You are browsing upcoming documentation for version 6.1 of OroCommerce, scheduled for release in 2025. Read the documentation for version 6.0 (the latest LTS version) to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Manage Customer Users in the Back-Office 


This section is part of the Customer Management topic that provides a general understanding of accounts, contacts, customers, and customer hierarchy available in Oro applications.

Customer users act on behalf of the company (i.e., customers in Oro context) and may have a limited set of permissions in OroCommerce, depending on their function in the customer organization.

In the main menu, navigate to Customers > Customer Users for customer management.

In the Customer Users section, you can:

  • View, edit, and create new customer users.

  • Select their roles in OroCommerce to define their level of permissions and access to the actions and data in the OroCommerce storefront.

  • Manage customer user information (name, birthday, billing and shipping address, phone number, etc).

  • View requests for quotes, quotes, sales orders, and shopping lists created by the customer user.

  • View communication with the customer that happened using email, notes, or scheduled events.

  • View additional information attached to customer user.

  • Enable and disable the customer user.

  • Reset the customer user password.

  • Unlock the customer user locked out when the maximum number of login attempts is reached.

  • Add OAuth applications


You can delegate this function to the customer who will access user and role management in the OroCommerce storefront (see the Delegating Users and Role Management to the Customer section for more information).

Quick action buttons enable you to create a new address, order, and quote directly from the customer user view page. Click the button to open the required form for data input. The form can be displayed in a new browser tab, a popup dialog window, or replace the current page, depending on its system configuration.

Alternatively, click More Actions at the top right and select the entity to be created from the customer user view page.

Displaying the quick action buttons on the customer user view page

Customer Account Confirmation

Upon registration, a customer user receives an email confirmation request. Once they follow up with the requested action, their account is marked as confirmed.

The list of confirmed accounts

Hover over the More Options menu to the right of the necessary customer user to perform the following actions:

  • Disable a customer user.

  • View customer user details. Alternatively, click on the item to open its details page.

  • Edit customer user details.

  • Delete existing customer users.

Create a Customer User 

To create a new customer user:

  1. Navigate to Customers > Customer Users in the main menu.

  2. Click Create Customer User.

    The customer user creation form
  3. Select the Enabled checkbox to enable the user to log into the system and to do their work within it upon creation.

  4. Fill in the customer Name and other personal information.

  5. Select a customer this user represents.

  6. Select a parent customer if you are adding a subsidiary of the existing customer.

  7. Assign a sales representative who will be assisting this customer user. By default, the customer sales representative applies to the customer user.

  8. Select the Generate Password and Send Welcome Email checkboxes.

  9. Select the website of customer user registration. While the customer user may have access to other websites within the same organization, the email notifications concerning their user account will point to this website. See Managing Websites for more information.

  10. Select a Preferred Localization for the customer user. This field is displayed if more than one localization is enabled for any of the websites of the current organization. If you change the website for the customer user, you will need to select a new preferred localization.

  11. Add billing and shipping address as described in the Address Book section.

  12. In the Roles section, select the roles that should apply to the customer user. When several roles are selected, granted permissions are accumulated from all the assigned roles. See Managing Customer User Roles for more information.


    At least one role must be assigned if the Enabled checkbox is selected. Disabled customer users can be saved without roles, but you will need to assign roles to them later before enabling them.

  13. Click Save on the top right.

View Accepted Consents 

When at least one consent to process personal data has been accepted by a customer user in the storefront, you can view this information in the dedicated Consents section on the page of a particular customer user under Customers > Customer Users.

View the Consents section of a customer user

You can read more information on consent management in the following related topics:

Delegate Account Management to a Customer User 

You may want to delegate some of the customer user management capabilities to the customer users with an administrator role by enabling Account Management permissions and capabilities. See the Customer User Roles section for more information about permissions and capability management.

The list of account management capabilities

Impersonate a Customer User 


This feature is available in the Enterprise edition.

