User Permissions
The Organization Management portal lets you manage your users and clients independently.
The Org Management application gives you more autonomy around managing users, roles, scopes, and clients for your organization. It increases your organization's security, as no one outside your organization needs to or be able to access secrets.
The Org Admin has the ability to:
- Delete a user
- Change a user's phone number
- Resend a registration email during sign-up
- Reset a user's MFA
- Add, edit, and delete the roles associated with a user
- Create, edit, disable, and delete clients (API machine to machine) from the organization
- Add, edit, and delete the scopes associated with a client
- Add, edit, and delete email domains associated with organizations.
- A user who wants to gain access to their organization's data for Arix Marketplace Lending needs to create a support ticket with [email protected].
- COS Explorer roles are managed within COS Explorer.
As an Organization Management Portal Admin User, you can view applications, users, and domains.
Go to https://orgmanagementsandbox.crbcos.com/ (sandbox) or https://orgmanagement.crbcos.com/ (production).
Click Login.
The Organization Management Portal opens, displaying the dashboard.
For each type of item (apps, clients, scopes, and so forth) in the network, view a tile showing the number of items that exists for a particular customer.
To display the dashboard, in the left-side icon bar, click Dashboard.
Within Applications, there are scopes and roles.
- Scopes provide an organization's applications with access—via the Cross River API—to user data. This way, they control the abilities and limits (i.e., the "scope") of the client application. Scopes are also known as protected resources.
- Roles define what features an organization’s users can see and the permissions they have in the organization's applications. An organization can apply roles to different applications.
Use Case
Control access to CR functions and features, for example, P2P.
User Interface
Each organization is exposed to a subset of scopes and roles. For example, a crypto platform might be assigned 5 roles and scopes. However, an administrator might choose to let the users within that platform (i.e., the organization) see only 3 of those roles and scopes.
In the Applications window, each tile shows both the application name and the display name.
The back-office user has visibility to both names. The application user views only the display name. Also, the card shows the Scopes and Roles available to the organization.
Suppose a back-office user creates a role for which the user's organization does not have access. In that case, in that user’s tile, a red warning indicator will appear next to Roles.
Associate users with an organization; edit user details. Each user has a name, email, and phone number.
Note that phone number is crucial for enabling user login because it’s used for MFA. Attempting sign-in sends a verification code to the user’s phone (can also be configured for email).
At first-time sign-in, the user decides the MFA method (i.e., verify to phone or email). Afterwards, if the user wants to change MFA preference, Cross River Admin intervention is needed.
The Cross River Admin verifies that the user-provided phone number and email do in fact exist and are valid. The Admin does this through an external application.
User Interface
The UI object (i.e., tile) that appears to a user depends on:
- The user’s role
- The scope associated with that role in the organization.
In the User view, details on each user appear within a separate tile.
A domain is a group of networked computers that share both user account information and a common security policy.
User Interface
To exit the Organization Management Portal, in the upper-right corner of the screen, click the person icon; then, click Logout.
