Several different functions/profiles (roles) generally exist in a company. An accountant, for instance, does not perform the same operations as a payment encoder or a technical integrator. Logically, you want to grant only the necessary access rights for each individual who uses your account, and on top of that, track which user has performed which operations.

The User Manager option allows you to assign a specific profile to each user and to give him the access rights he needs to fulfil his function. The User Manager is an additional service available for all products.

With the User Manager you can:

  • Configure several users under one account
  • Manage the profile and access rights of each user
  • Avoid critical mistakes by payment encoders
  • Trace the actions of each user (e.g. number of transactions per day)
  • Limit users to see only their transactions
  • Easily manage access rights for temporary staff
You can access the User Manager in your Ingenico account menu by selecting “Configuration" > "Users".

1. Introduction

All your activities on our platform begin with your user. Our User manager is a default service available for every account on our platform.

In your company, your employees serve in different functions and roles. An accountant performs different operations like a payment encoder or a technical integrator. Logically, you want to grant only the appropriate access rights to the different users using your account. On top of that, you want to keep track on all activities performed by any of the users.

In short: You need to clearly define who can access your account and what actions can be performed.

Our User manager allows you to

  • Assign specific profiles to all your users and to grant them the necessary access rights
  • Configure several users under one account, preventing any interference
  • Create / deactivate / re-activate any user at will anytime
  • Manage the profile and access rights of each user
  • Allow human and server-to-server access to your account
  • Avoid critical mistakes by payment encoders
  • Trace the actions of each user (e.g. number of transactions per day)
  • Limit users to see only their transactions

The Ingenico User manager tool makes all this possible for you with ease!

2. Manage Users

Our platform allows a maximum of flexibility to use your account. To achieve this, you can define multiple users within your PSPID and define their access rights individually.

Create new users

A PSPID has at least two UserIDs:

  • Your default PSPID It is identical with the name of your account (your PSPID) on our platform
  • Another additional one you can deactivate / reactivate / define

The number of users you may create will depend on your subscription. Check in Configuration > Account > Your options how many are available or contact us if you need more.

User types:

You can apply a user for either human or server-to-server interaction with our platform.

  • A human user (a so-called ADM user) can access our Back Office via our Test environment/ Live environment Depending on the user’s profile, a person can navigate and perform actions in the Back Office.

  • A so-called API user cannot be used for logging in via our Test environment/ Live environment Its purpose is to allow an external server to interact with our platform. You need an API user for our DirectLink or Batch integration. Check out the dedicated chapter on how to set up an API user.

 To create a user, follow these steps:

  • Go to Configuration > Users. Check on top of the table how many users you can create. Click on “NEW USER” below the table
  • Fill in these fields:
    • UserID: Define a name for the user. Bear in mind that once a user is created, you cannot change the UserID anymore
    • User’s name: The name of the person working with this user
    • E-mail address: The person’s email address. All notifications from our platform (including new passwords) will be sent to this address. Learn more about this setting here.
    • Timezone: Select the time zone
    • Automatically adjust to daylight saving changes: (De)flag depending on whether the time stamp of transactions created by this user should be adjusted to the current daylight saving time.
    • Profile: Define the user’s access rights by selecting either of the available categories. Learn more in our dedicated chapter
    • Special user for API (no access to admin.): Define whether this user should be for human or server-to-server interaction with our platform. Learn more about their differences and appropriate use in our dedicated chapter
    • Access rights: Refine the selected user’s profile by granting additional access rights to Advanced > Fraud Detection / Configuration > Technical information / Configuration > Payment methods
    • To confirm the modification, please enter your own password: Enter your own password you have used to log in with your user.
  • Click on “CREATE” to confirm. You get a success message on the screen, including an autogenerated password

3. Manage API User

If you work with DirectLink or Batch, you need to create an API (Application Program Interface) user. It allows your server to interact with our platform without a physically login via our test / live portals. With an API user, you can perform transaction requests, maintenance operations, queries, batch file uploads and downloads.

For server-to-server requests, use parameters USERID / PSWD to send the API user ID and its corresponding password respectively. Learn more about server-to-server requests.

Create API user

Creating an API user follows the same procedure for user creation. However, there are two differences:

  • To define it as an API user, flag “Special user for API (no access to admin.)” during creation
  • After clicking on “CREATE”, you need to define an API password on your own on the subsequent screen. Fill in these fields:
    • To confirm the modification, please enter your own password: Enter your own password you have used to log in with your user
    • New password: Enter a new password by your choice. Please mind that certain requirements must be met as described in the lower part of the screen
    • Confirm new password: Enter the new password from the New password field once more

 Click on “SUBMIT” to confirm the API password. You get a success message on the screen. Our platform sends a confirmation e-mail to the API user's e-mail address.

If you change the password for an API user, make sure to configure the new password in your application sending requests to our platform as well.

Use parameters USERID / PSWD to send the API user ID and its corresponding password respectively.

This will prevent requests being blocked by our platform due to password errors.

4. Manage Passwords

Following the PCI-DSS requirements, it is also important for you as a merchant to create strong passwords.

Basic password requirements

Our platform requires strong passwords to ensure maximum safety of your data and transactions. Any password to be used on our platform must meet the following requirements:

  • It must start with the character “<”
  • Its length must be between 10 and 128 characters
  • It must not contain your PSPID, your USERID or our company name
  • It must contain at least
    • one lowercase letter (a-z)
    • at least one uppercase letter (A-Z)
    • one number (0-9)
    • one special character (i.e. &,@,#,!, etc.)
  • Every new password must be different om your last 12 passwords

Our platform will display these requirements, help you with examples and validate your new password every time you change it.

Change password

To change the password of the UserID you are currently logged in, follow these steps:

  • Go to Configuration > Password. Fill in these fields
    • UserID: Select your user ID from the drop-down menu
    • Current password: Enter your current password
    • New password: Enter a new password by your choice. Please mind that certain requirements must be met as described in the lower part of the screen
    • Confirm new password: enter the new password from the New password field once more

Click on “SUBMIT” to confirm your new password

  • You get a success message on the screen and an automated confirmation email from our system.

For security reasons, you can change the password of a user only once every 24 hours

Send new password to other users

To change the password of any of your users (except for your own), follow these steps:

  • Go to Configuration > Users  In the table overview, click on “Send new password” in the line for the respective user. If a user has been blocked due to too many password errors, you need to click on a separate “Activate” button first. Only then will the “Send new password” be available
  • You get a success message on the screen. Our system sends an automated email from with a new password. The user will have to change the password right after logging in for the first time

For non-human users (API users), the button says “Change password” instead of “Send new password”. Changing passwords for API users follows a different procedure.

Lost password

Check out our dedicated guide to recover your lost password

5. User Profiles and Rights

Our platform allows individual customisation for each user that has access to your account. Any of your users will so reflect the role and responsibilities within your company.

Define standard profiles

By selecting either of the available profiles, you can grant or deny access to certain areas and actions within your account. Check out this table to learn exactly what is possible for each profile.

Find here an overview of the available profiles and their general purpose.

Profile Definition
Admin
  • Full access rights
  • Default user for any PSPID
  • Only user that can change the account configuration
Admin without user manager
  • Identical with Admin, but without user creation rights
Encoder
  • Can create transactions in Back Office (Operations > New transaction) or via DirectLink
Super-encoder
  • Can create transactions / perform data captures on authorised orders in Back Office (Operation > New transaction) or via DirectLink
  • Can perform maintenance operations
  • Can download/upload files
Super-encoder without refund
  • Identical with Super-encoder, but cannot do refunds / cancel authorisations
Helpdesk admin
  • Has only access to Configuration > Users
Viewer
  • Read-only access profile
  • Useful for looking up transactions in the Back Office (Operations > View transactions / Financial history) or via DirectLink

For each profile, different options are available:

Back Office module

Viewer

Encoder

Super-encoder

Super-encoder without refund

Helpdesk admin

Admin

Admin without user management

Configuration > Account >

Your administrative details /

Currency

R

R

R

R

N/A

RW

RW

Configuration > Account > Your Subscription / Your options

N/A

N/A

N/A

N/A

N/A

RW

RW

Configuration > Account > Your invoicing information

N/A

N/A

N/A

N/A

N/A

R

R

Configuration > Payment methods

R

N/A

N/A

N/A

N/A

RW

RW

Configuration > Users

N/A

N/A

N/A

N/A

RW

RW

N/A

Support

R

R

R

R

R

R

R

Configuration > Technical information

R

N/A

N/A

N/A

N/A

RW

RW

Configuration > Error logs

R

R

R

R

R

R

R

Advanced > Fraud Detection

R

N/A

N/A

N/A

N/A

RW

RW

Operations > Financial History

R

R

RW

RW

N/A

RW

RW

Operations > New transaction

N/A

RW

RW

RW

N/A

RW

RW

Operations > View transactions

R

R

RW

RW

N/A

RW

RW

Operations > Batch Manager > Upload new batch file

N/A

N/A

RW

RW

N/A

RW

RW

Operations > Batch Manager > View uploaded files

N/A

N/A

RW

RW

N/A

RW

RW

Operations > Electronic reporting

RW

RW

RW

RW

RW

RW

RW

Advanced > Alias Manager

R

R

R

R

N/A

RW

RW

R

Read-only access

The module is only available for viewing

RW

Read/Write access

The module is available for both viewing and changing settings

N/A

Not available

The module is not available at all

Define Fraud Prevention profiles

Our Fraud Prevention tools offer additional profiles with specialised scopes:

 

Fraud analyst

Fraud manager

Fraud viewer

Advanced > Fraud Detection

R

RW

R

Advanced > Fraud Detection > Fraud detection activation and configuration

R

RW

R

Advanced > Fraud Detection > 3D-Secure

R

RW

R

Advanced > Fraud Detection > Blacklists / Greylists / Whitelists

RW

RW

R

Operations > View Transactions > VIEW RISK DETAILS

R

R

R

Operations > View Transactions > VIEW RISK DETAILS > FLAG AS DISPUTE AND FILL BLACKLISTS, GREYLISTS OR WHITELISTS

RW

RW

N/A

Operations > View Transactions > VIEW RISK DETAILS > Release / block transactions based on Fraud Expert review

RW

RW

N/A

R

Read-only access

The module is only available for viewing

RW

Read/Write access

The module is available for both viewing and changing settings

N/A

Not available

The module is not available at all

6. Customise Users

Once created, you can modify your users’ settings anytime for fine-tuning or complete profile redefinition.

To modify users’ settings you need the Admin profile for your own user

Change data and settings

To change data and settings of a user, follow these steps:

  • Go to Configuration > Users Check on top of the table how many users you can create. Click on “EDIT” in the line for the respective user
  • You can modify the following fields:
    • User’s name: The name of the person working with this user
    • E-mail address: The person’s email address. All notifications from our platform (including new passwords) will be sent to this address. Learn more about this setting here.
    • Timezone: Select the time zone
    • Automatically adjust to daylight saving changes: (De)flag depending on whether the time stamp of transactions created by this user should be adjusted to the current daylight-saving time.
    • Profile: Define the user’s access rights by selecting either of the available categories. Learn more in our dedicated chapter
    • Special user for API (no access to admin.): Define whether this user should be for human or server-to-server interaction with our platform. Learn more about their differences and appropriate use in our dedicated chapter
    • Access rights: Refine the selected user’s profile by granting additional access rights to Advanced > Fraud Detection / Configuration > Technical information / Configuration > Payment methods
  • Enter your own password you have used to log in with your user in “To confirm the modification, please enter your own password”
  • Click on “SAVE” to confirm you changes. You get a success message on the screen. Our platform sends a confirmation e-mail to the user's e-mail address

IMPORTANT! Avoid daylight saving discrepancy between users and PSPID

  • When editing subscriptions, please make sure to adapt your user’s daylight-saving settings to the setting of the PSPID
  • Otherwise, due payments might not be triggered for modified subscriptions on this PSPID
  • To change the setting of your user, go to Configuration > Users > EDIT on your user > (De-)flag “Automatically adjust to daylight settings”
  • To change the setting of the PSPID, go to Configuration > Account > Your administrative details > (De-)flag “Automatically adjust to daylight settings"

Deactivate / Reactivate users

It is possible to deactivate users you do not need any more or reactivate users you deactivated at some point. Our platform will never delete a user, so you are always on the safe side when deactivating users. You can get an overview on all active / inactive users in your account via Configuration > Users > Status > Select either option > Click on “SEARCH”

 To deactivate a user, follow these steps

  • Go to Configuration > Users Click on “Deactivate” in the line for the respective user
  • You get a success message on the screen. Our platform sends a confirmation e-mail to the user's e-mail address. The user will disappear from the overview, as the default view will display only users in status “active”

 To reactivate a user, follow these steps

  • Go to Configuration > Users Select “Inactive” from the “Status” dropdown menu and click on “SEARCH”
  • Click on “Activate” in the line for the respective user
  • You get a success message on the screen. Our platform sends a confirmation e-mail to the user's e-mail address. The user will disappear from the overview, as the default view will display only users in status “inactive"

  • To prevent illicit access to your PSPID, our system will automatically put any user that has not logged on to our platform for more than 60 days to status “inactive”.
  • Please make sure to inform all your users that the Admin user can reactivate their account in case of prolonged inactivity.
  • An admin user will have to contact our customer care team to activate his/her account.

7. Use additional possibilities

As security is our top priority, the User manager offers even more possibilities to protect your account and transactions.

(De-)Activate 2-factor authentication

Two-factor authentication (2FA) adds an additional layer of security to your account.

Apart from your password, a second factor is needed for logging in. This is a time-based unique verification code our platform sends to the user’s mobile device.

