Adding new groups consists of defining the following information for each group:
The group name
The group profile
Password settings (e.g., minimum and maximum password length)
General settings (e.g., password expiration and temporary account criteria)
Security settings (e.g., allowed number of password failures and whether to lock or suspend users when the allowed number is exceeded)
Application settings (the access control settings on the group level for users in the specific group)
Group permissions
All group details are automatically inherited from the system settings unless you modify them on the group level during definition. In this case, any settings modified on the group level override the settings inherited from the system level.
NOTE: The Add Group window appears differently depending on whether or not your system is using LDAP.
To add a new group:
1. In the User Management Admin window, select the Groups tab.
2. Do one of the following:
From
the User Management toolbar, click Add New 
.
From the Tools menu, select Add New.
Right-click in the list and select Add new group.
The Edit Group Settings (Add Group) window appears.
3. In the Group Name field, enter a logical name for the new group (for example, radiologists).
4. In the Profile drop-down menu choose one of the profiles.
NOTE: If the group has a profile entitled NONE, certain features are not available for use.
5. Enter the group’s password syntax settings:
Minimum password length: The fewest characters required for each user’s password.
Maximum password length: The most characters allowed for each user’s password.
Minimum numeric chars: The fewest numeric characters required for each user’s password.
Maximum consecutive chars: The most consecutive identical characters allowed in each user’s password.
6. Enter the group’s general settings:
Identical password check: This prevents the user from using a password that is identical to the previous [x] number of passwords used. Enter the required number. For example, if you enter 3, then a user can use a password only if it was not used as one of the last three passwords.
Temporary account valid (days): The length of time that a defined temporary user is allowed access to the system (beginning from the first login). This option only appears when one or more temporary users have been defined in the system.
Expiration options:
Password never expires: The password never needs to be changed.
Password expires after (days): Enter the required number of days. When this limit is reached, users receive a message that their password has expired and must be changed.
7. Enter the group’s password failures settings, as follows:
Allowed number of password failures: The number of times a user can enter an incorrect password before being locked out of the system (failed attempts).
When number exceeds limit: When a user exceeds the defined number of password failures, one of these actions happens:
Lock user: The user is locked and cannot access the system until the administrator unlocks the user.
Suspend user. Duration in minutes: The user is locked out for the defined “timeout” period. In this case, the user can wait until the timeout period has passed or request to be unlocked by the administrator.
CAUTION: Unsuccessful attempts to log into the application with a valid user name but an incorrect password are not recorded in the Audit Trail. In the Edit System Settings window, go to the Password Failures Settings pane and verify that “Allow number of password failures” is set to 5 and “Suspend user duration in minutes” is set to 30. A user can be manually locked out of the system.
8. Define the access control settings, as required.
See Access Control Management Tool for more information.
NOTE: Selecting these options lets you configure the relevant settings for those applications on the group level.
9. Edit group permissions.
10. Click Add.
The new group is added to the list of groups displayed in the User Management Admin window Groups tab.