Temenos Lifecycle Management Suite - Recovery Product Guide
Users
Administrator Guide > Security and Permissions > Users

The System User functionality is used to create and maintain Temenos users for the organization. The Users page can be accessed from System Management > Users, and displays all users for the organization.

The default view of this page is the All Users view, which lists all users in alphabetical order by username.

The following columns display in the Users page:

Column Name Description
Username Displays the user name of the user.
Name Displays the full name (Last, First) of the user.
Active If checked, the user is active in Temenos Infinity.
Logged In If checked, the user is currently logged into Temenos Infinity.
Last Login Displays when the date and time of when the user was last logged in.

From the Users page, administrators can perform the following actions:

User Attributes

The following attributes are defined within the User Edit window when creating or editing a Temenos user:

User Information

The User Information tab provides system administrators with the ability to define specific information for the user, such as the username and authentication credentials.

This tab includes the following three sections:        

User Information

The User Information section allows system administrators to enter basic information about the user.

Certain fields within this section can be included within letter and email templates.

The following fields display within the User Information section:

Field Name Description
First Name Enter the first name of the user. This is a required field.
Last Name Enter the last name of the user. This is a required field.
Username Define a username for the user. This is used to log into Temenos Infinity, if not using Windows Authentication. This is a required field.
Email Enter in the user’s email address. This is a required field.
Description If necessary, enter in a description for the user.
User Type Define the role of the user within Temenos Infinity from this drop-down. This correlates to the workflow history colors under System Management > Administrative Settings. The security for the user is not determined by this drop-down.
Time Zone Define the time zone for the user. This reflects the time that displays in a workflow history screen when an account is worked.
Active Select this check box to activate the user. Leave the check box blank to deactivate a user.
Logged In

If checked, this box indicates whether the user is logged into Temenos Infinity.

This field can be used as a reference when editing an existing user.
Phone Enter in the phone number of the user.
Phone Extension Enter in the phone extension of the user.
Branch If there are multiple branches, select the branch where the user works. This is system-defined.
Department Enter the name of the user's department.
Title Enter the job title of the user.

Lifecycle Management Suite Authentication

While this topic has been updated to reflect the new Temenos Infinity branding, Lifecycle Management Suite will continue to appear for this section until such a time that the branding can be updated.

Within the Lifecycle Management Suite Authentication section, define the sign-in method of the new user.

By default, System is selected, which requires the user to enter in username and password to sign into Temenos Infinity. The administrator must define the password in this section.

The value of the password is masked upon entry in the Password and Confirm Password fields.

Once the user details are saved, the encrypted version of the password is populated within the Password field, masked as dots.

Select the Windows method to allow users to sign in using the  button on the sign-in page. If this option is selected, the system validates the Windows ID and password for the user during the log in process. Enter the Windows Account for the user in the Windows Account field. The format for the windows account is always DOMAIN NAME\username.

Select the Public API method to establish a dedicated user to communicate with connectors and third party integrations using the Public API DMZ service.

These settings are only used for certain connectors that utilize the Public API DMZ service.

Upon selecting this method, complete the following parameters: 

Parameter Description
API Key

Enter the API Key generated by Temenos. This field is required.

When saving this screen, the API Key is decrypted and validated against the installation key for the environment to confirm that the key is valid. If the API Key does not match, an error message displays to the user.
Secret Key

Enter the Secret Key generated by the financial institution. This parameter provides an added level of security to financial institutions.

When a value for the Secret Key exists in the database, it is not displayed within this page for security purposes.

The Security Key value is stored one-way hashed in the database.
The Secret Key can be modified once saved. If a user attempts to update this field to a blank value, the existing Secret Key is retained in the database.

Select the SAML SSO method to allow users to sign in using the  button on the sign-in page. If this option is selected, the system redirects to the configured SAML SSO provider's page to validate the credentials for the user during the log in process. Enter the NameID provided by the SAML SSO identity provider for the user in the SAML NameID field.

 

Host Authentication

Within the Host Authentication section, define the Host ID, Host ID 2, and Host Password for the host system.

These settings are only used for certain host systems. For more information, please see the applicable core connector guide for the institution.

        

Back to Top ^ 

Company Information

The Company Information tab is comprised of two sections: Company Information and Organization Structure.

