You are browsing documentation for version 5.1 of OroCommerce, supported until March 2026. Read the documentation for version 6.0 (the latest LTS version) to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

My User 


The provided description covers fields and features that are default or commonly used. The actual set of available elements may vary depending on your role and other system settings.

When you log into the Oro application, you can always find a link to your user page under the menu below your username. This is a fast way to access your user profile, calendar, mailbox, and task list.

Explore Your User Page 

Several practical tools and actions are available on your user profile page, from configuring your profile to generating an API key for third-party applications. In particular, from the page of your user profile, you can:

  1. View your full name, avatar, and system information such as status, login count, date, and time of the last login.

    • The first status shows that you are granted rights to use the system. The second status is called an authentication status and shares the state of your password. As you can see your user page only when you are logged into the system, you will always see Enabled as the first status and Active as the second one. When an administrator views your page, they can see the values of your status.

      View the statuses of the user profile
    • You can also check which business unit owns your user record. Click on the owner name (e.g., Acme, General ) to open the page of the corresponding business unit. If you are logged into the organization with global access (i.e., a technical organization that aggregates data from all organizations created in the system), then in brackets, you will see the name of the organization that owns the user.

      View the business unit of the user record
    • You can also see who, how, and when modified your profile by clicking Change History link.

  2. Access user-level configuration options.

    In particular, you can set up localization, language, display settings, update email configuration details, and configure customer-visible contact information in the storefront. Read more about the available settings in the relevant User-Level Configuration section of the documentation library.

  3. Edit your user profile.

    To update your profile details, click Edit on the top right of the page. You can update your credentials, change the password, upload a new avatar, and update email details on the edit page.

  4. Perform actions available under the More Actions menu:

    The More Actions menu with available options


    Non-default buttons can be added to More Actions menu. If you see non-default buttons such as Add Task, Add Event, or Add Attachment, please refer to the Activities guide for more information.

  5. View your profile details aggregated under 3 sections: general information, activity, and additional information.

    • In the General Information section, you can view the details of your profile, create an API key.

    • In the Activity section, you can see the emails you sent and the calls you logged. If a user mentions you as a context for their activity, this activity also appears on the list. See the Activities topic for more information on activities available in the Oro application.

    • In the Additional Information section, you can view and manage tasks and cases related to you. See the Activities topic for more information on activities available in the Oro application.

Generate an API Key 

When a third-party software requires an API key to integrate with your Oro application, you can generate it on your profile page.

  1. Click on your user name on the top right of the screen.

  2. Click My User.

  3. In the General Information section, click Generate Key next to the API Key label.

    The Generate key button
  4. Copy the generated key and use it where required.


One user can have only one API key at a time. When you generate a new key, the old key becomes invalid.

Change Your Password 

You can change your password to the Oro application in 3 ways:

  • When editing your user profile.

  • Using the More Actions menu on your user profile page.

  • By resetting it using the More Actions menu on your user profile page.


We recommend changing your password after the first login unless you use a Google account or corporate-wide credentials.

To change your password when editing your user profile:

  1. Click on your user name on the top right of the screen.

  2. Click My User.

  3. On the page of your profile, click Edit.

  4. In the Password section, provide the following information:

    • Password — Provide your current password.

    • New Password – Provide a new password. It must be at least eight characters long and include a lower case letter, an upper case letter, and a number

    • Repeat New Password – Confirm the new passport by typing it in again.

  5. Click Save. The new password will be sent to your primary email address.

To change your password via the More Actions menu:

  1. Click on your user name on the top right of the screen.

  2. Click My User.

  3. On your profile page, click More Actions > Change Password.

    The change password popup dialog
  4. Provide a new passport in the corresponding field. Alternatively, click Suggest Password to generate a secure random password. To see/hide the entered password, click the Show / Hide icon next to the New password field.

  5. Click Save. The new password will be sent to your primary email address.

To reset your password via the More Actions menu:

Only administrators can reset passwords.

  1. Click on your user name on the top right of the screen.

  2. Click My User.

  3. On your profile page, click More Actions > Reset Password.

  4. In the dialog box, click Reset. The password reset link will be sent to your (admin) primary email address.

Add OAuth Applications 

Oro applications support OAuth 2.0 credentials authorization grant type to enable connection of third-party applications to the web API. To connect a third-party application, you need to add it and configure its pre-generated credentials in the back-office of your Oro application. These credentials are managed on user level which enables generation of different credentials for various applications across multiple organizations (the multi-org functionality is only available in the Enterprise edition).

Starting Conditions 

To be able to create an OAuth application, make sure that you generate private and public encryption keys and add them to the /var directory of the installed Oro application. Although the path to the keys is predefined, you can change it by providing your custom location in the config.yml file.


If no keys are found, the following warning message will be displayed in the back-office:

OAuth authorization is not available as encryption keys configuration was not complete. Please contact your administrator.

Add an Application 

To add a new OAuth application in the back-office:

  1. Click on your user name on the top right of the screen.

  2. Click My User.

    Profile menu
  3. In the OAuth Applications section, click Add Application on the top right and provide the following details in the pop-up dialog:

    Add an oauth application
    • Organization — If you are adding an application within the organization with global access, you can select which other available organization to add the application to. This field is displayed to users with access to multiple organizations (available for the Enterprise edition only).

    • Application Name — Provide a meaningful name for the application you are adding.

    • Active — Select the Active checkbox to activate the new application.

  4. Click Create.

A corresponding notification is sent to the user’s primary email address, the owner of the oauth application. You can change the default recipient, localization, or an email content if needed by updating the OAuth email templates and the related notification rule set out-of-the-box in the system configuration.

Once the application is created, you are provided with a Client ID and a Client Secret. Click on the icon to copy the credentials to the clipboard.

OAuth credentials


For security reasons, the Client Secret is displayed only once – immediately after you have created a new application. You cannot view the Client Secret anywhere in the application once you close this dialog, so make sure you save it somewhere safe to access it later.

You can add as many applications as you need for any of your existing organizations. All added applications are displayed in the grid; you can filter them by name, organization, and status.


Use the More Options menu to edit, deactivate or delete an application.

Manage auth applications

Use the generated Client ID and Client Secret to retrieve an access token to connect to your Oro application.


For the aggregated information on all OAuth applications created by users in the back-office, refer to the general OAuth Applications topic.

Configure User-Level Settings 

Read the My Configuration topic for the details on configuring available system settings for a particular user.

Related Topics