- 02 Aug 2023
- 8 Minutes To Read
Creating a User
- Updated On 02 Aug 2023
- 8 Minutes To Read
A user is anyone who accesses and uses Mambu via the UI or the API. Each user has a user account that stores the access credentials, the details of the person using the system, the role, and the permissions.
A list of users can be found at Administration > Access > Users.
The Users tab under Administration > Access and the Users option under the Create menu in the top bar are only visible if your user has the appropriate permissions assigned to them. For more information, see the Permissions for managing users section.
Permissions for managing users
The following permissions are required for you to be able to perform the relevant management actions on users:
For security reasons, we recommend tightly controlling which users have role and user management permissions. For more information, see Limiting role and user management permission assignment.
Creating a user
To create a user:
- Either go to the top bar and select Create > User, or on the main menu, got to Administration > Access > Users and select Create New User.
- In the Create A New User dialog, enter all the necessary information. For more details on the fields in the various sections of the form, see below.
- Select Save User.
|First Name||Maximum length of 255 characters.||YES|
|Last Name||Maximum length of 255 characters.||NO|
|Title||Maximum length of 255 characters.||NO|
|Role||If you assign a role, then the User Rights and Permissions sections of the form are pre-filled with the settings of the role, and you will no longer be able to manually edit them. For more information, see Roles.||NO|
User Rights section
Under the User Rights section, you can select an optional user Type. There are three options for types: Administrator, Teller and Credit Officer. A user that has one of these types has special characteristics that will be described below.
Administrators have all permissions and can perform any action in Mambu. Only administrators can create or edit other admins. Selecting the Administrator checkbox removes the Permissions section from the Creating a New User form.
Administrators have all the permissions of the credit officer and teller user types. Administrators also have additional access permissions in Mambu that are not available to non-administrators and which cannot be assigned as granular permissions. For example, administrators have access to the usage rights settings of saved custom views. For more information, see User types and saved custom views.
Regular users can be granted certain administrator rights by either assigning a role or assigning granular permissions under the Permissions section.
Credit officers have the option of having clients and groups assigned to them, this relationship allows for better reporting and client management.
Tellers have access to the teller module. Special tellering permissions give them access to the different actions available on this module, for example opening or closing tills, posting transactions on a till, and adding and removing cash from a till.
Under the User Rights section you can select the Access Rights. There are two different access rights types Mambu and API.
The Mambu access type is for regular Mambu UI users. Mambu access allows the user to log in to Mambu via the regular web user interface, using their login credentials.
The API access type is for basic authentication access to Mambu API endpoints. API access allows the user to authenticate and interact with Mambu using APIs.
Most of the time such an user is not an actual person, but a piece of software that makes calls to Mambu APIs. We recommend creating user accounts for such cases to provide a more clear transaction audit trail.
Like other user types, API users also require the necessary user permissions necessary to perform any desired action. Transactions posted by API users are kept in the logs in the same way as user actions from regular users.
All API users must use basic authentication. For more information on basic authentication and API keys at Mambu, see Authentication in our API Reference.
If you have federated authentication enabled, please see Managing Users under Federated Authentication - API Users for information on how to create a new API user.
If you have API consumers enabled, you will no longer be able to add the
API permission when creating a new user. You may edit any existing user to add the permission. For more information, see API Consumers.
A user in Mambu may be assigned permissions either directly or through a role. However, a single user cannot be assigned permissions in both ways.
If you do assign a role to a user, you may assign granular permissions to them. Note that some permissions are provided by roles that cannot be assigned directly to users.
We recommend assigning permissions to users through roles because it allows for more control over access in Mambu. For more information, see Access managed by role.
To assign granular permissions to a user:
- Select Permissions.
- Check the boxes next to the permissions that you wish to assign to the user.
- Select Save User.
Permissions for managing users
The following permissions are required for a user to be able to perform the relevant management actions on a user account:
If these permissions are not assigned to a user, that user will not be able to see the Users tab under Administration > Access and the Users option under the Create menu in the top bar.
Under the User Access section you can enter the information the new user will need to login to Mambu.
Usernames must be unique and they cannot be changed.
The email address is required for using the "Forgot your password?" link in the login screen. The password recovery email will be sent to this address.
When you create your password, the system will show you how safe it is. The minimum number of characters for your password is defined in Administration > Access > Preferences.
The password must contain at least one digit and one letter.
Two Factor Authentication
For additional security, two factor authentication can be enabled for users that have Mambu UI access. Only Administrator users can setup two factor authentication for other users. To enable two factor authentication for a user select the Two Factor Authentication checkbox under User Access. Then, ensure that you add a mobile phone number in the Contact section.
When this setting is enabled, users will be sent an SMS on their registered mobile number, which they will need to enter in the Mambu login screen in addition to their password.
An SMS gateway needs to be defined to be able to use two factor authentication. For more information, see SMS Gateway Setup.
Mambu Display Language
This setting configures the language used to display menus and options in Mambu for the user. The default language selected is English.
For more information on how to edit the Mambu display language and how it affects the language settings for your clients, communications, and more, see Language Settings.
Under the Contact section you can enter your mobile phone number and home phone number.
Users can be associated with a specific branch, allowing access to that branch and its clients and information.
The Branch field defines the branch to which the user belongs. To assign the user to a branch, choose the branch from the list.
Branch assignment is mandatory for users with the credit officer or teller user type.
If you have federated authentication enabled, then you must perform branch assignment using your identity provider (IdP). Branch assignment using the Mambu UI or API v2 is not possible. For more information, see Managing Users under Federated Authentication - Branch assignment.
The Access Rights section determines which branches a user can access.
If the Can access clients and accounts data for all branches checkbox is selected then the user has access to this data for all branches.
If the Can access clients and accounts data for all branches checkbox is not selected then you can select individual branches that the user will have access to. In order to select an individual branch select the branch from the Branch dropdown. The branch will then appear in the Branch access area. If the user is assigned to a branch, the assigned branch will appear pre-selected in the Branch access area.
If your user is a Credit Officer then you will have an additional Can access other credit officers clients check box. This option gives the new user access to all clients and accounts assigned to:
- The other credit officers in their assigned branch.
- Credit officers who are not assigned to any branch.
Users who have access to more than one branch can switch between those branches using the Branch filter on the top left of the interface. Users who only have access to one branch, will have their default branch pre-selected in their Branch view and will not have the "All Branches" filter. For more information, see Managing Multiple Branches.
For any user who doesn't have Administrator permissions, you can set maximum amounts on transactions.
There are six different transaction types that you can set a limit to: Loan Approval, Loan Disbursement, Fee Application, Entry of Deposits, Withdrawals, and Repayments.
To set a limit on transactions a user can perform:
- Under Transaction Limits, select Add Limit.
- Choose the transaction type from the dropdown menu.
- Enter the limit amount for that transaction.
If you need to capture additional information about the users, you can create custom field definitions under Administration and add them to the users' profiles when creating a new user. For more information, see Custom Fields.
During the onboarding process we create some users to assist you with onboarding and support cases. For more information on the Mambu Delivery user, see Mambu Delivery users while onboarding. For more information on the Mambu Support user, see Granting access to your account with the Mambu Support user.