Profile
Overview
Users can view and edit their personal information in the Profile view.
Username
The username is used to log in to the Dashboard and apps. Usernames cannot be changed. An admin must delete the old user and create a new one.
Display name
The display name shows the user's first and last name.
Display name cannot be changed if the admin has locked user profiles or if the user is from an external directory.
Primary email
This is the account's email. Apps can see this address and may send notifications to it. This can be set to an email address hosted on the server.
Primary email cannot be changed if the admin has locked user profiles or if the user is from an external directory.
Password recovery email
Account password reset emails are sent to this address. Set this to an email address not hosted on the server. If not set, it defaults to the primary email.
Password recovery email cannot be changed if the admin has locked user profiles or if the user is from an external directory.
Avatar
Apps that support OIDC can access and display the profile picture.
Passkey
A passkey uses a hardware security key, platform authenticator (such as a fingerprint sensor or Face ID), or a password manager to verify identity.
Once registered, a passkey enables passwordless login. The login screen provides a "Log in with a passkey" option that authenticates without requiring a username or password.
If a TOTP or passkey is configured, it also serves as a second factor when logging in with a password.
Click Set up next to Passkey in the profile view to begin the registration process.
TOTP
A time-based one-time password (TOTP) uses an authenticator app to generate short-lived codes. When a TOTP is configured, it serves as a second factor when logging in with a password. The admin can make it mandatory for users to set up 2FA.
Scan the QR code that appears with a TOTP app such as:
2FA cannot be enabled if the user is from an external directory that supports 2FA.
Disabling 2FA
If a user loses their 2FA device or passkey, an admin can reset it.
App passwords
App passwords provide a security measure for desktop, email, and mobile clients. For example, when trying a new mobile app from an untrusted vendor, generate a password that provides access to a specific app. This protects your main password from compromise.
API tokens
Each user can create their own API tokens. Tokens can have a read-only or read-write scope. They can be restricted to a list of comma separated IPs or subnets.
The token listing shows the last used time:
Language
The dashboard language can be set using the language selector. This overrides the global language set by the admin.