To use this option, follow these steps:

  • Install an authenticator on your mobile device. We support the following
    • Google Authenticator (Android, iOS, BlackBerry)
    • Authenticator (Windows Phone)
  • Login to the Back Office. Go to Configuration > Password > One Time Password configuration
  • Open the authenticator application on your mobile device and scan the QR code displayed on the page. Alternatively, enter the “Secret Key” on top of the QR code
  • Your authenticator generates a temporary 2FA passcode. Enter it in “Enter the code generated by your authenticator app”
  • Enter your own password you have used to log in with your user in “To confirm the modification, please enter your own password”. Click on “SUBMIT” to confirm the activation

From the moment 2FA authentication is activated on your account, it is also linked to your mobile device. Before changing or resetting your mobile device, we strongly advise you to deactivate 2FA authentication before setting it up on your new device.

To deactivate the option, follow these steps:

  • Login to the Back Office. Go to Configuration > Password > One Time Password configuration
  • Your authenticator generates a temporary 2FA passcode. Enter it in “Enter the code generated by your authenticator app”
  • Enter your own password you have used to log in with your user in “To confirm the modification, please enter your own password”. Click on “SUBMIT” to confirm the deactivation

Login with 2-factor authentication

  • Go to either our Test environment/ Live environment . Enter your UserID / password.
  • Our system redirects you to the 2-factor authentication page. Your authenticator generates a temporary 2FA passcode and enter it on this page

 

Track user operations on transactions

Our platform keeps track on which user creates or perform maintenance operations. You can check this out in our Back Office via Operations > View transactions / Financial History.

  • On the selection screen, look up the transaction by the Pay ID, Order date or any other search criteria
  • In the transaction overview screen, scroll down to the table on the bottom of the page. Select the operation in the “Pay ID” column (10-digit Pay ID / X) you want to know the origin of.
  • In the subsequent overview, in “encoded by” the creator of the operation is named by the formula
    • UserID/PSPID/User type

Alternatively, you can display all operations by a specific user via Operations > View transactions / Financial History. Click on “ADVANCE SELECTION CRITERIA” and select the UserID from the drop-down menu “encoded by”

Block IP address for access

To protect against unauthorised access to the Back Office, a user with an Admin profile can give access to specific IP addresses. Once configured, each login attempt of any user linked to your PSPID must origin from this IP range.

  • Go to Configuration > Users > Login Access
  • In “IP address”, enter the IP address(es) to which you want to grant access. Take the following into account
    • Separate multiple addresses with a semicolon “;“
    • The IP address(es) must be CIDR compliant and can have a maximum length of 512 characters
  • The IP address of the user configuring the IP range must also be included in the defined range. Otherwise, the user will receive an error message and the IP address will not be saved.

FAQs

A User ID identifies the specific user of an account.

If your account has more than one user, you log in by filling in your USERID, your payment service provider ID (PSPID), if needed, and your password. Please make sure you click on the 'Log in as user' link so that all three fields are displayed.

If your account only has one user, you will not need a USERID. You will log in using only your PSPID and password, so please make sure your login screen only displays two fields. If you can see three fields, click on the 'Log in as PSPID' link on the bottom left of the screen to log in as a merchant.

 

For a DirectLink or Batch integration, the parameter USERID corresponds to the API user set up on your PSPID. Please note that the API user is not able to log in to the Ingenico Back Office.

You can reinitiate your password via the  "Lost your password?" button on the bottom of the login screen.

If you're unable to log in to your account using your payment service provider ID (PSPID) and password, it may be due to one of the following reasons:

  • You could be using your test PSPID and/or password in the production environment, or your production PSPID and/or password in the test environment. You can check the environment at the top of the login screen – it will say either: "Identification Production" or "Identification TEST". To switch environments, use the link under the login fields.
  • You could be logging in as a merchant on the user screen or as a user on the merchant screen. If you're logging in as a merchant, you'll see two fields: PSPID and Password. If you're logging in as a user, you'll see three fields: USERID, PSPID (optional) and Password. To switch the login screen, click the "Log in as user" or "Log in as PSPID" button on the bottom left of the screen.
  • Perhaps you've typed in your password in the wrong case? Passwords are case sensitive. Try typing your password into a text editor such as Word or Notepad to check the spelling and the case, then copy/paste the result in the password field.
  • When you submit your login details, if the login page reappears and the information you entered is gone it means your browser is not accepting session cookies. To enable session cookies, go to your browser's settings. If you're unsure how to do this for your operating system and browser version, please check with an IT specialist. 

If you forgot your password, please click on the "Lost your password?" button on the bottom of the screen.