LogoLogo
BlogLogin
English
English
  • An Introduction to Saferpay
    • Licensing
      • Legacy licensing
    • Reconciliation
    • Acquirers & Payment Methods
    • Web Shop Plugins and certified partners
      • ePages Beyond
      • ePages NOW
      • Magento 2
      • Odoo
      • PrestaShop
        • PrestaShop User Guide
      • Salesforce Commerce Cloud
      • SAP Commerce Cloud
      • Shopware 6
        • Shopware 6 User Guide - German
        • Shopware 6 User Guide - English
      • WordPress WooCommerce
      • Shopify
    • Supported Languages
    • Common Saferpay terms - Glossary
  • News
    • Changes for transactions without customer presence
    • Changes for the Saferpay Hosted Forms, Fields and Payment Page
  • Quick Links
    • Web Shop Plugins and certified partners
    • Secure PayGate
    • User Administration
    • Payment Page Configuration
    • Risk Management
    • API Authentication
  • Interfaces
    • Payment API (aka JSON API)
    • Management API
    • Backoffice
      • The Home screen
      • Batch Processing
      • Transactions
        • Transaction Details
        • Batch Close
        • Declined transactions
        • Pending authorizations
        • Analytics
        • SEPA Refunds Export
        • Authorization & Payment
        • Credit
      • Risk Management
      • Secure PayGate / Payment Links
      • Secure Card Data
        • Secure Card Data Details
      • Settings
        • JSON API basic/Client Certificate authentication
        • User Administration
        • Payment Page Configuration
      • Online Support
      • User Profile
    • Saferpay OnSite
    • Feedback
  • Integration Guide
    • Integrating Saferpay
    • General Information
      • Data Security and PCI DSS
      • Versioning
      • 3-D Secure
      • Payment Service Directive 2 - PSD2
      • Dynamic Currency Conversion
      • Iframe Integration and CSS
    • Ways of integration
      • Payment Page
        • Payment Page checklist
      • Transaction Interface
        • Recurring Payments
        • Refunds
          • SEPA Refunds
      • Capture and Daily Closing
        • Partial Captures
          • Marketplace
      • Secure Card Data - Tokenization
      • Saferpay Fields
      • Inquire Interfaces
      • Mobile Integration
      • Omni-Channel
      • Fraud Intelligence
        • Silver
        • Fraud Intelligence Integration
      • Mail Phone Order
      • Error Handling
      • API Health Check
      • Saferpay API Specification
    • Payment Methods & Wallets
      • General and special cases
      • Account-to-Account Payments
      • Alipay+
      • Apple Pay
      • American Express
      • Bancontact
      • Billie
      • blik
      • Click to Pay
      • Diners Club International & Discover Card
      • eps
      • giropay
      • Google Pay
      • iDEAL 2.0
      • JCB
      • Klarna Payments
      • Maestro International
      • Mastercard
      • paydirekt
      • PayPal
      • PostFinance Pay
      • Przelewy24
      • Reka
      • SEPA Direct Debit
      • Sofort by Klarna
      • TWINT
      • UnionPay
      • Visa & V PAY
      • WeChat Pay
      • WL Crypto Payments
    • Testing
    • Go-Live
    • Frequently Asked Questions
    • Saferpay Demo
      • Saferpay Demo Environment
      • Saferpay Demo Shop
    • Support
    • Changelog
Powered by GitBook
On this page
  • User Administration
  • Merchant Administrator
  • Backoffice Users
  • Roles and permissions
  • Create new users and assign roles
  • Location-based permissions
  • How can a verified user activate its account?
  • How can an unverified user activate its account?
  • User Login
  • Password Reset Handling
  • Locked user Handling
  • Edit, Enable/Disable, or Delete a user
  • 2FA reset
  • Known Limitations
  • Multi-Customer Access
  • Activate a multi-customer access user account
  • Switch between user accounts
  • Merchant Alias for Customer ID
  • First Login

Was this helpful?

  1. Interfaces
  2. Backoffice
  3. Settings

User Administration

PreviousJSON API basic/Client Certificate authenticationNextPayment Page Configuration

Last updated 2 months ago

Was this helpful?

The User Administration allows Saferpay Backoffice user accounts to be administrated independently via the Saferpay Backoffice. Provided that the required permission has been activated, the corresponding menu item can be found under "Settings" --> "User Administration" or under the following URL: https://www.saferpay.com/BO/Settings/UserManagementOverview

In this chapter you will find all the necessary information.

