DATIM
  1. DATIM
  2. DATIM
  3. DATIM User Admin

DATIM Primary User Administrator (PUA) Guide

Alejandro Muro -

 

DATIM Primary User Administrator Guide & FAQ

 

Primary user Administrators Determine Access to DATIM

Due to the global scope of PEPFAR, DATIM accounts are managed in a decentralized way through user administrators. Primary User Administrators (PUAs) are identified by the DATIM Systems Team, by contacting already existing DATIM PUAs and/or an Organization Units PEPFAR Program Manager (PPM), to receive new account requests. Requests are made via email and either come from automatically generated account requests or from the DATIM Support Team if a user submits a help desk ticket for a new account.

Responsibilities:

The main responsibilities for DATIM PUAs are to:

  • Actively review new DATIM account requests that are routed from register.datim.org or DATIM Support and complete the account setup process in the DATIM User Administration App.
  • Edit user accounts to add and/or remove access (i.e. to data streams) using the user Administration App. Please note, user accounts are not able to be edited, converted, or transferred to a different OU, Agency, or Partner. A separate account would have to be created via the User Administration App. 
  • Reenable user accounts
  • Disable user accounts that are no longer valid. 

 

NOTE: If PUA does not have access tot he DATIM User Administration App, they should contact another PUA or User Administrator to edit their account by checking the “User Administrator” box. If that does not resolve the issue, please contact DATIM support. 

  • Inform the DATIM Support Team if they or another PUA is no longer able to administrate DATIM users and help identify a replacement.

New Account Request Process:

There are two ways a new account can be requested in DATIM, either a user-initiated via register.datim.org, or where the PUA enters all the user’s information manually from an ad-hoc request.

User Initiated Process

This is a visual flow chart of the process for obtaining a DATIM user account. The user begins by completing the DATIM registration form, receiving a registration email, and following the steps in the email to set up their Okta account. The user will utilize their Okta account to login to DATIM

A user-initiated process follows these steps:

  1. A DATIM account request is made via the “New User Request form” on register.datim.org. 

This is a screenshot of the DATIM registration page. The user should select the option to "Request a user account on DATIM"

 

This is a screenshot of the email that the Primary User Administrator will receive as part of the account approval process.

  1. After the user completes the webform, an email is generated and routed to the designated Primary user Administrators (PUAs) based on the selections made by the user. The link in the purple box leads directly to the DATIM user Administration application, and the information in the green box is auto-populated into the DATIM User Administration App  for ease of account creation.

 

  1. After the PUA clicks the link from the email, they are brought to the user invite screen with relevant information from the register.datim.org form auto-populated in the form.

This is a view of the user invite form that the primary user account administrator will view. The administrator will review the information for correctness before clicking "Create Account."

 

As of June 17, 2024, all DATIM users will access DATIM via the single-sign on provider Okta. The user Administration application has been updated to check on the DATIM user’s Okta status in order to streamline this process.

 

 

  1. If the user has an existing Okta account, the user Administration application will check against the user’s self-reported email address  to verify whether the user has an Okta account associated with that same email. If so, the user Administration application will then  bring over the user’s first and last name from Okta with the message  “The Name above has been retrieved from the user’s Okta account”

A screenshot of what the viewer will see if the requested user already has an Okta account associated with their email: "Name above has been retrieved from the user's Okta account."

  1. If no Okta account exists, the user Administration App will prompt “Please enter a first name and last name to create an Okta account for this user

The prompt that an administrator will see if requested DATIM user does not have an Okta account already: "Please enter a first name and last name to create an Okta account for this user."

  1. The PUA verifies all information in the form, enters any missing information, then clicks Create account
  2. If the user does not have an Okta account, an Okta activation email will be generated and sent to the user.
    1. The user must activate their Okta account before they will be able to access DATIM
    2. If the user already has an Okta account, then no Okta email will be generated

 

Ad-Hoc ProcessThis is a workflow for an ad hoc request (in which a primary user administrator receives an account request from a source other than DATIM). In this case, the administrator uses the "Invite" button to open the form and fill out the requested user's account info.

For an ad-hoc request, the PUA can use the following steps

  1. A PUA receives a new account request from somewhere outside of the register.datim form.
  2. In DATIM, the PUA navigates to the DATIM User Administration App and clicks on the “Invite” button. 

 

This is a screenshot of the user administrator portal with the option to invite a new user. The "invite" button is highlighted in a red box.

