ICVERIFY User Manager Guide Version 1.0.7 All Rights Reserved. All trademarks, service marks and trade names referenced in this material are the property of their respective owners. This version of this document supersedes any and all previous versions of the ICVERIFY User Manager Guide. Revision Date: 01 March 2010 ICVERIFY, Inc. 6200 South Quebec Street Suite 350 Greenwood Village, CO 80111 USA For Sales and Product Information, call: (800) 538-0651 For Technical Support, call: (800) 900-6133
Table of Contents CHAPTER 1 INTRODUCTION TO THE ICVERIFY USER MANAGER... 1 PURPOSE OF THIS GUIDE... 1 Audience... 1 Style Conventions... 1 CONTENTS OF THIS GUIDE... 1 PREREQUISITE ACTIVITIES... 2 MINIMUM SYSTEM REQUIREMENTS... 2 GETTING HELP... 3 CHAPTER 2 INSTALLING AND SETTING UP THE ICVERIFY USER MANAGER... 5 OVERVIEW... 5 ABOUT THE ICVERIFY USER MANAGER... 5 Payment Application Interaction with the ICVERIFY User Manager... 6 User Accounts... 6 INSTALLING THE ICVERIFY USER MANAGER FOR THE FIRST TIME... 7 Your First Login... 14 UPGRADING FROM A PRIOR VERSION OF THE USER MANAGER... 15 TYPICAL INSTALLATION ISSUES... 16 Prerequisites... 16 Insufficient System Permissions... 16 Earlier Version of.net... 16 Firewall and Service Activities... 16 Prior or Other Versions of SQL Server... 16 More Information... 17 CHAPTER 3 USERS, ACCOUNTS AND PROFILES... 18 OVERVIEW... 18 Users... 18 User Accounts... 18 Merchants... 18 Usage Profiles... 18 CONFIGURING YOUR SECURITY MODEL... 19 USER MANAGER TABS... 20 The User Tab... 20 The Profile Tab... 28 The Login Tab... 37 Create Your Real Accounts... 40 COMMON USER PROBLEMS... 41 Lockouts... 41 APPENDIX A PRIVILEGE LISTS... 42 OVERVIEW... 42 Pre-Loaded Profiles... 42 Copyright 2008, ICVERIFY, Inc., a First Data company.
Introduction to the ICVERIFY User Manager Chapter 1 Introduction to the ICVERIFY User Manager Purpose of This Guide This guide describes how to use the ICVERIFY User Manager to create user accounts, profiles and track users of ICVERIFY, Inc. software products, including ICVERIFY for Windows and ICVERIFY Enterprise Edition. Audience This guide is intended for ICVERIFY product administrators involved with installing, configuring and managing an ICVERIFY software product. Style Conventions The following style conventions are used in this document: Bold type indicates items such as file names, window names, and buttons. Italics type indicates a reference to another document, or terms that are defined within the text. NOTE: Indicates suggestions or additional, detailed, information.!!! Indicates actions you must take or avoid for the system to operate properly. Contents of This Guide The chapters and appendixes in this document contain the following information: Chapter 1, Introduction to ICVERIFY for Windows Setup Supplement, presents you with a brief overview of this guide. Chapter 2, Installing and Setting Up the ICVERIFY User Manager, explains how to install and set up the ICVERIFY User Manager for its first use. Chapter 3, Users, Accounts and Profiles, explains the relationship between user accounts and usage profiles, provides a tutorial for the User Manager graphical user interface, and guides you through setting up simple user accounts and usage profiles. Appendix A, Privilege Lists, contains tables explaining the various privileges for both ICVERIFY for Windows and ICVERIFY Enterprise Edition, which you can associate with usage profiles. It also explains the preloaded profiles in both products, which you can use as a quick-start implementation of your own security model. Page 1 of 48
Introduction to the ICVERIFY User Manager Prerequisite Activities Prior to operating the ICVERIFY User Manager application, you should complete the following tasks: Confirm that your computer system meets the minimum requirements and prerequisites, including the service pack levels of your chosen operating system. Install the ICVERIFY, Inc. payment software application you intend to use. Finally, you must install and set up the User Manager software.!!! When you install this software (or any software for that matter), you should have Administrator-level privileges to the PC on which you are installing it. If you don t have Administrator-level access, it may not be possible to install all the components needed to use the application, or they may appear to install properly and be unusable or unstable later. Minimum System Requirements To use the ICVERIFY User Manager, you will need the following: Pentium IBM-compatible system running Microsoft Windows 2000 (service pack 4 or later), Windows XP Home / Professional (service packs 1 or 2), Windows 2003 Server (service pack 1) or Windows Vista. 60 Megabytes of free hard drive space; up to 500MB hard drive space for the full installation of Microsoft SQL Server 2005 Express Edition. 256 Megabytes of RAM. CD-ROM drive required for program installation. Microsoft.NET Framework Redistributable version 2.0 or later. If this is not currently installed on your computer, it will be installed as part of the ICVERIFY User Manager package. Microsoft Internet Explorer version 6.0 or later. Internet Explorer is most likely already installed on your computer. If you need to install it, you can download a free installation at http://www.microsoft.com. The computer on which you install the ICVERIFY User Manager database must be accessible by all installed copies of an ICVERIFY payment software product configured to use it. This generally means one of two things: If you are using a single copy of payment software, and it is installed on the same PC you are installing the ICVERIFY User Manager, you should not have to make any changes. If you have installed the payment software on another PC, or have installed multiple copies on multiple PCs (for example a network of ICVERIFY substations or Enterprise Client applications), each PC must have network access to the PC where the User Manager database is running. Read Chapter 2 for details. Page 2 of 48
Introduction to the ICVERIFY User Manager Getting Help The following is a list of the available Help features provided to assist you: http://www.firstdata.com/paymentsoftware_integrators.com provides a forum for getting your questions answered and accessing archived help information. http://www.microsoft.com provides additional information and troubleshooting tips for the Microsoft prerequisite software applications used by the ICVERIFY User Manager. NOTE: You can also call (800) 900-6133 for Customer Service assistance, or send email to the following address: paymentsoftware.support@firstdata.com Page 3 of 48
Installing and Setting Up the ICVERIFY User Manager Chapter 2 Installing and Setting Up the ICVERIFY User Manager Overview This chapter provides a tutorial on how to install and set up the ICVERIFY User Manager to use it for the first time. About the ICVERIFY User Manager The ICVERIFY User Manager is an easy-to-use application that allows you to create and assign user accounts and usage profiles for both ICVERIFY for Windows and ICVERIFY Enterprise Edition product users. In fact, you can manage both products from a single installed copy of the ICVERIFY User Manager. The ICVERIFY User Manager functions in a client-server environment, in that the payment products transmit user activity requests (such as logging in, logging out, changing passwords, and so forth) from the payment application to the User Manager in encrypted form. The User Manager checks the information for validity and returns a response for the payment application to present to the user. The response could be one of the following: The user isn t recognized by the User Manager; The user s password is incorrect; The user tried to log in under a merchant account for which he isn t authorized; The user login was OK, but the password must be changed; The user login was OK and the payment application may continue; And so on. Page 5 of 48