User Administration

Merchant Administrator

The Merchant Administrator manages the users of the currently selected Saferpay account. The administrator has the possibility to assign the role "Merchant Administrator" to further users created via Backoffice. Merchant Administrators cannot edit their own profiles. Merchant Administrators can also create Multi-Customer Users. Once created, the Merchant Administrator can still edit user permissions and status, but not user data. This data can only be edited by users themselves.

Backoffice Users

In this menu ("Settings" --> "User Administration"), the existing users are displayed and new users can be created. Via the link "Details" the data of an existing user can be adjusted and the assigned roles can be changed.

Currently, only user accounts created by a merchant administrator are listed here. With a later Saferpay release, the list will also include all existing user accounts.

Currently, a user cannot be deleted. But if you want to prevent a user from accessing the backoffice, you can set its status to disabled. See chapter Enable/Disable a user.

The following statuses are possible:

  • Activation link was sent: User has not yet called the activation link.

  • Active: User is active and can log into the back office

  • Deactivated: User is disabled by merchant administrator and cannot log into the back office

  • Locked: User is locked (e.g. due to too many failed login attempts or inactivity)

  • Password expired: Password expired

Roles and permissions

The following matrix shows all available roles and the corresponding permissions. These can also be viewed in the Saferpay Backoffice under "Settings" --> "Roles and permissions" or via the following link: https://www.saferpay.com/BO/Settings/RolesPermissionsTable

Create new users and assign roles

User administrators can create new users in the Saferpay Backoffice. Different roles are assigned to each user, which influence which permissions and accesses a user receives.

There are two different types of users:

  • Individual unique e-mail address (Verified)

    An activation email is sent directly to the specified email address.

Using this user type is recommended.

Since sensitive data is sent to the user's email address, e.g. to activate the user account or reset the password, it is essential that each user is assigned a personal email address to which only the individual user has access. Avoid using group mailboxes.

  • System-generated username (Unverified)

    The username is generated by the system. The activation link must then be sent to the user manually.

Using this user type is not recommended, and should only be used if the user does not have their own email address. Without an email address, some features may not be usable.

Location-based permissions

For bigger Saferpay accounts, it may be desireable, or even necessary to restrict the user-access to certain transactions and terminals, based upon their location.

One example could be a hotel-chain with multiple locations, restricting certain user-access to these locations, so certain users can only do actions and see transactions, that were made by that specific location. It is also possible to extend the permissions of a user to multiple locations, if need be.

Merchant administrators do have the ability to restrict user access to certain locations and their attached terminals. This is also important to understand: These permissions are not linked to a terminal, but a location. A terminal can then be linked to that location, effectively enabling you to limit the access to that specific terminal.

However a location also enables you to link multiple terminals to one location, if you want to. For example one terminal for your webshop, one for the Secure PayGate and one for Mail Phone Order, that are all for this one location. This construct can then be applied to every location you want, so each one has its own set of terminals, but all held under one roof, one Saferpay account.

Activation

The activation is very simple and only requires a few steps during user-creation.

This checkbox will enable Location-based permissions for that specific user.

Once activated, a little search-box will pop up, in which you can look up all the available locations on that account.

You can search through the list, by typing a specific name of a location, or, if available, the website of the location.

As meantioned, you can also add multiple locations to one user, if said user should have access to multiple locations.

If no permissions are applied, the user will have access to all locations.

Lookup via address is currently not supported.

How to create more locations

Locations are handled by Saferpay directly and cannot be created by the merchant directly. If you want additional locations and terminals, please contact your account-manager at our sales.

How can a verified user activate its account?

The newly created user then receives an email at the email address provided containing an activation link.

After calling up the link, the user account is activated and the user must enter an individual password for it.

How can an unverified user activate its account?

The Merchant Administrator must manually send the activation link to the user.

After calling up the link, the user account is activated and the user must enter an individual password for it.

User Login

Users created by a merchant administrator can log into the Saferpay Backoffice using their personal e-mail address or the system-generated username and an individually defined password.

Password Reset Handling

Password handling for Unverified users: If too many login attempts fail, the user is automatically locked. A corresponding message will be displayed and the user administrator should be contacted. However, this is not mandatory, because after 30 minutes the locked status is reseted and the user can log in again. Since there is no email address for Unverified users, no password reset links can be sent, that means the password cannot be reset independently. For this reason the user administrator must be contacted. The administrator will then generate a password reset link and send it to the user.

Password handling for Verified Users: For Verified Users, the password reset link is sent directly to the user's email address. This can either be initiated by the user administrator or the user can request a reset link on its own via the forgotten password function on the login page.

