An administrator user has full access to the system. They can access the system log, a special admin tools section that lets them get "under the hood". Also they can see all of the users and can reset their passwords. Default roles, that are normally applied to all users, will not be applied to admin users, so certain filters (such as the inability to access other user records) do not apply if the user is an admin, allowing them to access all users and all actions.

A user is made an admin by setting the "Is Admin" flag on the user record to "Yes". Only an administrator can do this, and by default a user is not an administrator.

In addition to admin users defined in the Users tab, every WorkflowFirst application has a special login called the 'system admin' login. The 'system admin' login has full access to everything in the entire application, so it should be guarded carefully. It is used to first access the application and set everything up, including the users (see the next section). The username and password for this login is entered in the application configuration record from within WorkflowFirst. If you want to disable the admin user entirely, then just make the admin user name blank. Note: you will need to republish the application after making these changes.

Alternatively, if you add a user in your application with the same name as the system admin login, it will override that system admin login. This lets you override the password for the system admin, for example. It is recommended that you retain the system admin login and override it with a new user in the Users tab. This way, if the database gets corrupt somehow, then you will still be able to access the system using the original system administrator login, and you retain the ability to control the system admin password without having to republish the application.

An even more secure way of controlling logins is by using Active Directory, where no passwords are stored in the system database, but instead are stored in the Active Directory. For more information see the section on custom authentication.