User Administration

The User Administration allows Saferpay Backoffice user accounts to be administrated independently via the Saferpay Backoffice. Provided that the required permission has been activated, the corresponding menu item can be found under "Settings" --> "User Administration" or under the following URL:

In this chapter you will find all the necessary information.

User Administration

Merchant Administrator

The Merchant Administrator manages the users of the currently selected Saferpay account. The administrator has the possibility to assign the role "Merchant Administrator" to further users created via Backoffice. Merchant Administrators cannot edit their own profiles. Merchant Administrators can also create . Once created, the Merchant Administrator can still edit user permissions and status, but not user data. This data can only be edited by users themselves.

Backoffice Users

In this ("Settings" --> "User Administration"), the existing users are displayed and new users can be created. Via the link "Details" the data of an existing user can be adjusted and the assigned roles can be changed.

The following statuses are possible:

• Activation link was sent: User has not yet called the activation link.

• Active: User is active and can log into the back office

• Deactivated: User is disabled by merchant administrator and cannot log into the back office

• Locked: User is locked (e.g. due to too many failed login attempts or inactivity)

• Password expired: Password expired

Roles and permissions

Create new users and assign roles

User administrators can create new users in the Saferpay Backoffice. Different roles are assigned to each user, which influence which permissions and accesses a user receives.

There are two different types of users:

• Individual unique e-mail address (Verified)

  An activation email is sent directly to the specified email address.

• System-generated username (Unverified)

  The username is generated by the system. The activation link must then be sent to the user manually.

Location-based permissions

For bigger Saferpay accounts, it may be desireable, or even necessary to restrict the user-access to certain transactions and terminals, based upon their location.

One example could be a hotel-chain with multiple locations, restricting certain user-access to these locations, so certain users can only do actions and see transactions, that were made by that specific location. It is also possible to extend the permissions of a user to multiple locations, if need be.

Merchant administrators do have the ability to restrict user access to certain locations and their attached terminals. This is also important to understand: These permissions are not linked to a terminal, but a location. A terminal can then be linked to that location, effectively enabling you to limit the access to that specific terminal.

Activation

The activation is very simple and only requires a few steps during user-creation.

This checkbox will enable Location-based permissions for that specific user.

Once activated, a little search-box will pop up, in which you can look up all the available locations on that account.

You can search through the list, by typing a specific name of a location, or, if available, the website of the location.

As meantioned, you can also add multiple locations to one user, if said user should have access to multiple locations.

How to create more locations

Locations are handled by Saferpay directly and cannot be created by the merchant directly. If you want additional locations and terminals, please contact your account-manager at our sales.

How can a verified user activate its account?

The newly created user then receives an email at the email address provided containing an activation link.

After calling up the link, the user account is activated and the user must enter an individual password for it.

How can an unverified user activate its account?

The Merchant Administrator must manually send the activation link to the user.

After calling up the link, the user account is activated and the user must enter an individual password for it.

User Login

Users created by a merchant administrator can log into the Saferpay Backoffice using their personal e-mail address or the system-generated username and an individually defined password.

Password Reset Handling

Password handling for Unverified users: If too many login attempts fail, the user is automatically locked. A corresponding message will be displayed and the user administrator should be contacted. However, this is not mandatory, because after 30 minutes the locked status is reseted and the user can log in again. Since there is no email address for Unverified users, no password reset links can be sent, that means the password cannot be reset independently. For this reason the user administrator must be contacted. The administrator will then generate a password reset link and send it to the user.

Password handling for Verified Users: For Verified Users, the password reset link is sent directly to the user's email address. This can either be initiated by the user administrator or the user can request a reset link on its own via the forgotten password function on the login page.

A password reset has no effect on the user status.

Locked user Handling

There are two reasons why a user login becomes locked.

• Locked because of too many wrong password entries

  If a wrong password is entered too often on the login page, the user login will be automatically blocked for 30 minutes. After that the user can try again. Verified user logins with individual email address can request a password reset link to unlock their login. Unverified Users without email can contact the Merchant Administrator for the unlock so they do not have to wait 30 minutes.

• Locked due to inactivity

  After 90 days without login, the next time the user tries to log in, the user will see a message that its login is locked. In this case the user cannot unlock its login by himself, only the merchant administrator can unlock the login by sending the user a password reset link.

Edit, Enable/Disable, or Delete a user

Edit user from the administrator's point of view:

User type "individual unique e-mail address" (verified) can no longer be changed.

User type "system generated username" (unverified) can be changed to a verified user type at any time. In this case the system generated username will be replaced by an email address. The original username will then no longer be usable. An activation link will then be sent to the email address and the user account can be activated. The old passwords will be stored in the history and cannot be used again for login.

Delete User

If you want to delete a user, please click on Delete at the bottom of the user settings:

2FA reset

If a user needs his Two Factor Authentication (2FA) to be reset, but cannot do it on their own, the merchant user administrator is able to reset 2FA for them in the user details.

Known Limitations

• Only user accounts created by a merchant administrator are listed in the user overview. With a later Saferpay release, the list will also include all existing user accounts.

• Merchant Administrators cannot edit their own profiles.

• Merchant Administrators can only edit status and permission of users. The users can edit their data in User Profile.

• A merchant administrator cannot be limited to certain locations. They'll always have access to the whole account.

Multi-Customer Access

Saferpay users who own individual user accounts (Backoffice logins) for several customer accounts (CustomerIDs) can now be merged into a single user account which provides access to all related accounts (multi-customer access). This avoids maintaining and keeping track of multiple user accounts and passwords and eliminates friction when working under several customer accounts.

Activate a multi-customer access user account

The Multi-Customer Access functionality is activated by creating a user with an email address that already exists for another user of another merchant account.

Switch between user accounts

To switch between multiple user accounts, click on the customer ID in the upper right corner next to the user name. On the following page all linked customer accounts will be listed.

Merchant Alias for Customer ID

Merchant Administrators can define additional "easy to understand" alias names for their customers.

The alias of the customer is visible for all users in the header area. For multi-customer users it also appears in the customer selection.

The feature is automatically enabled for affected merchants.

First Login

The respective user has to take some necessary steps upon first login, in order for their new Multi-Customer user to work properly.

The experience diverges a bit from your normal user-experience, so it is important for them to know these steps beforehand.

They log into the Backoffice, using one of their passwords, as normal. The account will initially be shown as blocked:

The user needs to click on Reset password to proceed, which will redirect them to a new page, where they can request a password reset link.

Here, the user must consider the following things:

2. The User name field must be left empty, unless specifically stated otherwise. When in doubt, leave it out.

After entering this information and the security code, click Send and a reset email will be sent to the users email address, containing a reset link.

Upon accessing the link, the user can set their new password.

By clicking on Activate, the process is done and the user now has access to their Login and the attached accounts to said login.