Why is User Management so messy?


Is anybody here able to explain to me, why the user (and group) management is so messy in OutSystems? Here my problems:

  1. Why are there three different (obscure) entry points to manage users (see screenshot)? Partner portal, LifeTime and Users(per environment)? Understanding that they have a different purpose, like managing the partner roles (sales, etc.), managing the admin/dev roles (LifeTime) across apps and managing users per environment (Users), it is still messy because:
    1. There seems to be no propagation: If somebody is an admin in the partner portal, why don't they automatically get added to the other two?
    2. The location is obscure: Partner Portal is fine, LifeTime may be found, but /Users is not something one would expect, especially with LifeTime present. And there are no links between the portals either, it's just obscure.
    3. There is no propagation (2): So my DEV environment users don't propagate to other environments. Maybe, it doesn't need to be automatic, but why not a single space to manage, which to propagate and even if the passwords should be the same? I mean LifeTime already does manage my deployment, why not manage which users (and data) to push forward?
    4. Why can we not use LifeTime to manage the environment and apps? And while you're at it, grouping users per app could be done MUCH clearer, rather than one long user list… 
  2. Where is the ability to reset a password? Cresting users in LifeTime or Users, I can set a password, but how can these users set it or reset it? As user management is provided, why only half of it? As an admin I can set a password, but I should be able to set it to "reset next login", it should also send an invite email, and, most importantly, LifeTime login should have a "password reset" functionality. Sure, we can build the functionality (or use some Forge component) but really, it's 2021 and this stuff is hardly rocket science.

Considering that OutSystems is in version 11 and touts itself as a low-code and rapid development platform to skip IT ops, I cannot believe that such fundamental capabilities are not built-in and done well.

Does anybody have some info, why or if I'm just not getting it? Thanks!

Hi Wolf, I'm a Developer Advocate at OutSystems and just passed your feedback to the Product team. You are not the first person stuck on this topic, so your feedback is super important for us to improve the developers' experience.

I would like to share two articles on our documentation that can help to bring more clarification on this topic and explains how OutSystems handles App Users (end-users of apps built with OS) and Development Users (developers that can be added through lifetime and will have access to the environment, to develop apps).

End-User management  
Manage IT Users

Let me know if that helped
- Vera

On point 1.1, It is possible to give someone directly access to lifetime when you invite a person to your team in the partner portal.

Thanks, @Vera Tiago for the links! Very happy hear that you and your team are looking to fix these fundamental parts of the developer experience.
If I may suggest, a holistic review would make sense, because even the fact that there are two different articles, that do not refer to each other, don't even make the alignment between each other clear, is a symptom, that there is no consistent underlying concept for this. Sam

@Tim Timperman, thanks for the tip. Very helpful!

That said, @Vera Tiago, any advice on the best way to implement a password reset functionality for our users, as we seem to have to implement this standard capability ourselves?

There's a component in forge that shows how to implement password reset functionality, for app end users. Take a look at Password Reset Flow Web, and let me know if it helps.

Thanks, @Vera Tiago. We're trying to implement things following the guidance of your Labs component. However, it does not inspire confidence that this is not officially supported. I'd expect that this kind of critical standard capability would come out of the box, or at least had some official best practices, as it has critical implications.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.