Invite Users

Anyone with a user role of Data Manager can create and invite users to access his/her study(ies). As part of the invitation process, the Data Manager specifies what each user can have access to based on that user’s type and user role. For more information, see User Type.

When the user receives and accepts the email invitation, s/he is prompted to set a password:

Password requirements are as follows:

  • Must be at least 8 characters in length
  • Must contain at least three of the following types of characters:
    • Lower case letters (a-z)
    • Upper case letters (A-Z)
    • Numbers (0-9)
    • Special characters (!@#$%^&*)
  • Cannot be the same as the previous password
  • Cannot be one of the most common 10,000 passwords (e.g., password, 12345678, asdfasdf, etc.)
  • Cannot contain any part of the user’s personal data (e.g., first name, last name, username, email address)

In addition:

  • User accounts are locked after ten failed login attempts from the same IP address.
    • To unlock the account contact support@openclinica.com
  • Users are automatically logged out of OpenClinica after four hours of inactivity.

User Type

When a user is created, that user is assigned a user type and a user role.

  • User type determines the user’s access level. For example, it defines whether the user can access data across all studies and sites (Admin), or only to specifically assigned studies or sites (User).
  • User role determines the specific tasks the user can perform within that realm of the assigned user type.

Available user types are:

  • Admin
    • Can create studies and can see all studies that exist in your test and production environments.
    • Can assign him/her-self access to any study in your test and production environments.
  • User
    • Can only view and access studies or sites assigned to the user account.

When assigning a user type, keep the following in mind:

  • Because Administrators have overall access to all studies, this user type should be assigned sparingly. Most users should be assigned the user type of “user.”
  • Site users should never be assigned a user type of Administrator – this would give them potential access to all data across all studies and sites in your test and production environments.
  • Each user only has only one user type, but may have different user roles in different studies or sites. 

    For example, you may be a user type of “user,” with a role of Data Manager on one study and a role of Monitor on another study. 

Refer to the User Matrix for a table of permissions available to each of the OC4 user roles.

User Profile

All users have access to updating their user profile and password at any time.

From the User Menu, selecet My Profile:

To edit your user information, click the Details edit link and update your information as needed:

Note that you cannot change the email address associated with your account. Please contact your Administrator if you need to change your email address.

To change your password, click the Change password link and update your password:

Users also have access to OpenClinica Support and to the OpenClinica Privacy Policy from the user menu:

  • To access the OpenClinica Support Team (contract-based, named users, only), from the User Menu, select Support:

    And the support portal displays:

  • To access OpenClinica’s Privacy Policy, from the User Menu, select the Privacy Policy:

And you are directed to the Privacy Policy page of the OpenClinica website.

Study-Specific User Administration

Data Managers can manage user accounts for studies to which they have access. To manage users for a study, go to My Studies and click the Share button for the study for which you want to manage users:

You can then invite, edit, or remove users as needed. You can also resend an invitation if the user has accidentally deleted the original invitation. Changes made on this page only apply to the current study.

Central User Administration

Administrators have access to Central User Administration, where user accounts can be edited, deactivated, or re-activated across all environments. Administrators can also download the User and Role Audit Logs, which lists login attempts, role changes, profile changes, role changes, password reset requests, and more. To access Central User Administration, from the User Menu, select Administration (only Administrators have access to this menu option):

In the Administration window, Deactivate or Edit user accounts as needed. Changes made in this window apply to the user account across all studies and environments.

If a user account is deactivated, that user cannot log into OpenClinica.

Sort columns by clicking the sort toggle for the column.

The possible statuses for a user are as follows:

User accounts cannot be deleted.

Once a user is deactivated, you can reactivate that user account (across all studies/environments) by clicking the Activate button:

 

To edit a user account, click the Edit button for a user. Any information can be updated except the username:

It is important to note that Central User Administration applies across all studies and enviroments for users. If you need to remove or edit access for a specific study for a user, see Study-Specific User Administration.

To access the User Audit Log, simply click the Download User and Role Audit Logs button at the top of the Administration window.