 

As of June 17, 2024, all DATIM users will access DATIM via the single-sign on provider Okta. The User Administration application has been updated to check on the DATIM user’s Okta status in order to streamline this process.

 

  1. If the user has an existing Okta account, the user Administration application will check against the user’s self-reported email address to verify whether the user has an Okta account associated with that same email. If so, the user Administration application will then bring over the user’s first and last name from Okta with the message “The Name above has been retrieved from the user’s Okta account”

Prompt that will display if requested user already has an Okta account: "Name above has been retrieved from the user's Okta account."

  1. If no Okta account exists, the user Administration App will prompt “Please enter a first name and last name to create an Okta account for this user”

Prompt that will display if requested user's email address does not match to an existing Okta account: "Please enter a first name and a last name to create an Okta account for this user."

 

  1. The PUA verifies all information in the form, enters any missing information, then clicks Create account

A screenshot of the fields in the "invite user" screen. The "Create Account" button is highlighted in a red box at the bottom of the screen.

 

  1. “Note to help user identify this DATIM account” field is optional  but may be important to PUA and User Admin to give users details about their newly created account. 
  2. If the user does not have an Okta account, an Okta email will be generated and sent to the user. The user must activate their Okta account before they will be able to access their DATIM account
    1. If the user already has an Okta account, then no Okta email will be generated
  3. After the user creates their Okta account (if needed), they can then access DATIM via the Okta landing screen.

A PUA’s ability to edit other DATIM user accounts depends on their own type of DATIM account: • You are also not able to edit and/or create an account that has a role you do not (e.g., a standard InterAgency level user Admin will not be able to edit an InterAgency level account that has the Site Admin role). • If a user Admin sees the "unable to edit" button they can scroll over the button, and it will display a message as to why that user Admin cannot edit that account. Inter-Agency user Administrators can only create: ►Inter-Agency UAs & Inter-Agency usersAdministration for Existing Accounts: Primary User Admins should have access to DATIM’s User Administration application which allows them to re-enable existing user accounts, edit user data streams, and disable users that no longer require access to DATIM.  

 

Examples of PUA user administration actions from the above table:

  • Global PUAs are only able to create/edit other Global user accounts. 
  • PUA Agency level accounts are only able to create and/or edit other Agency accounts or Partner (IP) accounts associated with their agency.
  • InterAgency level PUAs are not able to edit Global, Global Agency, Global Partner, or Agency level accounts. So, if an InterAgency PUA is blocked from editing a different account type, they should delegate to an Agency level DATIM user Administrator. 

A screenshot of the DATIM User Administration page. It displays the options for inviting new users, searching for existing users, and viewing user information.

From the DATIM user Administration App (pictured above), Primary user Admins can:

  • Edit data access rights and permissions for existing users as needed. 
    • The DATIM Systems Team will send notifications if/when a new data stream is added so PUAs can administer them as appropriate.
  • Enable accounts for existing users
  • Disable a user’s account if: 
    • A user is no longer supporting the PEPFAR program or is now supporting another country or agency.
    • The user has been found in violation of DATIM policies and system access should be terminated.

 

Frequently Asked Questions (FAQ)

Who are PUAs?

  • Ideally 1-3 PUAs, per Organization Unit or HQ Agency that are identified by PEPFAR Program Managers (PPM) and/or other PUAs
  • They receive the register.datim.org DATIM account request emails from people seeking access to DATIM and can invite users to create new accounts if the request was initiated outside of register.datim.org
  • They are considered the DATIM User Administrator Points of Contact for their OUs, Implementing Partners, or U.S. Agency by the DATIM Systems support team. 

Why are PUAs Important?

  • Primary user Admins are one of the most important roles a DATIM user can have. The DATIM user community is so large that the DATIM Team is unable to actively maintain or manage users – especially since different users may or may not need access to a variety of  PEPFAR data streams
  • PUAs help administer new data streams to their users if/when needed

A user replied that they are unable to access their DATIM account after I created it for them. What should I do?

  • Ask the user if they have received and completed the Okta account activation email, as ALL users must have an active Okta account before they can access DATIM.
  • In DATIM, navigate to the User Administration App choose to search by the user’s email
    • If the user already exists in DATIM, and their account is listed as “Inactive”, use the toggle in the edit screen to, change their account status to “Active”

Screenshot of a toggle for a disabled user account; user administrator can activate the account by clicking the toggle

Screenshot of a toggle for an active user account; user administrator can disable the account by clicking the toggle

  • If the user still can’t access DATIM, advise them to submit a help desk ticket
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk