Managing Users
PaymentWorks accounts may contain multiple users, each with their own access, roles and permissions. This document describes setting up and managing users within an account. Related documentation includes:
Access to the User management section of the app is under the Account menu, in the Manage Other Users section, as shown in the screenshot below:
Access to data and functionality in this section is determined by the following permissions:
- View Other Users
- Add Other Users
- Edit Other Users
- Delete Other Users
SSO User Access
PaymentWorks requires that Payer accounts be enabled with Single Sign-On (SSO), which allows automated provisioning of users within the account while managing access control from a central organization directory system.
Users who gained access to PaymentWorks via SSO will appear in the Manage Other Users section. These users will not have a PaymentWorks role assigned to them. However, if the account is configured with one or more “Base Roles”, newly provisioned users will inherit all permissions of those roles.
Base roles are described in more detail in PaymentWorks Configuration Guide Part 1 – Role and Permissions.
Deleting SSO Users
The primary value of SSO is to enable central management of user access. If a user in the PaymentWorks account leaves the organization, it’s assumed that the administrator of the corporate directory will inactivate their access.
The user record will still appear in the PaymentWorks account, even though their access has been disabled administratively by the organization. You may optionally choose to delete these users from the Payer account.
Conversely, if an SSO user is deleted from PaymentWorks but still active in the organizational directory, they will be re-provisioned when accessing PaymentWorks through the normal SSO address.
Adding Non-SSO Users
Account users with the Add Other Users permission may also manually add users to a PaymentWorks account. This can be useful when a user is required to provide system access by the IT department for integrations, and an IT mailing list is used.
Note: it is a security liability to provide non-SSO access to a PaymentWorks account. Login credentials should be carefully managed.
To invite a user to the account manually, click on the “Add User” button in the lower right corner of the Manage Other Users page. PaymentWorks displays the User Settings dialog box, as shown below:
After completing all the relevant fields, press Save to send an invitation to the intended recipient, who will receive an email invitation like the one shown below.
Upon supplying the one-time password, the new user will be prompted to provide their own permanent password, which they will use to access the account.
Changing User Settings
Personal Information
Users can change most of their own settings in the Personal Information tab under the Account link in the upper right corner. Most users will see the fields shown in the screenshot below:
Forward Messages to Email
The PaymentWorks messaging system provides context-specific channels for communication between Payers and their Suppliers. These messages are created, stored and delivered within PaymentWorks.
The Forward Messages to Email setting will, as the name suggests, forward any message delivered in PaymentWorks messaging to the email address of users with permission to view each message type.
Note: This forwarding capability does not include notifications regarding system events such as file uploads and vendor connections, which are delivered directly to the email address appropriate users.
Persist Search Filters
When this setting is enabled, PaymentWorks will save the previous search performed in any view where there is a search panel, like the one shown in the screenshot at right, which appears in the New Vendor Requests view.
When returning to a page with a search panel, the filter most recently used on that page will be applied by default.
Clicking on the Clear Filters button will clear the currently used filters and remove the previous default filter.
Saved filters will be retained even after the user logs off, closes the browser, or turns off their computer. Filters are associated with the browser in which they were set. When users switch to a different browser, the filter will not be available.
API Authorization Token
Every user in every account is assigned a unique 32-digit API authorization token. Most users do not need to access or even know about this token, which is used exclusively for accessing the REST API through code.
Access to view the existing token and generate a new token is determined by the View Auth Token permission.
Roles
Depending on the account configuration, administrative users may be able to assign roles to users. Access to data and functionality in this section is determined by the following permissions:
- View Other Users
- Edit Other Users
- Assign Roles and Permissions
- View Roles and Permissions
Note: A user, regardless of which permissions they have, may not modify their own role assignments.
Two lists of roles will appear in the user’s settings:
- Available Roles, showing roles not yet assigned to the user
- Chosen Roles, which will be assigned to the user when the settings dialog box is saved.
A user may be assigned more than one role. In this case, their permissions will consist of the superset of permissions in all assigned roles.