User permissions

the organization management portal lets you manage your users and clients independently this gives you autonomy around managing users, roles, scopes, and clients for your organization, and increases your organization's security, since no one outside your own organization needs to assign roles/scopes or access secrets your organization management portal admin user can v iew applications, users, and domains delete a user change a user's phone number resend a registration email during sign up reset a user's mfa add, edit, and delete the roles associated with a user create, edit, disable, and delete clients (api machine to machine) from the organization add, edit, and delete the scopes associated with a client add, edit, and delete email domains associated with organizations l imitations if you need access to arix marketplace lending organizational data, you must open a support ticket send an email to arix support\@crossriver com you manage cos explorer roles from within cos explorer admin user actions login important be sure you include the organization management portal outgoing ip address 66 206 202 116 and urls https //oauthtest crbnj net , https //oauth crbnj net, https //orgmanagementsandbox crbcos com/ , and https //orgmanagement crbcos com/ in your list of addresses to be allowed by your organization go to https //orgmanagementsandbox crbcos com/ (sandbox) or https //orgmanagement crbcos com/ (production) click login the organization management portal opens, displaying the dashboard dashboard for each type of item (apps, clients, scopes, and so forth) in the network, each tile shows the number of items that exist to display the dashboard, click dashboard applications on the applications tab, you see scopes and roles scopes provide your organization's applications with access—via the cross river api—to user data you control the abilities and limits (i e , the "scope") of your client applications scopes are also known as protected resources roles define what features your users can see and the permissions they have in the your organization's applications you can apply roles to different applications use case control access to cross river functions and features, for example, p2p user interface each organization is exposed to a subset of scopes and roles for example, a crypto organization might be assigned 5 roles and scopes however, an admin user might choose to let the users within that organization see only 3 of those roles and scopes in the applications window, each tile shows both the application name and the display name the back office user has visibility to both names the application user views only the display name also, the card shows the scopes and roles available to the organization suppose a back office user creates a role for which the user's organization does not have access in that case, in that user’s tile, a red red warning indicator will appear next to roles users associate users with an organization; edit user details each user has a name, email, and phone number note that phone number is crucial for enabling user login because it’s used for authenticating the user's identity at first time sign in, the user decides the mfa method (i e , verify to phone or email) afterwards, if the user wants to change mfa preference, cross river admin intervention is needed the cross river admin verifies that the user provided phone number and email do in fact exist and are valid the admin does this through an external application user interface the ui object (i e , tile) that appears to a user depends on the user’s role the scope associated with that role in the organization in the user view, details on each user appear within a separate tile domains a domain is a group of networked computers that share both user account information and a common security policy user interface sso cross river offers you the option to sso configuration (single sign on) login system benefits of sso include a more seamless and cohesive user experience, as well as higher levels of security we support both oidc and saml configurations sign off to exit the organization management portal, in the upper right corner of the screen, click the person icon; then, click logout