Installing and Setting Up the ICVERIFY User Manager Payment Application Interaction with the ICVERIFY User Manager Since the ICVERIFY User Manager is separate subsystem from the ICVERIFY for Windows and ICVERIFY Enterprise Edition payment applications, it is important to understand how the products interact. The interaction will help you understand the networking requirements that you must meet in order for your whole ICVERIFY application solution to work. Because the ICVERIFY for Windows product is fundamentally a peer-to-peer product, and the ICVERIFY Enterprise Edition product is a client-server product, they interact with the User Manager in the following ways: ICVERIFY for Windows Each copy of the ICVERIFY software you install transmits user interaction messages to the User Manager. This means that each and every installed copy of software must have network access to the machine running the User Manager, irrespective of whether the applications are configured as standalone or master/substation. Therefore, when you install the ICVERIFY software, you should be sure to indicate the location of the User Manager database server, and ensure that all copies of software within the same substation / master station group are pointed to the same instance of the User Manager database server. ICVERIFY Enterprise Edition The Enterprise Client application transmits user interaction messages through the Enterprise Server, which then forwards them to the User Manager. This means that while only the Enterprise Server must have network access to the machine running the User Manager, all the Enterprise Client systems must naturally have network access to the machine running the Enterprise Server, or they will be able to perform neither payment nor user related transactions. User Accounts It is important to bear in mind that user accounts follow the application, not the other way around. This means that you will create and assign user accounts for a given application, such as ICVERIFY for Windows or the ICVERIFY User Manager itself. Another way to visualize this relationship is that the combination of the application and user account is what makes it unique. In other words, the user1 account for the ICVERIFY User Manager is different from the user1 account for ICVERIFY for Windows. This is because they are two separate applications. There is no automatic single sign-on support; if you want to configure user accounts with the same name and password conditions across multiple applications, you must do so manually. Page 6 of 48
Installing and Setting Up the ICVERIFY User Manager Installing the ICVERIFY User Manager for the First Time The ICVERIFY User Manager can be found on the following installation CD- ROMs: The main ICVERIFY for Windows installation CD The ICVERIFY Enterprise Server installation CD You can install the User Manager either on its own, or as part of the payment software installation process. In either case, when you first start the installer, you will be prompted to close any other active applications before continuing. Next you will see the screen shown in Figure 1 following. Figure 1 ICVERIFY User Manager Welcome Screen User Manager Installation Procedure Follow the steps in the table below to install the ICVERIFY User Manager. Step Action 1. From the Welcome screen shown in Figure 1, click Next. 2. Read the End-User License Agreement displayed in the next screen. If you agree to the terms of use, click Yes to proceed with the installation. If you do not agree, you are not authorized to install and use the ICVERIFY User Manager. Page 7 of 48
Installing and Setting Up the ICVERIFY User Manager Step Action NOTE: A copy of the End-User License Agreement, suitable for printing, can be found on the installation CD-ROM. 3. Next you ll be asked where you want to install the User Manager application. The default folder is C:\ICVERIFY\UserMgr. Change this if you wish by clicking the Browse button and selecting a different installation folder. When you are ready to proceed, click Next. 4. Now you will arrive at a screen where you are asked to specify the type of installation you wish to perform. The screen is shown in Figure 2 following: Figure 2 ICVERIFY User Manager Installation Type Screen Step Action 5. Choose Typical if you wish to do the following: You are installing the User Manager for the first time, and you want all the components to be installed on the same computer. Choose Custom if you wish to do one of the following: Page 8 of 48
Installing and Setting Up the ICVERIFY User Manager Step Action You want to install the User Manager GUI application, but connect it to a user database residing on another computer. You want to install only the user database and have User Manager applications residing on other computers connect to it. If you select Custom, you will see the screen shown in Figure 3. Figure 3 ICVERIFY User Manager Custom Installation Screen Step Action 6. If you want to install only the User Manager GUI application, you should check the User Manager and Server Connection Utility components. On the other hand, if you only want to install the database, you should check only the Install User Database component. When you have decided on the type of installation you wish to perform (either from the screen in Figure 2 or 3,) click the Next button. Page 9 of 48
Installing and Setting Up the ICVERIFY User Manager Step Action 7. Now the installation wizard will check your computer to see if Microsoft Data Access Components is currently installed. If it is not present, MDAC version 2.8 will begin to install. When the installation is complete, you may see a screen asking if you would like to restart your system. If you do, select I will restart the system myself, and click Finish. 8. Next you need to specify the access information the ICVERIFY User Manager will use to communicate with the encrypted user and profile database. Make sure you provide a complex password while configuring the database for the first time.!!! If you are installing SQL Server 2005 Express Edition for the first time on the computer, do not change the username from sa. SQL Server will not work if the sa account is not specified. TIP Bear in mind that the installer is designed to install the database on the local computer, not a network computer. If you want to install the database on a remote computer (for example, a server in your data center) and operate the User Manager GUI from a different PC, you need to install the database directly onto the server. The installer does not support remote installations. 9. If the installer determines that a copy of the User Manager database already exists on the computer (for example, if you are upgrading from a previous version,) you will be asked whether you want to upgrade the existing database or re-create it from scratch. See Figure 4.3. You should upgrade your existing database if you have created any user accounts or profiles. Re-creating the database will delete any account and profile information previously generated and you will have to rebuild them again. Page 10 of 48
Installing and Setting Up the ICVERIFY User Manager Figure 4.1 Provide Database Login Information Page 11 of 48
Installing and Setting Up the ICVERIFY User Manager Figure 4.2 Database Creation Selection Screen Step Action 10. The installation wizard will begin copying files to your computer. When the Microsoft SQL Server portion of the installation is complete, you will be presented with an option to change the Start Menu program group in which the ICVERIFY User Manager will appear. If you are not satisfied with the default settings, make any necessary changes, and click Next. 11. You are now in the final phase of the installation process. The installation wizard will copy the final ICVERIFY User Manager files to your computer, configure final settings, and may prompt you if you wish to restart your computer, as in Figure 5. Page 12 of 48
Installing and Setting Up the ICVERIFY User Manager Figure 5 ICVERIFY User Manager Restart Prompt Step Action 12. If you are only installing the ICVERIFY User Manager, select Yes, I want to restart my computer now and click Finish. However, if you have yet to install either ICVERIFY for Windows or ICVERIFY Enterprise Edition, select No, I will restart my computer later, click Finish, and then install your payment software product. The installation wizard for that product will prompt you to restart as well, and you only need to do it once. 13. After you restart your computer, the ICVERIFY User Manager will be fully installed and ready for use. Page 13 of 48
Installing and Setting Up the ICVERIFY User Manager Your First Login The ICVERIFY User Manager comes equipped with one built in administrator account that you can use to set up your users and profiles after installation. This default account exists for your convenience as the application administrator and should not be left in its default state. The default account information is as follows: User name: sysadmin Password: administrator1$ NOTE: As a convenience to you during application installation, both ICVERIFY for Windows and ICVERIFY Enterprise Edition will install an identical administrator account with the same user name and password. This default administrator account is capable of performing all actions in each respective product, to help you perform your initial installation and configuration with ease.!!! You can use the default accounts for your initial login and configuration activities. However, you will be required to change the password upon your first login. DO NOT LOSE OR FORGET YOUR NEW PASSWORD! ICVERIFY, Inc. cannot tell you what it is and you will be unable to operate your software without it. When you are ready to log in for the first time, run the ICVERIFY User Manager and enter the default account information in the login box shown in Figure 6. Figure 6 ICVERIFY User Manager Login Box Page 14 of 48
Installing and Setting Up the ICVERIFY User Manager Upgrading from a Prior Version of the User Manager If you are upgrading from a prior version of the ICVERIFY User Manager, the installer will detect the previous installation and pop up a maintenance screen asking you what operations you wish to perform. See Figure 7 below. Figure 7 ICVERIFY User Manager Maintenance Options Dialog Unless you are intentionally modifying only specific parts of the application, select the Remove radio button and follow the removal prompts. Then install the application as though you are doing so for the first time. Your user database will be retained and you can still upgrade it without losing your existing accounts. Page 15 of 48
Installing and Setting Up the ICVERIFY User Manager Typical Installation Issues Prerequisites ICVERIFY, Inc. has not encountered any significant issues with installing the ICVERIFY User Manager on multiple computers running various operating systems. However, there are a few things you should keep in mind when attempting to install the application. The User Manager has three main prerequisite application packages that it needs to run: Microsoft Data Access Components (MDAC) version 2.8 or later Microsoft SQL Server 2005 Express Edition Microsoft.NET Framework version 2.0 or later If your computer does not meet the minimum requirements for these prerequisites, you may experience problems running the ICVERIFY User Manager. However, the System Requirements section in this guide also account for the minimum requirements for all the prerequisites, so if your computer meets the System Requirements, you should be fine. Insufficient System Permissions Earlier Version of.net Firewall and Service Activities Prior or Other Versions of SQL Server Many installation issues can be traced to attempting to install the application under a user account that does not have administrator-level permissions to the computer. This is known to cause issues with MDAC. If you are running an operating system that supports user accounts, be sure you are installing under an account with administrator-level permissions to both the PC and the system registry. This version of the ICVERIFY User Manager was built under the.net Framework version 2.0. It is possible that you already have an earlier distribution package of the.net Framework installed. You should make sure that you can install a working copy of the.net Framework 2.0 Redistributable. If you have installed the Windows Firewall application that comes with Windows XP Service Pack 2, it may have disabled certain Windows services that the prerequisite applications require to function. Check your Services list to make sure the Server service is enabled to run on startup. Also be sure that the Named Pipes service is enabled by selecting File and Printer Sharing / TCP port 445. The ICVERIFY software products interact with the User Manager database by means of SQL Server named pipes. The User Manager installation CD-ROM contains the most recent distribution of the Microsoft SQL Server 2005 Express Edition available. If, however, you choose to install the User Manager on one computer, and connect it to a database on a different computer, you may experience connection problems if the database computer is running a version of SQL Server other than SQL Server 2005 Express Edition. You can either download this version from http://www.microsoft.com, or install it from the installation CD-ROM. Page 16 of 48
Installing and Setting Up the ICVERIFY User Manager More Information More information on troubleshooting installation issues for the prerequisite applications may be found at http://www.microsoft.com. If you have other specific questions, contact the ICVERIFY Help Desk at (800) 900-6133. Page 17 of 48
Users, Accounts and Profiles Chapter 3 Users, Accounts and Profiles Overview This chapter discusses the relationship between the four key concepts embodied within the ICVERIFY User Manager: users, user accounts, merchants and usage profiles. There is a hierarchical relationship between these entities and it is important that you understand it so you can assign and manage application access effectively. Also, you will add your first user to the User Manager in this chapter. Users User Accounts Merchants Usage Profiles A user is a person who wishes to access an ICVERIFY application (either ICVERIFY for Windows, ICVERIFY Enterprise Edition, or the ICVERIFY User Manager) by means of a user account. A user account is a virtual representation of a physical user, and is represented by a user name and password. A user account grants access to a given software application. The level of access is determined by the usage profile(s) of which the account is a member, and the merchants under which the user account is entitled to operate. A merchant is a logical grouping of merchant profile information that allows an ICVERIFY payment software product to perform transactions on your behalf, and