Base

New User Accounts

Activates the register as a new customer function on the login page. If set to no only administrators or agents can create new accounts manually.

Default setting: yes

Figure showing activated "New User Accounts" setting

Warning

😖 This setting may be confusing

Deactivation of above function does not deactivate automatic account creation! This means: If a user writes e.g. an email to Zammad and has no account yet, Zammad will automatically create the account.

User accounts are a direct dependency of tickets and thus technically mandatory.

Lost Password

Activates the lost password function on the login page. If set to no only administrators may change the user’s password - users may update their own password if they’re still logged in and they have the required permission.

Default setting: yes

Figure showing activated "Lost Password" setting

Tip

😖 This function may be confusing

With third party authentications – but especially LDAP – you may want to disable this function. Zammad will not change third party login passwords and instead set or change the local password!

Session Timeout

All settings below by default are set to 4 weeks. Session Timeout defines the life time of a users session. As soon as it’s reached, Zammad will automatically log off the session in question.

Zammad takes the highest value set assigned for the user based on the permissions.

  1. admin

  2. ticket.agent

  3. ticket.customer

  4. default (fallback if user doesn’t have above permissions set)

All settings act independently from each other allowing you to disable the timeouts for e.g. admins, but not agents.

Note

🤓 An example

Let’s suppose you configured the following session timeouts
  • default: 3 weeks

  • admin: 2 weeks

  • ticket.agent: 4 weeks

  • ticket.customer: 1 week

This results in the following situations
  • a user with admin permission will have a timeout of 2 weeks

  • a user with admin and ticket.agent permissions will have a timeout of 2 weeks

  • a user with ticket.customer permission will have a timeout of 1 week

  • a user with neither admin, ticket.agent nor ticket.customer permissions will have a timeout of 3 weeks