User Management Guide
This document provides guidance for administrators on managing user accounts in the IWM Platform.
User Search and Filtering
Search Capabilities
Administrators can search for users using the following criteria:
| Search Field | Type | Description |
|---|---|---|
| Exact/Partial | User's email address | |
| User ID | Exact | UUID of the user |
| Phone Number | Exact | Registered phone number |
| Full Name | Partial | First name, last name |
| Referral Code | Exact | Partner referral code |
Filter Options
| Filter | Options | Description |
|---|---|---|
| Status | ACTIVE, SUSPENDED, PENDING, DELETED | Current account status |
| Registration Date | Date range | When account was created |
| KYC Status | PENDING, APPROVED, REJECTED, EXPIRED | Identity verification status |
| Partner Status | YES, NO | Whether user is a partner |
| Last Login | Date range | Most recent login timestamp |
| Email Verified | YES, NO | Email verification status |
Sort Options
| Sort Field | Direction | Description |
|---|---|---|
| Registration Date | ASC/DESC | Sort by account creation |
| Last Activity | ASC/DESC | Sort by recent activity |
| Name | A-Z/Z-A | Alphabetical sorting |
| A-Z/Z-A | Alphabetical by email |
Search Example
Search Query:
- Email contains: "gmail.com"
- Status: ACTIVE
- Registration Date: 2024-01-01 to 2024-06-30
- KYC Status: APPROVED
- Sort by: Last Activity DESC
- Limit: 50 resultsUser Detail View
Profile Information
| Section | Fields |
|---|---|
| Basic Info | User ID, Email, Phone, Full Name, Avatar |
| Account Info | Status, Registration Date, Email Verified, Last Login |
| KYC Info | Status, Verification Date, Document Type, Expiry |
| Security | 2FA Enabled, Password Last Changed, Failed Login Attempts |
Activity Summary
| Metric | Description |
|---|---|
| Total Orders | Number of completed orders |
| Total Spent | Sum of all order amounts |
| Last Order Date | Most recent order timestamp |
| Sessions | Active session count |
| Login History | Recent login attempts with IP/location |
Partner Information (if applicable)
| Section | Fields |
|---|---|
| Partner Profile | Partner ID, Referral Code, Sponsor, Status |
| Rank | Current Rank, Highest Rank, Rank History |
| Team | Direct Referrals Count, Total Network Size |
| Earnings | Available Balance, Pending Balance, Total Earned |
Orders History
| Column | Description |
|---|---|
| Order ID | Unique order identifier |
| Date | Order creation date |
| Status | Current order status |
| Total | Order amount |
| Items | Number of items |
| Actions | View details, Download invoice |
User Actions
Edit Profile (Admin Override)
Administrators can modify user profile information with elevated privileges.
Editable Fields:
| Field | Notes |
|---|---|
| First Name | Requires reason for change |
| Last Name | Requires reason for change |
| Phone Number | Triggers re-verification if changed |
| Date of Birth | Requires KYC re-verification |
| Address | May affect shipping, requires confirmation |
Process:
1. Navigate to User Detail > Edit Profile
2. Modify required fields
3. Enter reason for modification (mandatory)
4. Review changes
5. Confirm with admin password/2FA
6. Changes logged to audit trailAudit Log Entry:
| Field | Value |
|---|---|
| Action | USER_PROFILE_MODIFIED |
| Admin ID | [Admin who made change] |
| User ID | [Affected user] |
| Fields Changed | [List of modified fields] |
| Old Values | [Previous values] |
| New Values | [Updated values] |
| Reason | [Admin-provided reason] |
Change Email
Standard Process (with verification):
1. Navigate to User Detail > Change Email
2. Enter new email address
3. System sends verification to NEW email
4. User clicks verification link
5. Email updated upon verification
6. Notification sent to OLD emailAdmin Override (bypass verification):
| Requirement | Description |
|---|---|
| Permission | admin.user.email.override |
| Reason | Mandatory justification |
| Notification | Sent to both old and new email |
| Audit | Full action logged |
Override Process:
1. Navigate to User Detail > Change Email
2. Enter new email address
3. Check "Bypass email verification"
4. Enter reason for bypass (mandatory)
5. Confirm with admin 2FA
6. Email changed immediately
7. Notifications sent to both addressesUse Cases for Override:
- User lost access to old email
- Old email domain no longer exists
- Support request with identity verification via other means
Reset Password
Available Actions:
| Action | Description | User Experience |
|---|---|---|
| Send Reset Link | Standard password reset email | User clicks link, sets new password |
| Force Reset on Login | User must change password at next login | Prompted after authentication |
| Generate Temporary Password | Admin creates temp password | Shared via secure channel |
Process - Send Reset Link:
1. Navigate to User Detail > Security > Reset Password
2. Click "Send Reset Link"
3. Confirm action
4. Reset email sent to user
5. Link valid for 24 hours
6. Action loggedProcess - Generate Temporary Password:
1. Navigate to User Detail > Security > Reset Password
2. Click "Generate Temporary Password"
3. Enter reason (mandatory)
4. Confirm with admin 2FA