The Company Information section of the tab provides the ability to define the following information for the user:    

The fields within the Company Information section are for informational purposes only.
Field Name Description
Company Name Enter the name of the company.
Company Website Enter the website URL for the company.
Company Email Enter the email address for the company.
Company Phone 1 Enter in the primary phone number for the company.
Company Phone 2 Enter an additional phone number in which the company can be reached.
Company Fax Enter in a fax number for the company.
Company Address 1 Enter the first line of the company address.
Company Address 2 Enter in the second line of the company address.
Company City Enter the city in which the company is located.
Company State Enter the state in which the company is located.
Company Zip Code Enter the zip code in which the company is located.
Branch Number Enter the branch number of the company.

Within the Organization Structure section, select a value from the desired Organization Level field(s) to define how the user is to be grouped for easier reporting purposes. The values in each drop-down populate from the ORG_LEVEL1, ORG_LEVEL2, or ORG_LEVEL3 lookup fields in System Management > Field Configurations.

Back to Top ^ 

Personal Information

The Personal Information tab provides system administrators with the ability to define the user’s personal information.

The fields within the Personal Information section are for informational purposes only.

The following fields display in this tab: 

Field Name Description
Address 1 Enter the first line of the user’s home address.
Address 2 Enter the second line of the user’s home address.
City Enter the city in which the user resides.
State Enter the state in which the user resides.
Zip Code Enter the Zip Code in which the user resides.
Home Phone Enter the home phone number of the user.
Other Phone Enter an additional phone number of the user.
Home Email Enter in the personal email address of the user.

Back to Top ^ 

Collection Settings

The Collections Settings tab provides the ability to set collection standards for the user. These fields are used by administrators to track collection performance.

       

     

The following fields display within this tab:

Field Name Description How contributes to User Performance
Daily Work Hours Identifies the number of hours per a day that the user is expected to work. N/A
Total Calls per Hour Identifies the number of calls that a collector is expected to make per hour.

Used to determine:

  • Target Number of Calls for Collector Production Dashboard and User Performance Dashboard.

(Total Calls Per Hour x Hours Worked= Target Number of Calls)
Target % Contacts Identifies the percentage of calls placed by the user expected to result in a successful, valid contact.

Used to determine:

  • Target Number of Contacts for Collector Production Dashboard and User Performance Dashboard.

 (Actual Calls x Target % Contacts= Target Number of Contacts)
Target % Promises Define the percentage of successful promises the user must meet.

Used to determine:

  • Promises Made Target for Collector Production Dashboard

(( Target % Promises x Contact Count)/100= Promises Made Target)

  • Target Number of Promises for User Performance Dashboard.

(Number of Contacts x Target % Promises= Target Number of Promises)
Target % Promises Kept Define the percentage of successful promises kept the user must meet.

Used to determine:

  • Target Number of Promises Kept for Promise Monitor Dashboard.

((Target % Promises Kept x Due Count)/100= Target Number of Promises Kept)
Max Promise Days Identifies the maximum number of days a collector can define for the time period in which the total promise must be fulfilled.

For example, if the max promise days is set to 30 days and the user sets the promise to be completed in 45 days, the promise goes to management for approval.           		 N/A
Max First Payment Days Identifies the maximum number of days in advance that a collector can schedule the first promise payment.

For example, if the max first payment days is set to 10 days and the user schedules the first payment in 20 days, the promise goes to management for approval.		 N/A
Max promise payments

Identifies the maximum number of payments in which a user is able to divide a promise payment.

When an end-user is running the Promise to Pay workflow step, this determines the maximum amount of promise payments the user can select from the Number of Payments drop-down.

For example, if the max promise days in System Management > Modules > Collection is equal to 4, and the user sets up 5 payments, the promise is deferred to management approval.

 N/A
Max % Promise Tolerance

Identifies the maximum percentage of the total promise amount that a user can accept to satisfy the promise payment. A promise payment can be short without being considered broken as long as the payment meets the discount requirement specified here.

For example, if the max % promise is 10% and the total promise amount is $1,000, the promise payment can be satisfied if the borrower pays $900.   

If no discounting is permitted, then the value in this field should be set to “0.”
N/A
Min Promise Value As % of DQ Amount

Identifies the minimum % of the total promise amount that the user is allowed to accept.

For example, if this setting is set to 10% and the total DQ amount is $10,000.00, the minimum promise that the user can take is $1,000.00. Otherwise the promise is sent for manager approval. 		N/A
For additional information on User Performance, please see the User Performance Web Part topic in the User Guide.

Back to Top ^ 

Security Groups

Within the Security Groups tab, assign the user to a Security Group. The Security Groups available to assign are defined in System Management > Groups > Security Groups.

A user can be assigned to multiple security groups.
   

Back to Top ^ 

Permissions

The Permissions tab enables system administrators to manage a user’s access to several features throughout the system.

This tab contains two columns: Function and Permission. Click under the Permission column in the corresponding row, and a drop-down appears. Change the value in this drop-down to modify the user's access to the functionality.

The following permission options are available for each user:

Reference the following section for an overview of each permission table:

ShowPermission Tables

The tables below provide a list of the permissions available under each category, as well as a description of each permission.

Application Processing - Loan
Name of Permission Description
Add and Delete Fees on Application:

Allows a user to add and remove fees that have been automatically or manually added to a loan application.

 None = Add and Delete buttons are disabled in the Fees panel. Edit is disabled for the Fees grid.

Change = Add and Delete buttons are enabled in the Fees panel. Edit is enabled for the Fees grid.
Approve Loan:

Allows a user to manually approve an application.

 None = "Approve" button is disabled in the Workflow and Application Toolbar.

Change = "Approve" button is enabled in the Workflow and Application Toolbar if Status <> Incomplete, Disbursed or Not Eligible.
Change Applicants Receiving Adverse Action Notice:

Allows user to change the field to send an adverse action notice to a particular applicant from the Reject Application & Withdraw Application windows.

 None = applicant check boxes are disabled on Reject Application and Withdraw Application windows.

Change = applicant check boxes are enabled on Reject Application and Withdraw Application windows.
Change Effective Date on Application:

Allows a user to update the Effective Date field on the application screen that collects loan term information.

 None = user does not have permission to override and is presented with an override pop-up window if the field has been modified.

Change = user has permission to override and is not presented with override pop-up if the field has been modified. Also allows user to input credentials into the override pop-up for other users.
Change Fees from Sub-Product:

Allows a user to modify the amount of a fee automatically added to a loan application by the system.

 None = User does not have permission to override the amount for a loan fee, and is presented with an override pop-up window when a Fee field is modified.

Change = User has permission to override the fee amount for a loan fee, and is not presented with the override pop-up when an Fee field is modified. This permission also allows a user to input credentials into the override pop-up for other users.
Change Introductory Term on Application:

Allows a user to manually change the introductory term that is used for Introductory Rate calculations.

 None = Introductory Term field is disabled on the Loan Terms screen.

Change = Introductory Term field is enabled on the Loan Terms field
Change Variable Rates:

Allows a user to change the Variable Rate fields (listed below) on the Loan Terms screen.

  • First Rate Change Date
  • Rate Change Frequency
  • Rate Change Margin
  • Max Rate Decrease for Loan
  • Max Rate Increase for Loan
  • Max Rate Decrease per Change
  • Max Rate Increase per Change
 None = user does not have permission to edit fields. If fields have been changed by the user they are presented with an override pop-up window.

Change = user has permission to edit fields and is not presented with override pop-up. Also allows user to input credentials into the override pop-up for other users.
Change Vendor on Application:

Allows a user to change the Vendor/Dealer field during the application process.

 None = Vendor field is disabled in the Properties pop-up box when Dealer Purchase or Indirect are selected as Source.

Change = Vendor field is enabled in the Properties pop-up box when Dealer Purchase or Indirect are selected as Source.
Cross-sells In Loan Amount Exceed Approval Tolerance:

Allows a user to override the Approval Tolerance Amount that is set on the sub-product definition (only if it is exceeded because of cross-sells being included in the loan amount, such as GAP & MBC).

 None = user does not have permission to override and is presented with an override pop-up window.

Change = user has permission to override and is not presented with override pop-up. Also allows user to input credentials into the override pop-up for other users.
Decline Loan:

Allows a user to decline a loan application.

 None = "Decline" button is disabled in the Application Toolbar and Workflow.

Change = "Decline" button is enabled in the Application Toolbar and Workflow if Status <> Incomplete, Disbursed, or Not Eligible.
Disburse Loan:

Allows a user to Disburse and book the loan to the core system.

 None = The Disburse button is not able to be selected in the Application Toolbar and Workflow.

Change = The Disburse button able to be selected in the Application Toolbar and Workflow.
Edit Adverse Action Reasons:

Allows a user to add Reject & Adverse Action Reasons to an application via the Other Actions button.

 None = "Collect Adverse Actions" is disabled in the Other Actions dropdown.

Change = "Collect Adverse Actions" value in the Other Actions dropdown list is active and can be selected.
Edit Disbursement Date:

Allows a user to edit the Disbursement Date field.

 None = Disbursement Date is disabled on the application screen that collects loan term information.

Change = Disbursement Date field is enabled on the application screen that collects loan term information.
Edit Doc Stamps Program:

Allows a user to edit fields in the application related to the Doc Stamps Program.

 None = User does not have permission to edit fields.

Change = User has permission to edit fields.
Edit First Notification, Second Notification and Expiration Dates:

Allows a user to edit these fields on the Loan Terms screen.

 None = User does not have permission to edit fields.

Change = User has permission to edit fields.            
Exclude Payee from OFAC:

Allows a user to exclude a check payee from being checked via the OFAC interface during the Disbursement.

 None = "Do Not Run OFAC" Checkbox is disabled on Edit Payee OFAC Information window.

Change = "Do Not Run OFAC" Checkbox is enabled on Edit Payee OFAC Information window.
Fund Delay Reasons - Add:

Allows a user to add a Fund Delay Reason and Delay Extensions to the application.

 None = Add button is disabled in the Fund Delay panel and Create & Edit Delay screen

Change = Add Button is enabled in the Fund Delay panel and Create & Edit Delay screen.
Fund Delay Reasons - Delete:

Allows a user to remove a Fund Delay Reason or Delay Extension on the application.

 None = Delete button is disabled in the Fund Delay panel and Create & Edit Delay screen.

Change = Delete button is enabled in the Fund Delay panel and Create & Edit Delay screen.
Fund Delay Reasons - Edit:

Allows a user to modify a Fund Delay Reason and Delay Extension on the Application.

 None = Edit button is disabled in the Fund Delay panel and Create & Edit Delay screen.

Change = Edit is enabled in the Fund Delay panel and Create & Edit Delay screen.
Fund Delay Reasons - Waive:

Allows a user to mark a delay as being waived in the Fund Delay.

 None = Waive checkbox is disabled in the Fund Delay panel and Create & Edit Delay screen.

Change = Waive checkbox is enabled in the Fund Delay and Create & Edit Delay screen.
Initial Amount Exceeds Min/Max for Sub-Product:

Allows a user to override the Min/Max Amount values that are set at the sub-product definition. For example: New Auto has a min amount of $1500.00. An application is being submitted and the Requested Amount is $1000.00. An override box pops-up for users who do not have this permission and requires someone with this authority to put in their credentials in order for the user to proceed with the application.

 None = user does not have permission to override and is presented with an override pop-up window.

Change = user has permission to override and is not presented with override pop-up. Also allows user to input credentials into the override pop-up for other users.
LO Approval – Display Adverse Actions:

Allows user to view/edit the Adverse Action panel on the Approve Application screen.

 None = Adverse Action sub-panel is not displayed on the Approve Application screen.

Change = Adverse Action sub-panel is displayed and editable on the Approve Application screen.

Loan Covenants – Add:

 

Allows a user to add loan covenants to a loan application.

None = Add button is disabled in the Loan Covenants panel.

 

Change = Add button is enabled in the Loan Covenants panel.

If a user is granted permission to add loan covenants, the Loan Covenants - Change permission should also be set to Change for the user to ensure he or she is able to set values for the convenant once it is added.

Loan Covenants – Change:

 

Allows a user to modify a loan covenant on a loan application.

 

None = The Edit button is disabled in the Loan Covenants panel, and the fields that support inline editability are read-only in the panel grid.

 

Change = The Edit button is enabled in the Loan Covenants panel, and inline editing is available for the applicable fields in the panel grid.

Loan Covenants – Allow Delete:

 

Allows a user to remove loan covenants that have been automatically or manually added to the application.

