System Users
System users are service accounts with predefined credentials, designed for automated processes, API integrations, and background workflows. They are created with Employee-type contacts and automatically assigned to the Administrators user group.
Overview
System users support:
- Automated creation with configurable default credentials
- Bulk import through the module default data system
- Idempotent creation — existing users are returned without modification
- Automatic access rights via Administrator group assignment
Configuration
Configure system user defaults in appsettings.json:
{
"SystemUser": {
"DefaultUsername": "systemuser",
"DefaultPassword": "System@123",
"DefaultEmailPrefix": "system",
"DefaultEmailDomain": "localhost"
}
}
| Setting | Description | Default |
|---|---|---|
DefaultUsername | Base username when none is specified | systemuser |
DefaultPassword | Password for new system users | System@123 |
DefaultEmailPrefix | Email prefix ({prefix}@{domain}) | system |
DefaultEmailDomain | Email domain | localhost |
Import via Modules
System users can be bulk-created through the module default data import system using the systemuser entity type:
module:
name: Integration Users
application: System
defaultData:
- entity: systemuser
overwrite: false
keys: ["username"]
data:
- username: "webhook-receiver"
- username: "data-processor"
- {} # Uses DefaultUsername from configuration
Creation Process
- Validates the organization ID and finds its first division
- Checks if a user with the same username already exists — if yes, returns the existing user
- Creates the identity user with configured credentials
- Creates an Employee-type contact linked to the user
- Assigns the user to the organization's "Administrators" user group
Security Considerations
- System user passwords are stored in application configuration — use secure configuration management (e.g., Azure Key Vault, environment variables) in production
- System users receive Administrator-level access by default — consider creating dedicated user groups with restricted permissions for service accounts
- Each system user is created independently; errors in one do not affect others