5. Temporary password displayed (one-time view)
6. Share with user via secure channel
7. Password expires in 24 hours if unused
8. User forced to change on first loginSuspend Account
Suspension Reasons:
| Reason Code | Description | Duration |
|---|---|---|
FRAUD | Suspected fraudulent activity | Indefinite |
CHARGEBACK | Multiple chargebacks | Until resolved |
TOS_VIOLATION | Terms of Service violation | Varies |
SECURITY | Security concern (compromised) | Until verified |
ADMIN_REQUEST | Other administrative reason | Varies |
USER_REQUEST | User requested suspension | Until reactivation request |
Suspension Process:
1. Navigate to User Detail > Account > Suspend
2. Select suspension reason
3. Enter detailed justification
4. Select suspension duration:
- Temporary (specify end date)
- Indefinite (requires manual reactivation)
5. Choose notification options:
- Notify user via email
- Include reason in notification
- Include appeal instructions
6. Confirm with admin 2FA
7. Account status changed to SUSPENDED
8. Active sessions terminated
9. Notification sent (if selected)Suspension Effects:
| System | Effect |
|---|---|
| Login | User cannot log in |
| Sessions | All active sessions invalidated |
| Orders | Cannot place new orders |
| Partner | Cannot earn commissions |
| Payouts | Pending payouts held |
| API Access | All API tokens revoked |
Reactivate Account
Prerequisites:
| Requirement | Description |
|---|---|
| Original Suspension | Must have documented reason |
| Resolution | Issue causing suspension resolved |
| Approval | Senior admin approval for fraud/chargeback |
Reactivation Process:
1. Navigate to User Detail > Account > Reactivate
2. Review suspension history
3. Enter reactivation reason
4. Select any conditions:
- Require password change
- Require KYC re-verification
- Place on monitoring for X days
5. Confirm with admin 2FA
6. Account status changed to ACTIVE
7. User notified via emailDelete Account (Soft Delete)
Delete vs. Hard Delete:
| Type | Action | Recovery | Data Retention |
|---|---|---|---|
| Soft Delete | Status set to DELETED | Recoverable for 90 days | All data retained |
| Hard Delete | Data removed | Not recoverable | Per retention policy |
Soft Delete Process:
1. Navigate to User Detail > Account > Delete
2. Review account status:
- Outstanding orders
- Pending payouts
- Partner downline impact
3. Select deletion reason
4. Acknowledge data retention notice
5. Confirm with admin 2FA
6. Account status changed to DELETED
7. User notified via email
8. Scheduled for hard delete after 90 daysData Retention After Soft Delete:
| Data Type | Retention | Reason |
|---|---|---|
| Order History | 7 years | Legal/tax requirements |
| Financial Transactions | 7 years | Legal/tax requirements |
| Audit Logs | 10 years | Compliance |
| Personal Data | 90 days | Recovery window |
| Partner Network | Reassigned | Business continuity |
Hard Delete Process (after 90 days or immediate):
| Step | Action |
|---|---|
| 1 | Verify 90-day retention period passed (or special approval) |
| 2 | Export required compliance data |
| 3 | Anonymize personal data in historical records |
| 4 | Remove personal data from active systems |
| 5 | Log deletion completion |
Viewing User Activity Log
Activity Log Contents
| Event Type | Description |
|---|---|
LOGIN | Successful login |
LOGIN_FAILED | Failed login attempt |
LOGOUT | User logged out |
PASSWORD_CHANGED | Password was changed |
EMAIL_CHANGED | Email address changed |
PROFILE_UPDATED | Profile information modified |
ORDER_PLACED | New order created |
ORDER_CANCELLED | Order was cancelled |
KYC_SUBMITTED | KYC documents submitted |
PAYOUT_REQUESTED | Payout request created |
Log Entry Details
| Field | Description |
|---|---|
| Timestamp | Exact time of event |
| Event Type | Category of activity |
| IP Address | Source IP |
| User Agent | Browser/device info |
| Location | Geo-IP derived location |
| Metadata | Event-specific details |
Filtering Activity Log
| Filter | Options |
|---|---|
| Date Range | Start and end date |
| Event Type | Single or multiple types |
| IP Address | Specific IP or range |
| Status | Success/Failure |
Viewing User Sessions
Session Information
| Field | Description |
|---|---|
| Session ID | Unique identifier |
| Device | Device type and OS |
| Browser | Browser name and version |
| IP Address | Connection IP |
| Location | Geo-IP location |
| Created At | Session start time |
| Last Activity | Most recent activity |
| Status | Active/Expired |
Session Actions
Revoke Single Session:
1. Navigate to User Detail > Security > Sessions
2. Locate target session
3. Click "Revoke"
4. Confirm action
5. Session immediately invalidated
6. User logged out on that deviceRevoke All Sessions:
1. Navigate to User Detail > Security > Sessions
2. Click "Revoke All Sessions"
3. Enter reason (mandatory)
4. Confirm action
5. All sessions invalidated
6. User logged out on all devices
7. User must log in againUse Cases:
- Account compromise suspected
- User lost device
- User request
- Pre-emptive security measure
Impersonation (Login as User)
Purpose
Impersonation allows administrators to access the platform as the user for support purposes.