is represented by a Merchant ID. Typically, each merchant in the ICVERIFY context would correspond to a single merchant account agreement that you have signed with an acquiring bank or financial services organization. In some cases, you may want to configure more than one merchant to segregate traffic from multiple lines of business. A merchant in the ICVERIFY context is associated with a single payment application, and in order to perform transactions for that merchant, a user must log in under a user account that grants access to that merchant. Even so, the user may only perform the actions available under his or her usage profile. A usage profile is a logical grouping of activities or features contained within a particular ICVERIFY payment software product, and is represented by a profile name within the ICVERIFY User Manager. Profiles are used to simplify the management of various types of users. For example, a profile with a very basic set of features might be called Clerk; a profile with a wider set might be called Supervisor; and a profile with all features active might be called Administrator. When you create a user account, you associate that account with one or more profiles. Page 18 of 48
Users, Accounts and Profiles As a convenience to you, the ICVERIFY for Windows and ICVERIFY Enterprise Edition products come pre-loaded with a few basic usage profiles. You can change them to fit your particular business operations. More information about the pre-loaded usage profiles and the privileges they contain may be found in Appendix A. Configuring Your Security Model After you install the ICVERIFY User Manager, you can configure your product security model by following these high-level steps: Step Action 1. First you will use the default login to the ICVERIFY User Manager and create a new administrator account, or change the default account, to secure access to the application. 2. Next, you will select the payment software application you wish to administer, and create the user profiles you require. 3. Then, you will create user accounts, determine initial passwords, password expiration and lockout characteristics, and associate the accounts with the appropriate user profiles. 4. Finally, you will distribute the user accounts to the users you wish to log in under them. 5. If you are using the same instance of the ICVERIFY User Manager to manage more than one payment software product, you will return to Step 2 and perform the same tasks for the second product. Page 19 of 48
Users, Accounts and Profiles User Manager Tabs Before you make any changes, take a moment to familiarize yourself with the ICVERIFY User Manager interface. The User Tab When you log into the ICVERIFY User Manager using the default account, you will arrive at the Users tab, shown in Figure 8. You ll notice several fields of information, the most notable being the User ID List box on the leftmost side of the screen, showing only the default sysadmin user account that is preconfigured upon installation. Later we will create a new user from this tab. Figure 8 ICVERIFY User Manager User Tab Page 20 of 48
Users, Accounts and Profiles User Tab Fields The following table describes some of the important fields in the User tab. Field Application Name User ID User ID List Password Password Expires After Purpose Use this combo box to select the software application for which you want to display a current list of users. When you first log into the User Manager, the Application Name combo box will be set to ICVERIFY User Manager. If you click the drop-down button, you will see one or more payment applications, depending on the products you have installed. This field either displays the currently selected user in the User ID List, or is active if you are in the process of adding a user. This field displays a list of all the user accounts that have been created for the application shown in the Application Name combo box. This field is used to create or change passwords. The password you enter must be a complex one, i.e., it must be at least 8 characters long and must contain at least one alphabet, one numeral and one special character. An error will be displayed if the entered password does not follow any of the mentioned characteristics. Note that the field will only display asterisks. You should also be aware that two users of the same application cannot have the same password. You (or they) will be prompted to select a new password if a non-unique password is chosen. Use this combo box to select when a given user will be prompted to change his or her password. Your options are 30 days, 60 days, 90 days, or Never. NOTE: You may be under an obligation from your merchant acquiring bank or financial institution to adopt a security model with expiring passwords. Read the Secure Software Guide for additional details. Attempts Allowed Before Lockout Use this combo box to select the number of attempts a user is allowed to log in before his or her account is locked. If a user keeps entering the wrong password repetitively, the account will be locked out upon the attempt number visible in the combo box. (In other words, if you select 3, the user will be locked out immediately upon the third unsuccessful login attempt, not the fourth one.) Your options for this field are 3, 5, 10 and Never. You Page 21 of 48
Users, Accounts and Profiles can select this value individually for each account. NOTE: You may be under an obligation from your merchant acquiring bank or financial institution to adopt a security model with imposed account lockouts. Read the Secure Software Guide for additional details. Profiles Check / Uncheck all Prompt to change password after first login This field displays a list of all the profiles that have been created for the application shown in the Application Name combo box. When you first run the ICVERIFY User Manager, this list will contain only a single entry of Administrator. A convenient check box, in case you have created many profiles for a given application. By checking this box, you can select or de-select all the profile entries in the Profiles list. This check box allows you to force a new user to change his or her password when the first successful login is performed. This practice provides an additional level of security, since after changing the password, only the user will know it rather than both the user and the system administrator. Create a New User Manager Administrator When you log into the ICVERIFY User Manager using the default account, you will arrive at the Users tab, shown in Figure 8. You ll notice several fields of information, the most notable being the User ID List box on the leftmost side of the screen, showing only the default sysadmin user account that is preconfigured upon installation. Our first task will be to create a new user for the User Manager itself, so the default account can be removed or disabled. Creating Your First User Follow the steps below to create a new user for the User Manager. Step Action 1. Click the New User button. You ll notice the screen changes so that certain fields have been emptied and others are active, as in Figure 9.1. Page 22 of 48
Users, Accounts and Profiles Figure 9.1 ICVERIFY User Manager Adding a New User Step Action 2. Click the User ID field and enter a name for the user account. It needs to be unique; that is, the word you use for the name cannot already be in the User ID List. In our example, we ll use the name newuser. Your User ID can be any combination of upper and lower case alphabetic characters, numbers, spaces, underscores ( _ ) and hyphens ( - ). Other characters are not allowed. Page 23 of 48
