing and removing admin accounts.

πŸ€“ Tip: Maintain a well-known main admin user responsible for user management. This ensures continuity and clear accountability for account administration.

Email deliverability improvement

Account-related emails include password-reset notifications and verification messages. If users can't locate expected emails, guide them to check spam, junk, and quarantine folders first. For business accounts, ask IT teams to release or whitelist Access Volcanic emails if needed.

πŸ“Œ Note: For advanced email authentication setup, see the FAQs section below.

Best practices

  • Set up domain authentication for reliable email delivery.

  • Maintain clear documentation of admin user responsibilities.

  • Use suspension for temporary access removal rather than immediate deletion.

  • Guide users to check spam, junk, and quarantine folders when emails are missing.

  • Keep your main Data Representative role assigned to an active admin.

  • Regularly audit user accounts to maintain security and ensure only active users retain access.

πŸ“Œ Note: For complex account management scenarios, consult your organisation's data protection policies before making changes.

FAQs

Q1: Can users reset their own passwords without admin help?

  • Answer: Yes, both candidates and admins can reset their passwords independently using the Forgot password? link on your login page.

Q2: Why didn't a user receive their password-reset email?

  • Answer: Reset emails may go to spam, junk, or quarantine folders. Check these locations first, then verify your domain authentication is properly configured.

Q3: Can admin users change their own email addresses?

  • Answer: Admin users cannot change their email addresses directly. To update an admin's email, you'll need to delete their current profile and create a new one with the correct email address.

Q4: What happens if a password-reset link expires?

  • Answer: Reset links expire after 48 hours for security. Users must request a new password-reset email to create a fresh link.

Q5: Can Access Support manage our user accounts for us?

  • Answer: No, for security and compliance reasons, only your internal admins can manage user accounts. Access staff have limited access to user data.

Q6: What's the difference between suspending and deleting an admin account?

  • Answer: Suspension temporarily removes access while preserving the account for potential reactivation. Deletion permanently removes the account and cannot be undone.

Q7: How do we handle Right to be Forgotten requests?

  • Answer: Use the RTBF process in your admin area to completely remove candidate data when legally required. This goes beyond standard account deletion.

Q8: Can we delete multiple inactive candidates at once?

  • Answer: Yes, you can use bulk deletion features to remove inactive candidates based on their last activity date.

Q9: How do we resolve "Invalid credentials" or login errors?

  • Answer: Ask users to manually retype both their email and password, avoiding browser autofill which can insert invisible characters. If login still fails, guide them through the password-reset process.

Q10: What should we do if our main Data Representative leaves the organisation?

  • Answer: The current main Data Representative must reassign this role to another admin before their account can be suspended or deleted. Plan this transition in advance.

Q11: How do we troubleshoot password-reset errors?

  • Answer: Check that your domain authentication is properly set up and ensure password-reset emails aren't going to spam folders. If issues persist, contact Support for assistance.

Q12: What should users do if password-reset links have expired?

  • Answer: Password-reset links expire after 48 hours for security. Users must request a new password-reset email to get a fresh link.

Q13: How can we improve email deliverability for account emails?

  • Answer: Set up domain authentication by configuring Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) records for your sending domain. Work with your IT team to verify sender domain and DNS configuration.

Related Articles
Broadbean Integration Help Guide
Vincere Integration
Candidate accounts
Admin accounts
Email notifications
Did this answer your question?