None = The Delete button is disabled in the Loan Covenants panel.

 

Change = The Delete button is enabled in the Loan Covenants panel.

Loan Covenants - Waive on Application:

 

Allows a user to mark a loan covenant as waived on a loan application.

None = Waive check box is disabled when editing a loan covenant in the Loan Covenants panel.

 

Change = Waive check box is enabled when loan covenant in the Loan Covenants panel.
Loan Cross-sells Exceed Max Amount:

Allows a user to override the Max Loan Cross-Sell Amount (the sum of all an application’s new/replacement Cross-sell offers) that can be set by an underwriter on the manual underwriting screen.

For example: An underwriter has set the Max Loan Cross-Sell amount to be $10,000.00 on the underwriting screen. The end user gets to the Cross-Sell screen and pitches the Cross-sell products. The applicant wants all the available cross-sell offers, which total $15,000.00. An override box appears for users who do not have this permission and requires someone with this authority to put in their credentials in order for the user to proceed with the application.

 None = user does not have permission to override and is presented with an override pop-up window.

Change = user has permission to override and is not presented with override pop-up. Also allows user to input credentials into the override pop-up for other users.
LTV Exceeds Min/Max for Sub-Product:

Allows a user to override the Min/Max LTV value that is set at the sub-product definition. For example: New Auto has a max LTV of 110%. An application is being processed and the LTV is calculated to be 112%. An override box pops-up for users who do not have this permission and requires someone with this authority to put in their credentials in order for the user to proceed with the application.

 None = user does not have permission to override and is presented with an override pop-up window.

Change = user has permission to override and is not presented with override pop-up. Also allows user to input credentials into the override pop-up for other users.

Recurring Fees - Add and Delete:

 

Allows a user to add recurring fess to a loan application, as well as remove recurring fees that have been automatically or manually added to the application.

None = Add and Delete buttons are disabled in the Recurring Fees panel.

 

Change = Add and Delete buttons are enabled in the Recurring Fees panel.

Recurring Fees - Change Recurring Fees:

 

Allows a user to modify a recurring fee on a loan application.

None = Fields are read-only in the Recurring Fees panel, and cannot be modified.

 

Change = Inline editing is available in the Recurring Fees panel, and users are able to modify field values within the grid.

Recurring Fees - Waive on Application:

 

Allows a user to mark a recurring fee as waived on a loan application.

None = Waive check box is disabled when editing a fee in the Recurring Fees panel.

 

Change = Waive check box is enabled when editing a fee in the Recurring Fees panel.

Unmask Lending Fields TIN and DOB:

 

Allows a user to view unmasked values for the TIN and Date of Birth fields in an application.

None = User is unable to view an unmasked value of the TIN and Date of Birth fields in an application. When the user hovers over the  icon for the TIN or Date of Birth field, a tool-tip is presented to the user to identify that permission to unmask the field is not enabled.

If this permission is set to None, but the View Masked Fields permission is set to View, the user is able to view an unmasked value for TIN and Date of Birth fields when the  icon is clicked. A user can only search using a full 9-digit TIN (see formatting below) or a 4-digit partial TIN.

 

View = User is able to view the full unmasked value of the TIN and Date of Birth fields in an application. User can search using a partial (any length) TIN or full 9-digit TIN (formatted as either 999-99-9999 or 99-999999).

Waive Loan Review Indicator:

 

Allows a user to mark a loan review indicator account as waived.

 None = The waived flag remains read-only on the Loan Review Indicator panel.

Change = The waived flag can be set to True for a given account on the Loan Review Indicator panel.

 

 

System Management
Name of Permission Description
Administrative Settings:

Allows a user to view and change administrative settings within Temenos Infinity. Administrative Settings can be accessed in System Management and include settings such as look and feel, security and institutional information.

None = Users can not view or access the Administrative Settings page in System Management.

 

View = Allows users to view but not make any changes to the Administrative Settings page in System Management.

Change = Allows users to view and make changes within the Administrative Settings page in System Management.
Configuration Export:

Allows a user to view, edit and change Configuration Manager Exports.

 None = Users can not view or access the Export Configurations page in System Management > Configurations.

View = Users can view the Export Configurations in System Management.

Change = Allows users to view and make changes within the Export Configurations page in System Management > Configurations.
Configuration Import:

Allows a user to view, edit and change Configuration Manager Imports.

