Creating a User
  • 16 Nov 2023
  • 8 Minutes To Read
  • Dark
    Light
  • PDF

Creating a User

  • Dark
    Light
  • PDF

Article Summary

A user is anyone who accesses and uses Mambu via the UI or the API. Each user has a user account that stores the access credentials, the details of the person using the system, the role, and the permissions.

A list of users can be found at Administration > Access > Users.

The Users tab under Administration > Access and the Users option under the Create menu in the top bar are only visible if your user has the appropriate permissions assigned to them. For more information, see the Permissions for managing users section.

Permissions for managing users

The following permissions are required for you to be able to perform the relevant management actions on users:

  • CREATE_USER
  • EDIT_USER
  • VIEW_USER_DETAILS
  • DELETE_USER
Please be Aware

For security reasons, we recommend tightly controlling which users have role and user management permissions. For more information, see Limiting role and user management permission assignment.

Creating a user

To create a user:

  1. Either go to the top bar and select CreateUser, or on the main menu, got to Administration > Access > Users and select Create New User.
  2. In the Create A New User dialog, enter all the necessary information. For more details on the fields in the various sections of the form, see below.
  3. Select Save User.

Users screen. All defined users are displayed here

General section

NameCommentsRequired
First NameMaximum length of 255 characters.YES
Last NameMaximum length of 255 characters.NO
TitleMaximum length of 255 characters.NO
RoleIf you assign a role, then the User Rights and Permissions sections of the form are pre-filled with the settings of the role, and you will no longer be able to manually edit them. For more information, see Roles.NO

User Rights section

Type

Under the User Rights section, you can select an optional user Type. There are three options for types: AdministratorTeller and Credit Officer. A user that has one of these types has special characteristics that will be described below.

User rights section from Create user view

Administrators

Administrators have all permissions and can perform any action in Mambu. Only administrators can create or edit other admins. Selecting the Administrator checkbox removes the Permissions section from the Creating a New User form.

Administrators have all the permissions of the credit officer and teller user types. Administrators also have additional access permissions in Mambu that are not available to non-administrators and which cannot be assigned as granular permissions. For example, administrators have access to the usage rights settings of saved custom views. For more information, see User types and saved custom views.

Regular users can be granted certain administrator rights by either assigning a role or assigning granular permissions under the Permissions section.

Credit officers

Credit officers have the option of having clients and groups assigned to them, this relationship allows for better reporting and client management.

Tellers

Tellers have access to the teller module. Special tellering permissions give them access to the different actions available on this module, for example opening or closing tills, posting transactions on a till, and adding and removing cash from a till.

Access Rights

Under the User Rights section you can select the Access Rights. There are two different access rights types Mambu and API.

Mambu

The Mambu access type is for regular Mambu UI users. Mambu access allows the user to log in to Mambu via the regular web user interface, using their login credentials.

API

API access allows the user to authenticate and interact with Mambu using APIs. Like other user types, API users also require the necessary user permissions to perform a desired action. Transactions posted by API users are kept in the logs in the same way as user actions from regular users. For more information on API authentication at Mambu, see Authentication in our API Reference.

If you have federated authentication enabled, please see Managing Users under Federated Authentication - API Users for information on how to create a user with API access. If you have API consumers enabled, you won't be able to add the API permission when creating a new user, but you may edit any existing user to add the permission.

Permissions

A user in Mambu may be assigned permissions either directly or through a role. However, a single user cannot be assigned permissions in both ways.

If you do assign a role to a user, you may assign granular permissions to them. Note that some permissions are provided by roles that cannot be assigned directly to users.

We recommend assigning permissions to users through roles because it allows for more control over access in Mambu. For more information, see Access managed by role.

To assign granular permissions to a user:

  1. Select Permissions.
  2. Check the boxes next to the permissions that you wish to assign to the user.
  3. Select Save User.

For more information, see Understanding Users, Roles, and Permissions and Permissions.

User permissions. Each permission contains other permissions that have specific actions.

