User permissions
The Organization Management portal lets you manage your users and clients independently. This gives you autonomy around managing users, roles, scopes, and clients for your organization, and increases your organization's security, since no one outside your own organization needs to assign roles/scopes or access secrets.
Your Organization Management portal Admin User can:
- View applications, users, and domains
- Delete a user
- Change a user's phone number
- Resend a registration email during sign-up
- Reset a user's MFA
- Add, edit, and delete the roles associated with a user
- Create, edit, disable, and delete clients (API machine to machine) from the organization
- Add, edit, and delete the scopes associated with a client
- Add, edit, and delete email domains associated with organizations
- If you need access to Arix Marketplace Lending organizational data, you must open a support ticket. Send an email to [email protected].
- You manage COS Explorer roles from within COS Explorer.
IMPORTANT
Be sure you include the Organization Management Portal outgoing IP address 66.206.202.116 and URLs https://oauthtest.crbnj.net, https://oauth.crbnj.net, https://orgmanagementsandbox.crbcos.com/, and https://orgmanagement.crbcos.com/ in your list of addresses to be allowed by your organization.
Go to https://orgmanagementsandbox.crbcos.com/ (sandbox) or https://orgmanagement.crbcos.com/ (production).
Click Login.
The Organization Management Portal opens, displaying the dashboard.
For each type of item (apps, clients, scopes, and so forth) in the network, each tile shows the number of items that exist.
To display the dashboard, click Dashboard.
On the Applications tab, you see scopes and roles.
- Scopes provide your organization's applications with access—via the Cross River API—to user data. You control the abilities and limits (i.e., the "scope") of your client applications. Scopes are also known as protected resources.
- Roles define what features your users can see and the permissions they have in the your organization's applications. You can apply roles to different applications.
Use Case
Control access to Cross River functions and features, for example, P2P.
User Interface
Each organization is exposed to a subset of scopes and roles. For example, a crypto organization might be assigned 5 roles and scopes. However, an Admin User might choose to let the users within that organization see only 3 of those roles and scopes.
In the Applications window, each tile shows both the application name and the display name.
The back-office user has visibility to both names. The application user views only the display name. Also, the card shows the Scopes and Roles available to the organization.
Suppose a back-office user creates a role for which the user's organization does not have access. In that case, in that user’s tile, a red warning indicator will appear next to Roles.
Associate users with an organization; edit user details. Each user has a name, email, and phone number.
Note that phone number is crucial for enabling user login because it’s used for authenticating the user's identity.
At first-time sign-in, the user decides the MFA method (i.e., verify to phone or email). Afterwards, if the user wants to change MFA preference, Cross River Admin intervention is needed.
The Cross River Admin verifies that the user-provided phone number and email do in fact exist and are valid. The Admin does this through an external application.
User Interface
The UI object (i.e., tile) that appears to a user depends on:
- The user’s role
- The scope associated with that role in the organization.
In the User view, details on each user appear within a separate tile.
A domain is a group of networked computers that share both user account information and a common security policy.
User Interface
Cross River offers you the option to access CR applications with your own SSO (Single Sign On) login system. Benefits of SSO include a more seamless and cohesive user experience, as well as higher levels of security.
We support both OIDC and SAML configurations.
To exit the Organization Management Portal, in the upper-right corner of the screen, click the person icon; then, click Logout.