For troubleshooting purposes, user impersonation allows back-office users with the Login as Customer User role capability to access and operate the OroCommerce storefront as if they were logged in as a specific customer user. Such back-office user is redirected to the website assigned to the customer user they are impersonating (i.e., the website where the customer user registered).


Before proceeding, make sure this feature is enabled in the system configuration globally or per organization.

You can perform impersonation from the customer user grid or the selected customer’s view page.

To impersonate a customer user from the customer user grid, hover over the More Options menu to the right of the selected customer user and click .

Impersonating a customer user from the customer user grid

Click Log in as a User on the top right to impersonate a customer user from the customer user view page.

Impersonating a customer user from the customer user view page

The storefront session in impersonation mode opens in a new browser tab.

Impersonation mode in the storefront

To exit impersonation mode, click Log out in the blue banner.

Reset User Passwords 

An administrator can request the customer user to change their password by clicking the Reset Password button on the customer user’s profile page:


A customer user will receive an email with the link to update their password.


When resetting their password, users can only log into the application once their password is changed, in which case their password status changes to Reset in the back-office. The status switches to Active as soon as the customer user changes the password.


Alternatively, you can reset the password for a specific customer user from the grid of all customer users. For this, hover over the ellipsis menu at the end of the row of the selected customer user, and click Reset Password.


The same functionality is available for the storefront administrators.

You can change the contents of the password change email by updating the customer_user_force_reset_password email template of the Customer User entity.

The link in the email will have a refresh token to enable password change for a customer user. By default, this token and the reset password link in the email are valid for 24 hours from the moment the reset request is thrown.

An administrator can change this ttl in the configuration of the Customer bundle.

Add OAuth Applications 

Oro applications support OAuth 2.0 credentials authorization grant type to enable connection of third-party applications to the web API. To connect a third-party application, you need to add it and configure its pre-generated credentials in the back-office of your Oro application. These credentials are managed on user level which enables generation of different credentials for various applications across multiple organizations (the multi-org functionality is only available in the Enterprise edition).

Starting Conditions 

To be able to create an OAuth application, make sure that you generate private and public encryption keys and add them to the /var directory of the installed Oro application. Although the path to the keys is predefined, you can change it by providing your custom location in the config.yml file.


If no keys are found, the following warning message will be displayed in the back-office:

OAuth authorization is not available as encryption keys configuration was not complete. Please contact your administrator.

Add an Application 

To add a new OAuth application for a customer user in the back-office:

  1. Navigate to Customers > Customer Users in the main menu.

  2. Click on the name of your selected customer user to open their details page.

  3. In the OAuth Applications section, click Add Application and provide the following details in the pop-up dialog:

    • Organization — If you are adding an application within the organization with global access, you can select which other available organization to add the application to.

    • Application Name — Provide a meaningful name for the application you are adding.

    • Active — Select the Active checkbox to activate the new application.

  4. Click Create.

A corresponding notification is sent to the user’s primary email address, the owner of the OAuth application. You can change the default recipient, localization, or email content if needed by updating the OAuth email templates and the related notification rule set out-of-the-box in the system configuration.

Once the application is created, you are provided with a Client ID and a Client Secret. Click on the icon to copy the credentials to the clipboard.

OAuth credentials


For security reasons, the Client Secret is displayed only once – immediately after you have created a new application. You cannot view the Client Secret anywhere in the application once you close this dialog, so make sure you save it somewhere safe to access it later.

You can add as many applications as you need for any of your existing organizations. All added applications are displayed in the grid; you can filter them by name, organization, and status.


Use the More Options menu to edit, deactivate or delete an application.

Manage auth applications

Use the generated Client ID and Client Secret to retrieve an access token to connect to your Oro application.


For the aggregated information on all OAuth applications created by customer users in the back-office, refer to the general Customer User OAuth Applications topic.

Related Articles