Permissions for managing users

The following permissions are required for a user to be able to perform the relevant management actions on a user account:

  • VIEW_USER_DETAILS
  • CREATE_USER
  • EDIT_USER
  • DELETE_USER

If these permissions are not assigned to a user, that user will not be able to see the Users tab under Administration > Access and the Users option under the Create menu in the top bar.

User Access

Under the User Access section you can enter the information the new user will need to login to Mambu.

Username (required)

Usernames must be unique and they cannot be changed.

Email

The email address is required for using the "Forgot your password?" link in the login screen. The password recovery email will be sent to this address.

Password (required)

When you create your password, the system will show you how safe it is. The minimum number of characters for your password is defined in Administration > Access > Preferences.

The password must contain at least one digit and one letter.

Two Factor Authentication

For additional security, two factor authentication can be enabled for users that have Mambu UI access. Only Administrator users can setup two factor authentication for other users. To enable two factor authentication for a user select the Two Factor Authentication checkbox under User Access. Then, ensure that you add a mobile phone number in the Contact section.

Enabling two factor authentication a new user.

When this setting is enabled, users will be sent an SMS on their registered mobile number, which they will need to enter in the Mambu login screen in addition to their password.

An SMS gateway needs to be defined to be able to use two factor authentication. For more information, see SMS Gateway Setup.

Mambu Display Language

This setting configures the language used to display menus and options in Mambu for the user. The default language selected is English.

For more information on how to edit the Mambu display language and how it affects the language settings for your clients, communications, and more, see Language Settings.

Change language drop-down

Contact

Under the Contact section you can enter your mobile phone number and home phone number.

Assigned To

Users can be associated with a specific branch, allowing access to that branch and its clients and information.

The Branch field defines the branch to which the user belongs. To assign the user to a branch, choose the branch from the list.

Branch assignment is mandatory for users with the credit officer or teller user type.

Please Note

If you have federated authentication enabled, then you must perform branch assignment using your identity provider (IdP). Branch assignment using the Mambu UI or API v2 is not possible. For more information, see Managing Users under Federated Authentication - Branch assignment.

Access Rights

The Access Rights section determines which branches a user can access.

If the Can access clients and accounts data for all branches checkbox is selected then the user has access to this data for all branches.

If the Can access clients and accounts data for all branches checkbox is not selected then you can select individual branches that the user will have access to. In order to select an individual branch select the branch from the Branch dropdown. The branch will then appear in the Branch access area. If the user is assigned to a branch, the assigned branch will appear pre-selected in the Branch access area.

If your user is a Credit Officer then you will have an additional Can access other credit officers clients check box. This option gives the new user access to all clients and accounts assigned to:

  • The other credit officers in their assigned branch.
  • Credit officers who are not assigned to any branch.

Assigned to and access rights sections for credit officer

Users who have access to more than one branch can switch between those branches using the Branch filter on the top left of the interface. Users who only have access to one branch, will have their default branch pre-selected in their Branch view and will not have the "All Branches" filter. For more information, see Managing Multiple Branches.

Transactions Limits

For any user who doesn't have Administrator permissions, you can set maximum amounts on transactions.

There are six different transaction types that you can set a limit to: Loan Approval, Loan Disbursement, Fee Application, Entry of Deposits, Withdrawals, and Repayments.

To set a limit on transactions a user can perform:

  1. Under Transaction Limits, select Add Limit.
  2. Choose the transaction type from the dropdown menu.
  3. Enter the limit amount for that transaction.

Transaction limits can be set for Approve Loan, Disburse Loan, Apply fee, Make Deposit, Make Withdraw, Make Repayment

Custom fields

If you need to capture additional information about the users, you can create custom field definitions under Administration and add them to the users' profiles when creating a new user. For more information, see Custom Fields.

Other users

During the onboarding process we create some users to assist you with onboarding and support cases. For more information on the Mambu Delivery user, see Mambu Delivery users while onboarding. For more information on the Mambu Support user, see Granting access to your account with the Mambu Support user.


Was this article helpful?