User Management

Applies to: PayPlus Enterprise v3.2 Last updated: March 2026

PayPlus Enterprise uses a role-based access control (RBAC) model. Each user is assigned one or more roles that determine their access to payment functions, configuration screens, and reports. Users can be managed locally within PayPlus or provisioned through LDAP/Active Directory or SAML 2.0 SSO.

Principle of Least Privilege Always assign users the minimum role required for their job function. Operations staff processing payments do not require access to system configuration or compliance rule editing. Separate the System Administrator role from operational payment roles.

Roles and Permissions

Built-In Roles

Role	Description	Typical Job Title
System Administrator	Full system access. Manages users, roles, connectors, compliance configuration, and system settings. Cannot initiate or approve payments (segregation of duty control).	IT System Administrator
Payments Manager	Manages payment workflows, approves payments up to defined limit, views all payment queues, accesses settlement reports. Cannot modify system configuration.	Payments Operations Manager, Treasury Manager
Payments Processor	Initiates payments within assigned limits. Views own payment queue and status. Cannot approve own payments if dual-control is configured.	Payments Analyst, Treasury Operations Staff
Compliance Officer	Manages OFAC hold queue. Reviews and releases or rejects held payments. Views compliance reports and audit logs. Cannot modify system configuration or initiate payments.	BSA/AML Compliance Officer, OFAC Analyst
Read-Only Auditor	View-only access to all payment records, audit logs, and reports. Cannot initiate, approve, or modify any payment or configuration.	Internal Auditor, External Auditor (with time-limited access), Regulator
API Integration User	Non-interactive service account for system-to-system API integration with core banking or host systems. No Web Console access. API key authentication only.	Core Banking Integration (non-human account)

Permissions Matrix

Function	System Admin	Payments Manager	Payments Processor	Compliance Officer	Read-Only Auditor
Initiate payment	✗	✓	✓	✗	✗
Approve payment (dual-control)	✗	✓	✗	✗	✗
View payment queue	✗	✓	Own queue only	✓	✓
View payment history	✗	✓	Own payments only	✓	✓
Manage OFAC hold queue	✗	✗	✗	✓	View only
View compliance reports	✗	✓	✗	✓	✓
View audit logs	✗	✗	✗	✓	✓
Manage users & roles	✓	✗	✗	✗	✗
Configure connectors	✓	✗	✗	✗	✗
Configure compliance rules	✓	✗	✗	View only	✗
Configure workflow rules	✓	✗	✗	✗	✗

Creating and Managing Users

Creating a Local User

Log in to the PayPlus Web Console as a System Administrator. Navigate to Administration > Users > Add User.
Enter the user's Username (must be unique), Full Name, Email Address, and Employee ID (optional, used for audit trail).
Select the Authentication Type:
- Local — PayPlus manages the password. User is prompted to set a password on first login.
- LDAP — Password authenticated against LDAP/AD. LDAP integration must be configured first (see below).
- SSO — User authenticates via SAML 2.0 SSO. SSO must be configured first (see below).
Assign one or more Roles to the user. For dual-control enforcement, do not assign both Payments Processor and Payments Manager to the same user.
If the user requires access limited to specific payment rails (e.g., ACH only), configure Rail Restrictions in the Advanced tab.
Click Save. The user account is created in Pending Activation status. A welcome email is sent to the user's email address with login instructions.

Deactivating a User

When an employee leaves the institution or changes role, deactivate their PayPlus account immediately. Deactivation prevents login but retains all payment records and audit logs associated with the user — do not delete user accounts.

Navigate to Administration > Users, select the user, and click Deactivate. The account status changes to Inactive. Any pending approvals assigned to the user are returned to the payment queue for reassignment.

LDAP / Active Directory Integration

PayPlus Enterprise integrates with corporate LDAP directories (Microsoft Active Directory, OpenLDAP) for centralized authentication. Users log in with their corporate credentials; PayPlus validates the password against the LDAP server and applies the role assignments configured in PayPlus.

