Add a User

Last Updated: May 12, 2021
documentation for the dotCMS Content Management System

As mentioned in the User Management documentation, there are two basic types of dotCMS users: backend and frontend.

To create individual users:

  1. Select System -> Users to open the Users screen.
  2. Click the Add User button.
  3. Enter the basic user information as illustrated in the image below:

Adding new user data.

User and Password Requirements

User Name Requirements

When you create a new user account, the First Name and Last Name are checked to ensure they meet the validation requirements specified for your site.

By default, dotCMS is configured to require name fields to contain 1 or more alphanumeric characters (a-z, A-Z, or 0-9). All standard UTF-8 characters, in all languages, are allowed.

Although it can be modified via plugin, this is the default UserName.regexp.pattern validation property in the file:


Please see the examples below for custom variations to the user name is validation.

Important Notes:

  • It is strongly recommended that all changes to the file be made through a ROOT folder plugin.
  • Whenever a user name is displayed on a page on your site, control characters contained in the user name - such as angle brackets (< and >), will be invalidated. These characters should not be allowed.
    • The use of $ and # is allowed by default, and will not execute when calling $user.firstName or $user.lastName (for example), in a Velocity widget.
    • Characters that are not UTF-8 may cause issues with the username, and should not be allowed.

Password Requirements

When a user attempts to change their password, the new password entered by the user is checked to ensure it meets the security requirements set for your site.

By default, dotCMS is configured to require every password to contain a minimum of 6 characters.


However you may change dotCMS to increase or change the password requirements for users of your site. For more information on configuring password security, please see the Password Security Configuration documentation.

Custom Validation

Example 1: Restrict the Minimum and Maximum Length

The following value of the UserName.regexp.pattern property changes the default pattern to reject user names which are shorter than 6 characters or longer than 20 characters.


Example 2: Prevent User Names from Beginning with a Digit

The following value of the UserName.regexp.pattern property modifies the pattern from the previous example to ensure that user names may not begin with a digit (0-9). Note that because this pattern specifies the first character explicitly, the values which specify the string length are reduced by one (to 5 and 19).


Important Note

The dotCMS distribution is configured by default with minimal security to ease installation, evaluation, and testing of the dotCMS starter site. Therefore the default values of all password validation properties are set to the minimum security levels.

It is strongly recommended that you increase the password security settings for your site before publishing it.

On this page


We Dig Feedback

Selected excerpt: