Manage Admin user accounts

When your store is first installed, a default Admin account is created with login credentials that gives you full administrative access. As a best practice, you should create another user account with full Administrator access. That way, you can use one account for your everyday Administrative activities and reserve the other as a “Super Admin” account. This can be helpful if you forget your regular credentials, or they somehow become unusable.

If there are others on your team or service providers who need access, you can create a separate user account for each and assign restricted access based on their business need to know. To limit the websites or stores that users can access in the Admin, you must first create a role with limited scope and only the necessary resources selected. Then, you can assign the role to a specific user account. Admin users who are assigned to a restricted role can see and change data only for websites or stores that are associated with the role, but cannot change any global settings or data.

Adobe Commerce merchants who have an Adobe ID and want a streamlined login to Adobe Commerce and Adobe Business products can integrate Commerce authentication with the Adobe IMS authentication workflow. After this integration is enabled for your Commerce store, each Admin user must use their Adobe credentials — not their Commerce credentials — to log in. See Adobe Identity Management Service (IMS) Integration Overview.

For users or roles that are temporary, you can also set an expiration date for the user account.

Create a user

  1. On the Admin sidebar, go to System > Permissions > All Users.

  2. In the upper-right corner, click Add New User.

    To edit an existing user, click a user name in the grid. You can modify the User Info and User Role sections as needed.

  3. In the Account Information section, do the following:

    User account information {width="600" modal="regular"}

    • Enter the User Name for account.

      The user name should be easy to remember. It is not case-sensitive. For example, if the user name is John, they can also log in as john.

    • Complete the following information:

      • First Name
      • Last Name
      • Email address

      Each user account must have a unique email address.

    • Enter a Password for the account.

      note note
      An Admin password must be seven or more characters long and include both letters and numbers. For additional password options, see Configuring Admin Security.
    • For Password Confirmation, reenter the password to make sure it was entered correctly.

    • If your store has multiple languages, set Interface Locale to the language to be used for the Admin interface.

  4. Set This Account is to Active.

  5. Click the calendar icon to set the Expiration Date for the user account.

    Defining an expiration date is helpful when a user or role is temporary. After the expiration date, the user account status changes to Inactive and can be updated, if needed.

  6. Under Current User Identity Verification, enter your user account password.

With the Account Information section complete, you can save the user. The new user is displayed in the Users grid, but the user name cannot log in until a role is assigned.

Assign a user role

  1. In the left panel, click User Role.

    The grid lists all the existing user roles. For a new store, Administrators is the only role available.

    Admin - add new user role {width="600" modal="regular"}

  2. In the Assigned column, select a user role.

    You can view existing or define additional user roles. After a role is defined, you must edit the user account to assign the new role.

Verify or reset 2FA providers

  1. Open the Admin user account.

  2. In the left panel, click 2FA.

    Admin - add new user role {width="600" modal="regular"}

  3. Verify the 2FA solutions that are available to Admin users and advise each user to install the solutions they want to use before they sign in.

    Authentication by only one 2FA solution is required to sign in to the Admin.

  4. If the user needs to reinstall the 2FA solution, you can reset the current 2FA configuration.

    This requires the user to repeat the setup process before they can sign in again. For example, the user might have a new smart phone and needs to reinstall Google Authenticator. To clear the user’s current 2FA setup, click Reset (Provider) for each solution that you want to clear. When prompted, click OK to confirm.

    The user receives an email with a link to configure 2FA. The link can be used only once. If the user tries to sign in multiple times, a new link is sent after each attempt.

  5. Click Save User.

  6. When prompted, enter your password to confirm your identity, and again click Save User.

    The Users grid opens and lists all users.

Delete an Admin user

  1. On the Admin sidebar, go to System > Permissions > All Users.

  2. Locate the user account using filters above the grid and click the user name.

  3. When prompted, enter your password to confirm your identity.

  4. In the upper-right corner, click Delete User.

  5. To confirm the action, click OK.

Forgotten password and reset emails

The Admin email template configuration determines the emails that are sent when users forget and reset their passwords. This configuration specifies the store contact that appears as the sender of the message and how long the password recovery link remains valid.

To configure the Admin email templates:

  1. On the Admin sidebar, go to Stores > Setting > Configuration.

  2. In the left side panel, expand Advanced and choose Admin.

  3. Expand expansion toggler the Admin User Emails section.

    Advanced configuration - Admin email template settings {width="600" modal="regular"}

  4. Set Forgot Password Email Template to the template that is sent when an Admin user forgets their passwords.

  5. Set Forgot and Reset Email Sender to the store contact that appears as the sender of the message.

  6. Set User Notification Template to the email template that is used as the default for admin notifications.

  7. When complete, click Save Config.

Locked users

For the security of your business, user accounts are locked by default after six failed attempts to log in to the Admin. Any user account that is currently locked appears in the Locked Users grid. An account can be unlocked by any other user with full Administrator permissions.

Additional password security measures can be implemented in the Advanced Admin configuration. See Admin Security.

Login screen alert - account is temporarily disabled

To unlock an Admin account:

  1. On the Admin sidebar, go to System > Permissions > Locked Users.

  2. In the grid, select the checkbox of the locked account.

    Permissions - locked user accounts {width="600" modal="regular"}

  3. In the upper-left corner, set Actions to Unlock.

  4. Click Submit to unlock the account.