LDAP Does Not Sync Roles LDAP integration provides authentication only — not authorization. User role assignments are always managed within PayPlus, not pulled from LDAP group memberships. This preserves the payment-specific access control model independently of general IT roles.

Configuring LDAP Integration

Navigate to Administration > Authentication > LDAP Configuration.

Field	Description	Example Value
LDAP Server URL	LDAP server hostname and port. Use `ldaps://` (port 636) for TLS — required for production.	`ldaps://ad.bank.internal:636`
Base DN	Distinguished name of the LDAP subtree to search for user accounts.	`OU=PaymentsStaff,DC=bank,DC=internal`
Bind DN	Service account used by PayPlus to search the LDAP directory. Must have read access to the Base DN.	`CN=payplus-svc,OU=ServiceAccounts,DC=bank,DC=internal`
Bind Password	Password for the Bind DN service account. Stored encrypted in the PayPlus database.	(stored securely)
User Search Filter	LDAP filter to locate user accounts. `{0}` is replaced by the username entered at login.	`(&(objectClass=user)(sAMAccountName={0}))`
Connection Timeout	Seconds to wait for LDAP server response before failing. Do not set above 5 seconds to avoid login delays.	`3`
Failover LDAP Server	Secondary LDAP server URL used if the primary server is unreachable.	`ldaps://ad-dr.bank.internal:636`

After saving the configuration, click Test Connection to verify PayPlus can reach the LDAP server and authenticate with the Bind DN credentials.

Single Sign-On (SAML 2.0)

PayPlus Enterprise supports SAML 2.0 SP-initiated SSO. Users are redirected to your institution's Identity Provider (IdP) — such as Microsoft ADFS, Okta, or Ping Identity — for authentication, then returned to PayPlus with a SAML assertion.

SSO Configuration

Navigate to Administration > Authentication > SSO Configuration.

Field	Description
IdP Metadata URL	URL to your IdP's SAML metadata XML. PayPlus fetches this to obtain the IdP's SSO endpoint and signing certificate.
SP Entity ID	PayPlus Service Provider entity ID. Provide this value to your IdP administrator when registering PayPlus as a trusted SP. Default: `https://payplus.bank.internal/saml/metadata`
Assertion Consumer Service URL	PayPlus URL that receives the SAML response from the IdP. Provide to IdP admin. Default: `https://payplus.bank.internal/saml/acs`
Username Attribute	SAML attribute that contains the username to match against PayPlus user accounts. Typically `sAMAccountName` or `email`.
Session Timeout	Maximum SSO session duration in minutes. After this period, the user is redirected to the IdP for re-authentication.

Testing SSO Before Go-Live Configure a test user with SSO authentication type in a UAT environment before enabling SSO in production. Verify the SAML assertion contains the correct username attribute. Keep at least one local System Administrator account active as a break-glass account in case SSO is unavailable.

Password Policy

Password policy applies to local authentication accounts. LDAP and SSO accounts use the password policy enforced by the external authentication system.

Navigate to Administration > Security > Password Policy to configure the following settings:

Setting	Default	Recommended (Production)
Minimum password length	10 characters	14 characters
Complexity requirements	Uppercase, lowercase, number, special character	Same — do not reduce
Password expiration	90 days	90 days (align with corporate policy)
Password history	Last 5 passwords	Last 12 passwords
Account lockout threshold	5 failed attempts	5 failed attempts
Lockout duration	30 minutes	30 minutes (or until manually unlocked)
Force password change on first login	Enabled	Enabled — do not disable

Session Management

Setting	Default	Description
Session timeout (idle)	15 minutes	After this period of inactivity, the user session is terminated and the user must log in again.
Maximum concurrent sessions	1	Prevents a user account from being simultaneously logged in from multiple workstations. Do not increase above 2 for operational roles.
Session token expiration	8 hours	Maximum duration of an active session regardless of activity. Forces re-authentication at the start of each business day.
Secure cookie (HTTPS only)	Enabled	Session cookies are not transmitted over HTTP. Do not disable.

← Installation Next: Payment Rail Connectors →