A password reset has no effect on the user status.

Locked user Handling

There are two reasons why a user login becomes locked.

  • Locked because of too many wrong password entries

    If a wrong password is entered too often on the login page, the user login will be automatically blocked for 30 minutes. After that the user can try again. Verified user logins with individual email address can request a password reset link to unlock their login. Unverified Users without email can contact the Merchant Administrator for the unlock so they do not have to wait 30 minutes.

  • Locked due to inactivity

    After 90 days without login, the next time the user tries to log in, the user will see a message that its login is locked. In this case the user cannot unlock its login by himself, only the merchant administrator can unlock the login by sending the user a password reset link.

Edit, Enable/Disable, or Delete a user

In the User Administration overview, users can be edited via the "Details" link. It can be defined whether a user should be active or inactive, as well as the assigned roles. Merchant Administrators cannot edit user data. This data can only be edited by users themselves.

Edit user from the administrator's point of view:

User type "individual unique e-mail address" (verified) can no longer be changed.

User type "system generated username" (unverified) can be changed to a verified user type at any time. In this case the system generated username will be replaced by an email address. The original username will then no longer be usable. An activation link will then be sent to the email address and the user account can be activated. The old passwords will be stored in the history and cannot be used again for login.

The new password must be different from the last five passwords an must not have been used in the last 24 hours.

Delete User

If you want to delete a user, please click on Delete at the bottom of the user settings:

This step cannot be undone. Make sure, that you really want to delete this user.

If this user has Multi-Customer access, it will only be removed from this merchant account.

Access to other merchant accounts is not impacted.

2FA reset

If a user needs his Two Factor Authentication (2FA) to be reset, but cannot do it on their own, the merchant user administrator is able to reset 2FA for them in the user details.

Known Limitations

  • Only user accounts created by a merchant administrator are listed in the user overview. With a later Saferpay release, the list will also include all existing user accounts.

  • A user cannot be deleted. But if you want to prevent a user from accessing the backoffice, you can set its status to disabled. See chapter Enable/Disable a user.

  • Merchant Administrators cannot edit their own profiles.

  • Merchant Administrators can only edit status and permission of users. The users can edit their data in User Profile.

The location-based permissions do have additional restrictions, which are:

  • A merchant administrator cannot be limited to certain locations. They'll always have access to the whole account.

  • Location-based permissions cannot be applied to users with Multi-Customer Access.

  • Location-based permissions do not apply to the Batch Processing.

Multi-Customer Access

Saferpay users who own individual user accounts (Backoffice logins) for several customer accounts (CustomerIDs) can now be merged into a single user account which provides access to all related accounts (multi-customer access). This avoids maintaining and keeping track of multiple user accounts and passwords and eliminates friction when working under several customer accounts.

Activate a multi-customer access user account

The Multi-Customer Access functionality is activated by creating a user with an email address that already exists for another user of another merchant account.

Switch between user accounts

To switch between multiple user accounts, click on the customer ID in the upper right corner next to the user name. On the following page all linked customer accounts will be listed.

Merchant Alias for Customer ID

Merchant Administrators can define additional "easy to understand" alias names for their customers.

The alias of the customer is visible for all users in the header area. For multi-customer users it also appears in the customer selection.

The feature is automatically enabled for affected merchants.

First Login

The respective user has to take some necessary steps upon first login, in order for their new Multi-Customer user to work properly.

The experience diverges a bit from your normal user-experience, so it is important for them to know these steps beforehand.

They log into the Backoffice, using one of their passwords, as normal. The account will initially be shown as blocked:

The user needs to click on Reset password to proceed, which will redirect them to a new page, where they can request a password reset link.

Here, the user must consider the following things:

  1. The Email address must match the one, that is setup inside their user-profile, otherwise the mail will not be sent, due to security concerns.

  2. The User name field must be left empty, unless specifically stated otherwise. When in doubt, leave it out.

After entering this information and the security code, click Send and a reset email will be sent to the users email address, containing a reset link.

Upon accessing the link, the user can set their new password.

By clicking on Activate, the process is done and the user now has access to their Login and the attached accounts to said login.

Once reset, the user can log into their account, without the need for 2FA. However note, that they also , until they re- again, which is highly recommended.

lose access to certain functions
enable 2FA
Verified: Individual unique email address
Unverified: System-generated username
Verified: Individual unique email address
Unverified: System-generated username
Unverified: System-generated username --> Verified: Indiviual unique email address