Prerequisites
| Requirement | Description |
|---|---|
| Permission | admin.user.impersonate |
| 2FA | Admin must have 2FA enabled |
| Reason | Must document reason for impersonation |
| Time Limit | Session expires after 30 minutes |
Impersonation Process
1. Navigate to User Detail > Support > Impersonate
2. Enter reason for impersonation (mandatory)
3. Acknowledge impersonation policy
4. Confirm with admin 2FA
5. New browser tab opens with user's view
6. Admin bar shows impersonation mode
7. All actions logged with admin attribution
8. Session expires after 30 minutes or on exitImpersonation Restrictions
| Action | Allowed |
|---|---|
| View orders | Yes |
| View profile | Yes |
| Navigate platform | Yes |
| Place orders | No |
| Request payouts | No |
| Change password | No |
| Modify payment methods | No |
| Delete account | No |
Audit Trail
Every action during impersonation is logged:
| Field | Value |
|---|---|
| Action Type | IMPERSONATION_[ACTION] |
| Admin ID | Admin performing impersonation |
| User ID | Impersonated user |
| Action | Specific action taken |
| Timestamp | When action occurred |
Bulk Actions
Export Users
Export Options:
| Format | Use Case |
|---|---|
| CSV | Spreadsheet analysis |
| JSON | System integration |
| Excel | Business reporting |
Exportable Fields:
| Category | Fields |
|---|---|
| Basic | User ID, Email, Name, Phone, Status |
| Dates | Registration, Last Login, Email Verified |
| KYC | Status, Verification Date |
| Partner | Partner Status, Rank, Referral Code |
Export Process:
1. Apply search filters to select users
2. Click "Export"
3. Select format
4. Select fields to include
5. Review data privacy notice
6. Confirm export
7. Download file (or receive via email for large exports)Bulk Status Changes
Available Bulk Actions:
| Action | Description | Approval Required |
|---|---|---|
| Suspend | Suspend multiple users | Yes |
| Reactivate | Reactivate multiple users | Yes |
| Force Password Reset | Require password change | No |
| Revoke Sessions | Log out all selected users | No |
Bulk Action Process:
1. Apply search filters
2. Select users (checkbox or "Select All")
3. Click "Bulk Actions"
4. Select action
5. Enter reason (mandatory)
6. Review affected user count
7. Confirm with admin 2FA
8. Action executed in background
9. Receive completion notificationUser Notes and Internal Flags
Internal Notes
Administrators can add internal notes to user accounts.
Note Fields:
| Field | Description |
|---|---|
| Note Text | Free-form text (max 2000 chars) |
| Category | Support, Compliance, Finance, General |
| Priority | Low, Normal, High |
| Visibility | All Admins, Specific Roles |
| Created By | Admin who created note |
| Created At | Timestamp |
Adding Notes:
1. Navigate to User Detail > Notes
2. Click "Add Note"
3. Select category
4. Select priority
5. Enter note text
6. Select visibility
7. Save
8. Note appears in user's notes timelineInternal Flags
Flags provide quick visual indicators on user accounts.
Available Flags:
| Flag | Color | Description |
|---|---|---|
| VIP | Gold | High-value customer |
| Watch | Orange | Under monitoring |
| Risk | Red | High-risk account |
| Verified | Green | Manually verified by admin |
| Test | Gray | Test account |
| Partner Priority | Blue | Priority partner support |
Flag Management:
1. Navigate to User Detail > Flags
2. Click flag to toggle on/off
3. Enter reason when adding flag
4. Flag history visible in notesFlag Effects
| Flag | System Behavior |
|---|---|
| VIP | Priority support queue, extended limits |
| Watch | Increased logging, review on large transactions |
| Risk | Manual review on all financial actions |
| Verified | Reduced friction on sensitive actions |
| Test | Excluded from analytics and reporting |