This log lists all login attempts (failed and successful), user role changes, password reset requests, user profile changes, when a password was changed, and when an account is blocked. As the system continues to be developed, more information may be added to these logs.

 

5.2.1 Using the Share Screen

Share screen features allow you to add sites and invite users to access your study.

You can access the Share screen from either the My Studies screen, Study Designer, or the Settings screen.

The Share button is on the bottom of the study card on the My Studies screen. Select Test or Production to share your study.

The Share button is also in the header bar in Study Designer. Select Test or Production to share your study.

5.2.2 Adding Sites

Before you invite users to your study, add at least one site. This applies even if your study is only collecting data from a single site.

To Add a Site:

  1. On the Share screen, scroll down to Sites, and click the Add button.

  1. On the Add Site screen, begin to type the site name.
    1. If the site already exists in another environment, select that site from the list. Fields are prefilled with site information.
    2. If you need to make a new site, type the name of the site, and enter information in the appropriate fields.
      1. Although the Expected Number of Participants field is required, this will not limit the number of participants at the site. Limiting the number of participants can only be done at the Study level. View the Create a Study page for detail on limiting participants in a study.

Note: Sites are global, meaning if you use a site in Study A you don’t need to recreate that site for Study B. When adding an existing site to a study, values appear in the Site Name, City, State/Province, Zip, and Country fields automatically.

  1. Click the Save button.

5.2.3 Inviting Users

To Invite a User:

  1. Click the Share button under the Study Card of your study on the My Studies screen or in the header of the Settings screen or Study Designer.
  2. Select your study environment (Test or Production).
  3. Under the People header, on the right, click the Invite button.
  4. Begin typing, and click Invite a new user, or select an existing user from the drop-down list.
    1. If you select Invite a new user, the Add User screen appears, and you can enter values for each field. Then click the Create User button.

    1. If you select an existing user from the drop-down list, the system sends a new email invitation.

Note: The username and email of each user in the system must be unique.

  1. When prompted, select a role for the user from the list of available roles:

Note: To provide access to another site, for example for a Monitor who is responsible for montoring two sites, click in the Site box again and select additional site(s) as needed.

  1. When finished granting the appropriate access, click Invite. An email is sent to the user, and they are listed in the People table on the Share screen.

Before a User can Access a Study, They Must Create a Password that Meets the Following Criteria:

  • Must be at least 8 characters in length
  • Must contain at least one of each of the following types of characters:
    • Lower case letters (a-z)
    • Upper case letters (A-Z)
    • Numbers (0-9)
    • Special characters (!@#$%^&*)

5.2.4 Publish History

The Share screen tracks the publication history for each environment (Test and Production). Scroll to the bottom of the Share screen to see the publication history.

To View a Previously Published Version of the Study:

Click the View Study Design link to the right of the version you’d like to view.

A read-only version of the previously published study design displays:

Though no changes can be made to this version of the study, you can:

  • View form and event settings
  • Download form versions,
  • Preview forms

etc.

The header clearly indicates this is a read-only version, and includes a link to quickly access the current version of the study, which is fully editable.

Note: Some Form attributes (checklists, tags, and labels) show the values that they have in the current design, regardless of their state in the previously published version. In the Test environment, if a Form version was overwritten after a previous publication, only the newest version of that Form is available for preview and download. This is not a concern in the Production environment, since Form versions cannot be overwritten.

5.2.5 Editing Study Settings

To Edit Study Settings:

  1. To the right of Study Settings, click Edit.
    1. The Study ID field has a limit of 30 characters.
  2. Edit the study settings as needed, and click Save.

Note: The changes take effect immediately in both the Test and Production environments for that study.

Adding and Editing Participant IDs

Participant IDs can be created with:

  • Manual Entry: The user must enter the ID for each Participant.
  • System-generated: The system will auto-generate the ID based on an ID Template that you specify.

To Change the Method of Creation to Allow Automatic Entry:

  1. From the My Studies screen, click the Settings (gear) icon under the study name, and select Settings.
  2. Click the Edit link next to the Participant ID Settings header.
  3. Click the radio button next to System-generated.

Note: If Method of Creation is set to System-generated, only Data Managers can edit the Participant ID. Data Managers can always edit IDs, even ones that are system-generated.