Users, Accounts and Profiles Figure 9.2 ICVERIFY User Manager Entering User Information Step Action 3. Fill in the appropriate fields for the newuser account. In the screenshot in Figure 9.2, the value newuser1 has been placed in the Password field, the name New in the First Name field, the word User in the Last Name field, and the value 1234567 in the Location ID field. (You can use Location ID to reflect a physical site or a telephone number.) Bear in mind that a password must be at least 8 positions in length and must contain at least one alphabet, one numeral and one special character. 4. You will notice the Password Expires After combo box has been expanded so you can see the choices. You ll also notice that the Prompt change password after first login checkbox is still grayed out. The feature to force a user to change a password is enabled for payment applications such as ICVERIFY for Windows and Page 24 of 48
Users, Accounts and Profiles Step Action ICVERIFY Enterprise Edition. However, ICVERIFY User Manager users do not need to be forced to change their passwords. 5. Finally, you ll notice the Administrator profile is selected. This is fine as it is the only profile currently available. Now click Save. Figure 9.3 ICVERIFY User Manager New User Entered Step Action 6. After you click Save, the newuser account will appear in the User ID List. Now click File-Logout 7. You ll return to the ICVERIFY User Manager splash screen. Click the mouse anywhere on it, or simply wait a few moments. The login box displayed in Figure 6 will appear. Use the User ID of newuser and the Password of newuser1 and click Login. Page 25 of 48
Users, Accounts and Profiles Step Action 8. The User Manager will prompt you to change your password. Change it to any combination of letters, numbers and special characters you wish, re-type it to confirm it, and continue.!!! The new password, and indeed any passwords you create, must be at least 8 characters in length and include numeric, alphabetical and special characters. This is a requirement from PADSS and is enforced by the User Manager application. User Tab for ICVERIFY for Windows The User tab may change depending on the payment software you have installed. Let s assume for a moment that you ve installed the ICVERIFY for Windows software product and want to add a user to it. Click the Application Name drop-down box and select ICVERIFY for Windows. The User tab will change to that shown in Figure 10 following. Page 26 of 48
Users, Accounts and Profiles Figure 10 ICVERIFY User Manager User Tab for ICVERIFY for Windows As you can see, the screen now shows specific information for the ICVERIFY application, including: The screen now contains a new list window on the right hand side showing all the merchants you have configured in the ICVERIFY software. The term rify is used to refer to the first (default) merchant profile and cannot be deleted. The User IDs listed on the left hand side of the screen are the users authorized to log into the ICVERIFY for Windows application, not the User Manager. A new check box above the right-hand list window allows you to associate a new user with all merchants by one mouse click. Page 27 of 48
Users, Accounts and Profiles User Management Guidelines When you are creating or managing users for ICVERIFY for Windows or ICVERIFY Enterprise edition, you should bear in mind the following guidelines: If you add a user, you must associate that user with at least one merchant. If you try to save a new user without selecting at least one merchant in the right-hand list window, you will receive an error. If you want to delete a user, you must first dissociate that user from all merchants. If a user is still associated with a merchant, you will not be able to delete the account. You cannot delete the rify merchant in ICVERIFY for Windows. This is a system-generated merchant associated with the ICVERIFY.SET setup file and must be present for the application to function. You do not, however, need to associate any users with it if you choose to use other merchant setup files. The Profile Tab The ICVERIFY User Manager application is itself a very good tutorial on the concept of usage profiles, since the application is so simple. When you have familiarized yourself with profiles in the context of the User Manager, you ll find it much easier to create profiles for other software applications. Click on the Profile tab and you ll arrive at the screen shown in Figure 11. The layout is similar to the User tab. Page 28 of 48
Users, Accounts and Profiles Figure 11 ICVERIFY User Manager New User Entered Profile Tab Fields The following table describes some of the important fields in the User tab. Field Application Name Profile Profile List Purpose This field has the same purpose as the same field in the User tab. This field either displays the currently selected profile in the Profile List, or is active if you are in the process of creating a new profile. This field displays a list of all the usage profiles that have been created for the application shown in the Application Name combo box. Available / Assigned Privileges These fields display all the privileges, or actions, that are available to a user of the application displayed in the Page 29 of 48
Users, Accounts and Profiles Field Purpose Application Name combo box. building blocks of user profiles. Privileges are the The privileges listed in the Assigned Privileges list are those that are included within the current profile meaning the actions a user may do if his or her account contains the current profile while the privileges in the Available Privileges list are those that are excluded from the profile. In the case of the ICVERIFY User Manager, the privileges are really rather simple: Manage Login grants access to the Login tab. Manage Profile grants access to the Profile tab. Manager User grants access to the User tab. These are the only privileges that exist for the User Manager. Available / Assigned Users These fields display all the user accounts that have been created for the application displayed in the Application Name combo box. User accounts must be associated with one or more profiles before they can be used. The accounts listed in the Assigned Users list are those that have been assigned the current profile meaning these users can access the privileges contained within the profile while the users in the Available Users list are those that do not have the profile as part of their account. Assign / Remove Buttons The buttons in between the Privileges and Users list boxes are used to move entries between the two sets of boxes. The > and < buttons will move a single highlighted entry from one box to another, while the >> and << buttons will move the entire list from one box to another. Build a New User Manager Profile As discussed earlier, the ICVERIFY User Manager is not a very complicated application, and as you have seen from the Profile tab, there are not many privileges available to choose from. This makes it ideal as a starting point to learn how to create profiles and assign user accounts to them. Page 30 of 48
Users, Accounts and Profiles Creating Your First Profile Follow the steps below to create a new profile in the User Manager. Step Action 1. Click the New Profile button. You ll notice the screen changes so that certain fields have been emptied and others are active. Furthermore, all the privileges in the Assigned Privileges list have moved back over to the Available Privileges list, as in Figure 12.1. Figure 12.1 ICVERIFY User Manager Creating a New Profile Step Action 2. Click the Profile field and enter a name for the new usage profile. It needs to be unique; that is, the word you use to name the profile cannot already be in the Profile List. In our example, we ll use the name UserAdmin. Page 31 of 48
