Manage Users¶
Permissions¶
| Compliance Officer | Advanced User | Standard User | Data Entry Operator | Billing Officer | Auditor |
|---|---|---|---|---|---|
| edit | visibility | clear | clear | clear | visibility |
Key Elements¶
- User details
- Assigned organisation
- Role and Access Rights
- API Access Key
A user can be assigned to one or multiple organisations and suborganisations. To create a user account, you must assign an organisation or suborganisation to the user, else they will be unable to login to access the service.
A user account can be associated to a single role which applies to the entire organisation hierarchy. If a user plays different roles for different suborganisations, we would recommend they be created with multiple user accounts with their own unique usernames and email addresses with the specific roles for the associated suborganisation. Each user account must have a unique Username and Email.
Each organisation can have up to 3 Compliance Officers, and a Compliance Officer can be assigned to multiple organisations or suborganisations.
Roles and Access Rights¶
For a summary of the permissions available to the various user roles, refer to Overview > User Roles.
User Roles offer a quick and easy way to allocate permissions for users. Access rights provide additional fine-tuning of a user's access to the features. Access rights are dependent on the user role selected, and you may see different permissions displayed based on the User Role selected.
| Access Rights | Description |
|---|---|
| Single Scan | Permission to perform single scans for individuals. |
| Scan Results | Permission to view scan results. |
| Batch Scan | Permission to perform batch scans for individuals. |
| Batch Scan Results | Permission to view batch scan results |
| Corporates | Access to Corporate scan functionality. This is used in addition to the above permissions to enable the user to run corporate scans, view corporate scan results, run corporate batch scans and view corporate batch scan results. |
| Due Diligence Decisions | Permission to perform due diligence decisions. The user may be able to view the final match decision but is not able to view history of due diligence decisions and comments. |
| Due Diligence Report | Permission to view the Due Diligence Reports for individuals and corporates. |
| Activity Report | Permission to view the Activity Reports for individuals and corporates. |
| Organisation Management | Permission to manage organisation settings. This applies to Compliance Officers of a suborganisation. |
| Data Management | Permission to remove scan data. This applies to Compliance Officers of a suborganisation. |
| Monitoring | Permission to access the ongoing monitoring features including adding scans to the monitoring list. |
| Dashboard | Permission to view the organisation dashboard. |
| ID Verification Service | Permission to screen for Identity Verification (IDV) in Individual Single Scan. This does not restrict the ability to view IDV results if Scan Results permission is enabled.This is visible if the organisation has been activated for the IDV service and the user role permits screening. |
| Know Your Business Service | Permission to screen for Know Your Business (KYB) in Corporate Single Scan. This does not restrict the ability to view KYB results if Scan Results permission is enabled.This is visible if the organisation has been activated for the KYB service and the user role permits screening. |
User Account Statuses¶
User accounts will have one of the following statuses:
| Status | Description |
|---|---|
| Pending | Account pending user activation. User must set up password and security question/answer to activate. For API only accounts, this can remain Pending and will not affect the API key access. |
| Active | Account is active and web access is available to the service. |
| Inactive | Account is deactivated and will not be able to access the service. |
| Locked | Account is/was locked due to multiple failed login attempts. Locked accounts are automatically unlocked after a period of time, however the status remains as |
API Access Key¶
Your access to the MemberCheck service includes API access.
To integrate with MemberCheck's API, generate an API key for each user that requires access. Users can create one API key at a time in their profile's API Access Key field.
Separate user and system accounts for API
As API Keys are associated with user accounts, having a separate user account with its own API Key for your production system reduces the risk of impact if the individual user's account is deactivated if they were ever to leave your company.
API Keys are specific to environments
The API keys are different for the Demo and Production environments. If you have accounts in both environments, please use the environment specific key to enable your requests to be successfully authenticated and authorised. Also check the API URL relevant to the location of your account.
Deactivate User Account¶
Users who have left the organisation or no longer need MemberCheck access can be deactivated. This helps improve security and management of access.
Delete User Account¶
For pending user accounts or user accounts which do not have any associated historical scans, you can delete these to help improve security and management of access.
Deleted accounts cannot be restored.
Users must be assigned to at least 1 active organisation
Please note that all users must have at least 1 active organisation assigned to their account to access MemberCheck.
Single Sign-On¶
The service supports enterprise-level single sign-on with OpenID Connect (OIDC) and SAML authentication protocols. The integration requires some configuration by the client as well as the MemberCheck team. If you would like to integrate your organisation's identity provider for SSO, please reach out to your Account Manager or the MemberCheck Support team for more details.