To access the application, a user must have a User Name and Password established, as well as permissions, authorities, and rights assigned. Your financial institution sets up the security officer for your organization, and that person should sign in and set up the other company users. If dual control is required, a second security officer will have to verify each user record that is added, edited, or deleted before that record goes into effect. A notification link appears on the home page if there are any user records that need to be verified. You can easily identify these pending records on the Customer Users List page.
Note: The dual control option appears on the Customer Configuration page.
The user record includes general information, such as name, expiration, invalid login attempts, active status, the user's language (if applicable), and a display-only field that tracks the user's last login date and time. The record also maintains the application access designations: permissions, authorities, file load rights, and report rights. If desired, you may save time by copying an existing user's settings into a new user record. Permissions indicate the areas of the application that the user may access. Authorities indicate the specific actions that a user may perform within each category/subcategory. The File Load list contains the file types that this user may upload to the application. The Reports list contains the reports that this user may view, print, delete, and download. You can use these designations to separate duties and implement safeguards. For example, you can set up one user with authorities to create and edit transactions within a category, a second user with authority to verify transactions, and a third user with authority to authorize transactions.
In addition to the general information and access privileges, the user record allows you to choose which page will appear each time this user logs in to the application. By default, the application opens to the home page. The user, however, may only need to load ACH files. On the user record, you can change the user's start page from home to the File Transfer page for ACH files. If you are not the security officer, you may change your own start page through the Administration menu.
If a user has forgotten his/her password, the security officer can establish a new password for the user that expires immediately. This situation requires the user to create a new password the next time he/she accesses the application.
Note: The application has certain required security controls in place. For example, the User Name and Password values cannot be the same, and the previous eight passwords cannot be reused. In addition, if a user has not logged in within a set number of days (defined at the system level), they will be set to inactive in the system, and eventually removed after further days of inactivity.
To keep track of users and their settings, you can create a users report, if you have the appropriate permissions and report rights. You may also create a report of users that no longer have access to the application.