Users, Accounts and Profiles Figure 12.2 ICVERIFY User Manager Assigning Privileges Step Action 3. Now highlight the Manage User entry in the Available Privileges list, and click the > button. The Manager User entry will move to the Assigned Privileges list. This means that a member of the UserAdmin profile can now perform the Manage User function. 4. Click Save. The screen will change to what is shown in Figure 12.3. Page 32 of 48
Users, Accounts and Profiles Figure 12.3 ICVERIFY User Manager New User Entered Step Action 5. Take a moment to click between the Administrator and UserAdmin entries in the Profile List and notice the differences: All three privileges have been assigned to the Administrator profile, while only the Manage User profile has been assigned to the UserAdmin profile. Both the newuser and SysAdmin user accounts are associated with the Administrator profile, while no users are associated with the UserAdmin profile. You may have noticed that the User Manager allows you to create profiles that do not have users. However, you may not create a user account that is not a member of at least one profile. 6. Now, let s create a new user account. Return to the User tab. See figure 12.4. Page 33 of 48
Users, Accounts and Profiles Figure 12.4 ICVERIFY User Manager Adding a User with the UserAdmin Profile Step Action 7. This time there are two profiles in the Profiles list: Administrator and UserAdmin. Create a new user as follows: User ID should be UserAdmin Password should be useradmin1$ First and Last Name are your choice Location ID is your choice 8. Try clicking Save while no profiles have been selected. You ll receive an error that the user must have at least one profile. Now, click the UserAdmin profile and click the Save button again. You ll Page 34 of 48
Users, Accounts and Profiles Step Action see the UserAdmin user account appear in the User ID List, as in Figure 12.5. Figure 12.5 ICVERIFY User Manager Adding a User with the UserAdmin Profile Step Action 9. Now exit the application and run it again. Use the new user account useradmin to log in, and useradmin1$ as your password. (Notice the user name is not case sensitive.) 10. You ll return to the User tab. Try clicking again on the Profile tab. You will be presented with the error message shown in Figure 12.6 and be returned to the User tab: Page 35 of 48
Users, Accounts and Profiles Figure 12.6 ICVERIFY User Manager Adding a User with the UserAdmin Profile Step Action 11. As a final lesson in profiles, let s grant this user account access to the Profile tab. There are two main ways to do this: Add the Manage Privileges privilege to the UserAdmin profile, so any account with that profile may reach the Profile tab. Add another profile to the user account. This raises an important aspect of the relationship between user accounts and profiles: that a user account may be associated with one or more profiles, and that if an account is a member of multiple profiles, the account s privilege list is the combination of all the privileges in all the profiles of which the account is a member. 12. Since we already have a profile with the Manage Privileges privilege within it, all we have to do is add that profile to the useradmin account. To do this, select the Administrator profile from the Profiles list. Now both profiles should be checked. Click Save. 13. Exit the application and run it again. Log back in under the useradmin account. You ll return to the User tab. Now try clicking on the Profile tab again. This time you will be permitted to access it. Summary You now know how to create users, assign profiles, and the relationship between user accounts and profiles. These are the basic tools you will need to manage your ICVERIFY software product s user base. Page 36 of 48
Users, Accounts and Profiles The Login Tab The final tab in the ICVERIFY User Manager allows you to get a real-time view of the various users accessing your ICVERIFY payment software products, Click on the Login tab and you ll arrive at the screen shown in Figure 13.1. Figure 13.1 ICVERIFY User Manager Login Tab User Manager View Login Tab Fields The following table describes some of the important fields in the Login tab. Field Application Name Application Type Purpose This field has the same purpose as the same field in the User tab. If the software product listed in the Application Name combo box consists of more than one component, this Page 37 of 48
Users, Accounts and Profiles Field Active Users Purpose combo box will be enabled and will allow you to select the specific component you want to check on. This field displays the user accounts currently logged into the software product listed in the Application Name field, and the component listed in the Application Type field (if the product consists of multiple components.) The User Name column lists the user account name, while the Last Login Time column shows the system date and time that the account actually signed on. Logged In Users If you have followed the tutorial in this chapter, your screen should look exactly like Figure 12.1, because you are still logged in under the useradmin account. However, the User Manager lets a system administrator watch activity across all ICVERIFY software applications that are connected to a particular user database. Let s assume you were running the ICVERIFY for Windows product. If you select ICVERIFY for Windows from the Application Name combo box, you would see something similar to the screen shown in Figure 13.2. Page 38 of 48
Users, Accounts and Profiles Figure 13.2 ICVERIFY User Manager Login Tab ICVERIFY Application View In the screen shot above, you can see that even though you are logged into the User Manager as useradmin, you can view the login activity of other accounts. In this example, a user has logged into the ICVERIFY for Windows application with the newuser account, and is currently using the application. The Logout Button and Refresh Field The last two features of the Login tab are the Logout button and Refresh field. You will probably use these features very rarely; however, it s best to understand what they do. Page 39 of 48
Users, Accounts and Profiles Use the Logout button to remove a user from the Active Users list forcibly. This is valuable if a user did not or could not log out of an ICVERIFY product before logging into one again. Examples of this behavior could be: A user s copy of ICVERIFY software, or the user s whole computer, crashed unexpectedly without the user having the chance to log out gracefully; A user logged into one computer and now wants to log in at another, but can t return to the first to log out. In these conditions, the next time that user logs in, he or she may receive a message stating You are already logged in. Contact your system administrator. As the administrator, you can use the Logout button to remove that user from the active list. The Refresh View field shows you how often the list of active users will be updated to reflect real-time login and logout activity. Create Your Real Accounts Now that you know how to create user accounts and usage profiles, select the ICVERIFY software product from the User Manager drop-down box, familiarize yourself with the pre-loaded profiles, and create the accounts you need to manage your user base. Don t forget that you can customize your accounts and profiles in any way you wish. Refer to Appendix A and your product user guide for detailed information about the various functions available in your software and how they are reflected in the privileges shown in the User Manager. NOTE: Don t take security lightly. One of the best safeguards against theft of sensitive data is a well-thought-out security model. Moreover, you may be under certain obligations to your financial institution to demonstrate that you are striving to meet best practices in the card payments industry. It is generally wise to err on the side of caution when assigning privileges to your users. If you are not sure whether a user needs a particular privilege, don t assign it unless and until there is a legitimate reason for the user to have it. Remember that your ICVERIFY software product is used to manage sensitive financial data and failure to safeguard it could damage your business. We also recommend that you review the ICVERIFY Secure Software Guide for additional tips on securing your payments acceptance environment. Page 40 of 48