None = Users can not view or access the Import Configurations page in System Management > Configurations.

View = Users can view the Import Configurations in System Management.

Change = Allows users to view and make changes within the Import Configurations page in System Management > Configurations.
Data Purging

Allows a user to view and change the data purge settings for Temenos database tables.

None = Users can not view or access the Data Purging page in System Management > Data Purging.

 

View = Allows users to view, but not make any changes to the Data Purging page in System Management > Data Purging.

Change = Allows users to view and make changes within the Data Purging page in System Management > Data Purging.

Field List Configurations:

 

Allows a user to map values from the BANKRUPTCY_PARTY_TYPE and PARTY_TYPE lookups to up to 10 flattened Bankruptcy Party or Legal Party fields, in order to populate the data in letters, views, and/or reports.

 

None = Users cannot view or access the Field List Configurations page in System Management..

 

View = Allows users to view the Field List Configurations page in System Management, but not make any changes.

Change = Allows users to view and make changes within the Field List Configurations page in System Management.
GL Accounts (Recovery Module):

Allows a user to view and change GL Accounts when using the Recovery Module. GL Accounts are used when defining the posting rules on a transaction code to determine how a new transaction is allocated on a recovery account. 

None = Users can not view or access the GL Accounts page in System Management.

 

View = Allows users to view but not make any changes to the GL Accounts page in System Management.

Change = Allows users to view and make changes within the GL Accounts page in System Management.
Letter Barcode Activation:

Allows a user to activate the letter barcode process and define the location where scanned files are to be placed for the institution.

None = Users can not view or access the Letter Barcode Activation page in System Management > Communication > Letter Barcode Activation.

 

View = Allows users to view, but not make any changes to the Letter Barcode Activation page in System.

Change = Allows users to view and make changes within the Letter Barcode Activation page in System Management.

Letter Barcode Scanning Exceptions:

 

Allows a user to view exception documents, as well as manually attach the documents to the applicable account or cases.

None = Users can not view or access the Letter Barcode Scanning Exceptions page in System Management > Communication > Letter Barcode Scanning Exceptions.

 

View = Allows users to view, but not make any changes to the Letter Barcode Scanning Exceptions page in System.

Change = Allows users to view and make changes within the Letter Barcode Scanning Exceptions page in System Management.
Letters and Forms:

Allows a user to create letters and other forms to be used when working a case within the system.

 

None = Users can not view or access the Letters and Forms page in System Management > Communication > Letters and Forms.

 

View = Allows users to view but not make any changes to the Letters and Forms page in System Management > Communication > Letters and Forms.

Change = Allows users to view and make changes within the Letters and Forms page in System Management > Communication > Letters and Forms.
Process Scheduling

None = Users does not have access to view the new Processes System Management Screen.


View = Users have access to view the new Processes System Management Screen but cannot make any changes.


Change = Users have access to view and make changes within the new Processes System Management Screen.
Transaction Codes (Recovery Module):

Allows a user to track payments, adjustments, and expenses on charged off accounts. Multiple transaction codes can be configured to apply funds differently to an account.

None = Users can not view or access the Transaction Codes page in System Management.

 

View = Allows users to view but not make any changes to the Transaction Codes page in System Management.

Change = Allows users to view and make changes within the Transaction Codes page in System Management.

 

 

 

Back to Top ^ 

Screens

Within the Screens tab, assign available screens to the user. If a screen is assigned, the user has access to the screen in the personworkspace.

The screens and boxes that display on the User Edit screen are determined by the enabled module(s). For example, if  origination is not active, origination screens are not available to be assigned, and the Available and Assigned Origination Screens boxes do not display on the Screens tab. If the institution uses the Account Servicing modules, as well as the Origination modules, boxes display to assign both Collection screens and Origination screens to the user.
If the security group the user is assigned to has access to the screen, by default the user has access to the screen even if they do not at the user level.

Back to Top ^ 

Workflows

In the Workflows tab, workflows can be assigned to “None,” “View,” or “View & Execute.”

If a workflow is assigned to None, the user is not able to view the workflow history associated to the workflow nor execute the workflow. If assigned to View, the user can view the workflow history associated to the workflow but cannot execute it. If assigned to View & Execute, the user can view the workflow history and execute the workflow on an account, case, or person.