System Generated IDs

If you choose System-generated, you must specify the template for the system-generated ID.

You Can Generate Participant IDs by the Following Methods:

  • The Participant Count Method: Generate Participant IDs sequentially.
  • The Random Number Method: Generate Participant IDs using random numbers.

You Can Build Your ID Template Using One or More of the Following Components:

  1. ${siteId}: The unique identifier for the site the Participant is being added to.
  2. ${siteParticipantCount}: The current number of Participants at the site. This is generally used like ${(siteParticipantCount+1)} to have the ID increment the Participant count for each new Participant added.
  3. ${helper.random(n)}: Generates a random number with up to n digits each time a Participant ID is generated.
  4. ?string[000]: Added to the resulting values to pad them with leading zeros to equal the number of digits specified, for example, ${(siteParticipantCount+1)?string[000]} or ${(helper.random(5))?string[00000]}.
  5. Prefixes, suffixes, separators – Include other text (such as or a Study-specific prefix) to include standard content in each ID.

Note: Each ID Template must include #2 or #3.

Examples: The Participant Count Method template, ${siteId}-${(siteParticipantCount+1)?string[000]}, for site University Hospital (Site ID = UH) would produce the IDs, UH-001, UH-002, UH-003, etc. For site Central Hospital (Site ID = CH) would produce CH-001, CH-002, CH-003, etc.

The Random Number Method template, P-${(helper.random(5))?string[00000]}, would produce IDs with a fixed prefix of P- followed by a 5-digit random number (including leading zeros), for example P-00362, P-82394, P-35070.

Notes About the Template:

  • The template cannot exceed 255 characters, and the resulting Participant ID cannot exceed 30 characters.
  • ${siteId} and ${siteParticipantCount} are both required but can be in any order.
  • Static text can be added to any portion of the template, but cannot include the following characters:
    • Slash (/)
    • Backslash (\)
    • Less Than (<)
    • Greater Than (>)
    • Ampersand (&)
    • Quotation Marks {“)
    • Apostrophe (‘)

Best Practice: There is no restriction for going beyond the minimum, but it is best practice to set up the minimum length to match the length of the maximum number of expected Participants.

If the template is invalid for any reason, the system uses a default template of ${siteOID} followed by a dash and a six-digit random number.

5.2.6 Using Multifactor Authentication

You can enable multi-factor authentication (MFA) for your OpenClinica domain with an API or contact the OpenClinica Customer Service team.

When you enable multi-factor authentication, users are prompted to:

  1. Download either the FreeOTP app or the Google Authenticator app to your smartphone.
  2. Scan a barcode.
  3. Enter the access code from their device.

Initial User Sign-up:

Subsequent Logins:

Note: Once you have enabled multi-factor authentication, you no longer need to scan a barcode. Only username, password, and an access code are required to sign in. The barcode should be treated as your password and should not be shared with anyone (including via screenshare). 

If This Feature is Enabled:

  • All Study and Site Users are required to login with username, password, and an additional code.
  • Data Specialists and Investigators will still sign participant records with only their username and password.
  • Participant users logging into Participate are still only required to enter access codes.
  • You cannot enable multi-factor authentication for a specific study, site, or user. It must be enabled per OpenClinica domain.

Additional Information:

There is no link between a user’s authenticator app/device and the authentication server: Authenticator apps do not communicate with a server in any capacity. If a user deletes an MFA entry in their app, the server is not informed in any way and the user will still be expected to enter their One Time Password (OTP) upon login.

Troubleshoot syncing the device clock to the server time: We suggest the user compare their MFA device time to something official (e.g. https://www.time.gov/) – ensure that the users understand that MFA is sensitive down to the second. Some mobile devices fetch the time from their local Wi-Fi device and may be inaccurate.

If a user loses their MFA device or authenticator entries: they will have to make a request to the support team to reset their MFA credentials, which will prompt them to re-configure MFA and give them a new QR code to scan.

Note: Our current implementation of MFA/OTP requires a second device such as a phone or tablet running iOS or Android and using one of the apps listed above.