Users, Accounts and Profiles Common User Problems Some of your users may not be accustomed to being forced to log into software applications in order to use them. Others may be familiar with the concept of user accounts but simply have a hard time remembering passwords. Still others may be quite handy with security but have difficulty performing required tasks with the software. This section of the guide is intended to help you identify and troubleshoot common problems users may have with your ICVERIFY software applications. Lockouts When you log into the ICVERIFY User Manager using the default account, you will arrive at the Users tab, shown in Figure 8. You ll notice several fields of information, the most notable being the User ID List box on the leftmost side of the screen, showing only the default sysadmin user account that is preconfigured upon installation. Later we will create a new user from this tab. Page 41 of 48
Appendix A Appendix A Privilege Lists Overview The key to giving your users the proper level of access to your ICVERIFY software product is to understand the various privileges within each application. This appendix provides tables listing out all privileges and their general meaning. Also, as mentioned earlier, the ICVERIFY for Windows and ICVERIFY Enterprise Edition products come pre-loaded with a few basic usage profiles for Clerks, Supervisors and Administrators. The table for a given application will indicate which pre-loaded profile contains which privilege. Remember that you can change the pre-loaded usage profiles, create new profiles and delete the pre-loaded ones, or otherwise make any modifications you wish. Pre-Loaded Profiles The pre-loaded profiles named within these tables fall into one of the following three groups: Clerk: The most basic usage profile containing privileges to perform common activities at the point of sale. Supervisor: Includes all the Clerk-level privileges as well as privileges to perform uncommon or exception-handling activities. Administrator: Includes all privileges available for a given software product, except View Full Data in GUI. As you read the tables, the text in the blue fields explain the minimum profile a user account must have in order to have access to the given privilege. In other words, if a privilege is listed at the Administrator profile level, only users with the Administrator profile in their account will be able to perform the function represented by that privilege. On the other hand, if a privilege is listed at the Clerk profile level, by default it is available to all three of the profiles listed above. If you make changes to the pre-loaded profiles, these rules may change. Page 42 of 48
Appendix A User Manager Privileges The following table defines the privileges available in the ICVERIFY User Manager application. Field Purpose Administrator is the only profile pre-defined for the User Manager. Manage Login Allows a user to enter the Login tab, view users currently logged in for a given application, and manage their login status. Manage Profile Manage User Allows a user to enter the Profile tab, create, update and delete profiles, and associate user accounts with profiles. Allows a user to enter the User tab, create, update and delete user accounts, configure passwords and password expiration cycles, and associate accounts with usage profiles. Page 43 of 48
Appendix A ICVERIFY for Windows Privileges The following table defines the privileges available in the ICVERIFY for Windows application. If you are not certain how to use a particular privilege, or do not understand the function it represents, refer to the ICVERIFY User s Guide. Field Privileges available at the Clerk profile level Application Processing Report Application Processing Transaction BUYPASS Download Request Check: Driver s License & Check, Driver s License & MICR, Driver s License Only, Guarantee, Long MICR, MICR Check Report Check Transaction Convert Book to Ship Credit: Auth Only, Balance Inquiry, Book, Cash Advance Force, Refund, Sale, Ship Credit Report Credit Transaction Debit: Batch Inquiry, Batch Recovery Return, Batch Recovery Sale, Return, Sale Debit Report Debit Transaction Purpose Ability to generate Application Processing transaction reports. Ability to access the Application Processing transaction tab. Ability to execute a Download Request for the First Data Atlanta platform. Ability to perform a specific Check transaction type. Ability to generate Check transaction reports. Ability to access the Check transaction tabs. The specific types of Check transactions allowed are governed by the Check transaction list elsewhere in this table. Ability to select a Book transaction in the current batch and convert it to a Ship transaction for settlement. Ability to perform a specific Credit transaction type. NOTE: The ability to void a Credit transaction is not available in the Clerk profile by default. Ability to generate Credit transaction reports. Ability to access the Credit transaction tabs. The specific types of Check transactions allowed are governed by the Credit transaction list elsewhere in this table. Ability to perform a specific Debit transaction type. NOTE: The ability to void a Debit transaction is not available in the Clerk profile by default. Ability to generate Debit transaction reports. Ability to access the Debit transaction tabs. The specific types of Debit transactions allowed are governed by the Debit transaction list elsewhere in this table. Page 44 of 48
