Org management portal

the organization management portal lets you manage your users and clients independently the org management application gives you more autonomy around managing users, roles, scopes, and clients for your organization it increases your organization's security, as no one outside your organization needs to or be able to access secrets the org admin has the ability to delete a user change a user's phone number resend a registration email during sign up reset a user's mfa add, edit, and delete the roles associated with a user create, edit, disable, and delete clients (api machine to machine) from the organization add, edit, and delete the scopes associated with a client add, edit, and delete email domains associated with organizations l imitations a user who wants to gain access to their organization's data for arix marketplace lending needs to create a support ticket with arix support\@crossriver com cos explorer roles are managed within cos explorer admin user actions as an organization management portal admin user , you can view applications, users, and domains login important be sure you include the organization management portal outgoing ip address 66 206 202 116 in your list of addresses to be allowed at your end access https //orgmanagementsandbox crbcos com/ (sandbox) https //orgmanagement crbcos com/ (production) click login the organization management portal opens, displaying the dashboard dashboard for each type of item (apps, clients, scopes, and so forth) in the network, view a tile showing the number of items that exists for a particular customer to display the dashboard, in the left side icon bar, click dashboard applications within applications, there are scopes and roles scopes provide an organization's applications with access—via the cross river api—to user data this way, they control the abilities and limits (i e , the "scope") of the client application scopes are also known as protected resources roles define what features an organization’s users can see and the permissions they have in the organization's applications an organization can apply roles to different applications use case control access to cr functions and features, for example, p2p user interface each organization is exposed to a subset of scopes and roles for example, a crypto platform might be assigned 5 roles and scopes however, an administrator might choose to let the users within that platform (i e , the organization) see only 3 of those roles and scopes in the applications window, each tile shows both the application name and the display name the back office user has visibility to both names the application user views only the display name also, the card shows the scopes and roles available to the organization suppose a back office user creates a role for which the user's organization does not have access in that case, in that user’s tile, a red red warning indicator will appear next to roles users associate users with an organization; edit user details each user has a name, email, and phone number note that phone number is crucial for enabling user login because it’s used for mfa attempting sign in sends a verification code to the user’s phone (can also be configured for email) at first time sign in, the user decides the mfa method (i e , verify to phone or email) afterwards, if the user wants to change mfa preference, cross river admin intervention is needed the cross river admin verifies that the user provided phone number and email do in fact exist and are valid the admin does this through an external application user interface the ui object (i e , tile) that appears to a user depends on the user’s role the scope associated with that role in the organization in the user view, details on each user appear within a separate tile domains a domain is a group of networked computers that share both user account information and a common security policy user interface sso cross river offers you the option to access cross river applications with your own configure sso (single sign on) login system benefits of sso include a more seamless and cohesive user experience, as well as higher levels of security we support both oidc and saml configurations sign off to exit the organization management portal, in the upper right corner of the screen, click the person icon; then, click logout