5. User management
On the User Management page, you can:
- create new users
- manage users’ passwords
- deactivate users that are no longer active in the company
- edit user details
The permitted number of users is displayed on the "User Management" menu page. Once the permitted number of users has been reached, the “New User” button will be disabled.
5.1 Create a new user
You can create a new user by clicking the “New User” button on the User Management page. The form that is displayed must be completed in order to submit a new user.
5.1.1 Pre-initialised details
The form contains three pre-initialised data fields:
- REFID: name of entity the UserID is linked to (e.g. for a merchant his PSPID).
- User Type: type of entity the UserID is linked to (e.g. for a merchant: “PSPID”).
- User created by: the UserID of the user creating this new user / his user type / his REFID.
5.1.2 User details
The user details that need to be completed are:
- USERID: the UserID (username) for the new user (min. 3 and max. 20 characters long, no spaces or special characters).
- User’s name: the new user’s full name.
- Email address: the new user’s email address (if in future a new password is triggered for this user, it will be sent to this email address).
5.1.3 Time zone
With the creation of a user, automatically the time zone of the PSPID is applied. Afterwards, the user can configure the time zone of his choice.
The time zone that the user chooses is applicable for all the back-office pages where the time is relevant. This way the user can also view and download transactions and files/reports in his own preferred time zone.
Moreover the time can automatically be adjusted to daylight saving changes, by selecting the same option.
See User profiles.
5.1.5 Scope limited to user
This can only be configured for the following profiles:
- Super-encoder without refund
If enabled, Encoders will only be able to see and access transactions they have entered/initiated themselves. They will not be able to see/access any transactions entered by other users.
If enabled, the Super-encoders will only be able to see, access and perform maintenance operations on transactions they have entered/initiated themselves except for maintenance operations that are submitted via file upload. They will not be able to see/access/perform maintenance operations on any transactions that other users have entered.
5.1.6 Special user for API
If you want to create an applicative user (API user), you have to enable this option. The user you create will only be permitted application access and not back-office access via the website.
5.1.7 Access rights
The Reconciliation, Fraud detection, Payment methods and Technical information access rights can be enabled with their respective checkboxes.
These options can only be configured for the following profiles:
- Admin without user management
You can submit the user settings you entered by clicking the “Create” button. If any of the information has been incorrectly filled out, an error message will be displayed. Instead of the newly created user being sent his first password by email, a screen will be displayed showing the password our system created for him. This password can then be communicated to the new user.
5.2 Password management
You can send a new password to a specific user by clicking the “Send new password” button. The new password will be sent to the email address configured in the user’s details.
You cannot assign a new password to the user you logged on with yourself, or to the account’s default user.
If the account’s default user has lost his password, he can only request a new password via the “Lost your password?” link on the login page. On the next page, he should complete the PSPID and click the “Submit” button. An email containing a new password will be sent to the account's administrative e-mail address.
For API users there is no “Send new password” button. To change an API user's password, you have to use the "Change password" button. You will be redirected to a page where you can change the password manually.
For added security, you can also activate or deactivate two-factor authentication (2FA). Click here for more information.
5.3 Deactivate users
You can set a user to "inactive" by clicking the “Deactivate” button next to the user. When a user is inactive he is no longer allowed to log into the account and is no longer taken into account for the permitted number of users.
To display a full list of users (both active and inactive), you can click the “Show inactive users” button.
To be PCI compliant and for security reasons, you/we are not allowed to delete users.
5.4 Edit user details
To change a specific user’s details, you can click the “Edit” button next to that user. In the case of the default account user, only the name and email address can be changed.
5.5 IP address
To protect against unauthorized access to the Back-Office merchant accounts, users can give access to a specific IP address (or list of IP addresses) by registering the address(es) in the IP address field.
Users must log in using their account in order to configure this field. The IP address field is in Login Access under the Configuration > Users tab.
5.5.1 IP address user restrictions
Users will not be able to connect to the Back-Office if the IP address does not exist in the defined range.
However, if the IP address field is left blank then there will be no IP restrictions to the Back-Office.
The IP address of the administrator configuring the IP range must also be included in the defined range. Otherwise, the administrator will receive an error message and the IP address will not be saved.
5.5.2 IP address format and value
A strict IP address format must also be followed:
- CIDR compliant, for example: 220.127.116.11/32.
- Have a maximum length of 512 characters.
- If you want to register multiple IP addresses, semi-colons must be used to separate them.