Appendix A Field Find Current Transactions Find Settled Transactions Installment NOVA Debit Batch Inquiry Off-Line Group Mode Off-Line Group Report Off-Line Result Report Private Label: Auth Only, Book, Force, Purchase, Refund, Ship Private Label Report Private Label Transaction Print Receipt Save Transactions Settlement Settlement Error Report Settlement Result Report Setup Application Stored Value: Activation, Balance Inquiry, Batch Inquiry, Credit, Issuance, Prior Issuance, Prior Redemption, Redemption, Replacement, Replenishment Stored Value Report Stored Value Transaction Transmit Off-Line Group Purpose Ability to search within a current batch for a given transaction. Ability to search within a settled batch for a given transaction. Ability to access the Installments tabs to create and transmit installment transactions. Ability to perform a debit batch inquiry transaction for NOVA merchants. Not applicable if your debit processing is not performed on the NOVA platform. Ability to change to Off-Line Group mode. Ability to generate Off-Line Group reports. Ability to generate Off-Line Result reports. Ability to perform a specific Private Label transaction type. NOTE: The ability to void a Private Label transaction is not available in the Clerk profile by default. Ability to generate Private Label transaction reports. Ability to access the Private Label transaction tabs. The specific types of Private Label transactions allowed are governed by the Private Label transaction list elsewhere in this table. Ability to print or reprint receipts. Ability to edit and save a transaction in a current settlement batch (for example, if a transaction originally declined due to bad data, the ability to edit the data and save the transaction to process it a second time.) Ability to perform an end-of-day settlement operation. Ability to generate a settlement error report. Ability to generate a settlement results report. Ability to access the ICVERIFY Setup Application. Ability to perform a specific Stored Value transaction type. NOTE: The ability to void or refund a Stored Value transaction is not available in the Clerk profile by default. Ability to generate Stored Value transaction reports. Ability to access the Stored Value transaction tabs. The specific types of Stored Value transactions allowed are governed by the Stored Value transaction list elsewhere in this table. Ability to send a group of transactions entered off-line to Page 45 of 48
Appendix A Field the processor. Privileges available at the Supervisor profile level Clear Batch Credit: Void, Void Refund, Void Ticket Only Customer Database Purpose Ability to clear a current batch. Ability to void a prior Credit transaction type. Ability to access and manage the customer database. Debit: Void Ability to void a prior Debit transaction type. Delete Current Batch Ability to remove the current batch, commonly used to clean up test data. Delete Transaction Ability to delete a particular transaction. Export Transactions Allows a user to export transaction data from the application. Sensitive data such as card numbers will be masked. Import Transactions Allows a user to import transaction data from another application into the ICVERIFY product. Maintain Tables Ability to access and change the information within the inventory / line item database for Purchase Card Level III transaction processing. Options Ability to access the Options interface. Private Label: Void Return, Ability to void a prior Private Label transaction type. Void Sale, Void Ticket Only Retail Terms Manager Ability to access the Retail Terms management subsystem. Reset Batch Number Allows a user to reset the transaction batch number to help correct an out-of-balance or out-of-sequence condition at the processor. Save Installments Ability to save a new or currently edited installment. Stop Transaction Editing Ability to exit transaction edit mode. Stored Value: Refund, Ability to void a prior Stored Value transaction type. Void Activation, Void Issuance, Void Redemption Substation Test Ability to confirm a substation is properly configured for use with a master station. Switch Merchants Ability to change from one merchant setup to another. Transaction List Ability to access the Transaction List interface to tailor your view of transaction types and tabs. Ymodem File Send Ability to perform a YMODEM file send, commonly used for testing. Privileges only available at the Administrator profile level Export in Decrypted Form Allows a user to export transaction data from the application in fully decrypted form, including full account numbers and expiration dates. Page 46 of 48
Appendix A Field Import EMV Keys Update EMV Keys Receipt Printer Setup Report Printer Setup Add / Remove Merchant Purpose Ability to import the EMV Key File containing the latest EMV keysets. Ability to download the latest EMV keysets from the First Data EMV web server. Allows a user to configure a physical or virtual printer for receipt printing. Allows a user to configure a physical or virtual printer for report printing. Allows a user to configure merchant configuration information for multi-merchant processing environments. Note: Privilege View Full Data in GUI is not available as a default privilege for any of the default profiles. The privilege provides the ability to see full transaction data in the Graphical User Interface, including full account numbers and expiration dates. ICVERIFY Enterprise Edition Privileges The following table defines the privileges available in the ICVERIFY Enterprise Edition application. If you are not certain how to use a particular privilege, or do not understand the function it represents, refer to the ICVERIFY User s Guide. Field Privileges available at the Clerk profile level Purpose Authorization Only Transaction Ability to perform an Authorization-Only transaction in the Enterprise Client. Batch Authorize (Import) Ability to import a batch file for processing through the application. Check Guarantee Ability to perform a Check Guarantee transaction in the Enterprise Client. Credit Transaction Ability to perform a Credit (Return) transaction in the Enterprise Client. Post-Authorization Transaction Ability to perform a Post-Authorization (Capture) transaction in the Enterprise Client. Sale Transaction Ability to perform a Sale transaction in the Enterprise Client. Reports Ability to generate reports through the Enterprise Client. NOTE: This privilege allows a user to generate reports; however, any sensitive data in the reports will be masked unless the user also has the appropriate Full Data privilege. Total By Card View Ability to view processing totals by card type through the Enterprise Client. NOTE: This privilege allows a user to view totals; however, any sensitive data in the view will be Page 47 of 48
Appendix A Field Privileges available at the Supervisor profile level ICV Enterprise Client Setup Close Batch Delete Batches Export Batch Reset Batch Number Settle A Batch Settle All Batches View All Transactions View and Open Batches Void Transaction Privileges only available at the Administrator profile level ICV Enterprise Server Admin Purpose masked unless the user also has the appropriate Full Data privilege. Allows a user to perform various setup and configuration actions within the ICVERIFY Enterprise Client application. Ability to close a batch so that no more transactions may be added to it. Ability to remove a given batch, commonly used to clean up test data. Allows a user to export transaction data from a given batch. NOTE: This privilege allows a user to export batches; however, any sensitive data in the batches will be masked unless the user also has the Import / Export Decrypted Files privilege. Allows a user to reset the transaction batch number to help correct an out-of-balance or out-of-sequence condition at the processor. Ability to settle a given batch. Ability to settle all current unsettled batches. Ability to view all transactions processed on a given ICVERIFY Enterprise server. Ability to view and open prior batches regardless of the user who created them. Ability to void a prior transaction. Allows a user to perform all administrative-level operations on the ICVERIFY Enterprise Server. Import / Export Decrypted Files View Full Data in GUI View Full Data in Reports Ability to import and export batch files with fully decrypted data. Ability to see full transaction data in the Graphical User Interface, including full account numbers and expiration dates. Ability to generate reports that include full account numbers and expiration dates. Page 48 of 48