If the security group the user is assigned to has access to the workflow, the user has access to the workflow by default, even if he or she does not have access at the user level.

In order for a user to have access to a workflow on an Area, the following criteria must be met:

For each Workflow, security can be set on the Area and the User or Security Group level. This security only applies when a user enters the Workspace of an Area. For example, if a workflow is not assigned to an Area, the workflow does not appear in the Area regardless of the security applied to the workflow.

When assigning a workflow to an Area or assigning Users and Security Groups to a workflow, there are three levels of security:

None is the lowest level of security, and View & Execute is the highest level of security.

Back to Top ^ 

Dashboards

In the Dashboards tab, assign available dashboards to the user. If assigned the user is able to open the dashboard from the dashboard icon in the Ribbon Bar.

If the security group the user is assigned to has access to the dashboard, by default the user has access to the dashboard even if they do not at the user level.

Views

In the Views tab, assign available views to the user. If assigned, the user is able to open the view from the views icon in the Ribbon Bar.

If the security group the user is assigned to has access to the view, by default the user has access to the view even if they do not at the user level.
   

Back to Top ^ 

Reports

In the Reports tab, assign available reports to the user. If assigned, the user has the ability to view/run the reports from the reports icon in the Ribbon Bar.

If the security group the user is assigned to has access to a report, the user has access to the report by default, even if he or she does not have access at the user level.

Back to Top ^ 

Areas

In the Areas tab, assign available areas for the Account Servicing modules to the user. These assigned areas are available to the user in the Areas drop-down in the person workspace.

If the security group the user is assigned to has access to the area, the user has access to the area by default, even if he or she does not have access at the user level.

Categories

This functionality is no longer used in Temenos Infinity, and will be removed from the User attributes in an upcoming product release.

Back to Top ^ 

Credentials

User Credentials enable administrators to assign the user specific IDs required for certain functionality throughout Temenos Infinity.

Credentials may be used as a prerequisite when activating certain third party connectors within Temenos Infinity. For more information on whether credentials are required for a connector, refer to the applicable Connector Guide.

Administrators can add and remove credentials for a user by means of the Credentials toolbar. Once a credential is added, the below attributes may be assigned in the grid displayed:

If desired, the Connector Credentials Import Process can be manually run on demand from the server where Temenos Infinity is installed to import user level connector credentials from an Excel file, and automatically populate the credentials within the Credentials tab for each user in the file. Reference the Connector Credentials Import section below for more information on this functionality:

ShowConnector Credentials Import

The Connector Credentials Import process provides the ability to easily import third party credentials for all users with access to a connector's functionality, rather than separately adding credentials for each user within the Credentials tab. A system administrator or IT Support representative for the institution can manually run this process on demand from the server where Temenos Infinity is installed.

The following section provides an overview of the steps to take to import connector credentials for each active user in Temenos Infinity:

This process does not create new users in the database. In order to import credentials for a user, the user must be active in Temenos Infinity, and have access to the applicable connector.

Step One: Create and Export Report of Active Users

Prior to running the Connector Credentials Import process, system administrators can create a report from the Reports page in the Ribbon Bar that identifies the username for each active user in Temenos Infinity. The following fields can be added to the report within the Fields tab of the Report Configuration window to generate a list of the usernames:

  • User > Username
  • User > First Name
  • User > Last Name
  • User > Is Active

Once created, the report can be run, and then exported to Excel.

If desired, system administrators can also configure a View to include the above fields, which generates a list of the usernames for all active users, and is able to be exported to Excel in the same manner as a report.  

After the Excel file is created, system administrators can save the file locally, and use it as a base to create the import file for the Connector Credentials Import process.

Step Two: Create the Import File for the Credentials Import Process

The Excel file of active users can be used as a base to create the file for the Connector Credentials Import process. System administrators can export an Excel file with credentials from the applicable third party, and then add the credentials to the Excel file created with the user information from Temenos Infinity.

Each file must include the following three columns of information, and a row for each active user having credentials imported for the connector:

If the Import file is not structured in the following format, the credentials in the file are not able to be imported, and an error is recorded in the Log File during the Import process.
Column Description
LMS User Name

The username assigned to the user in Temenos Infinity. This value is used to map the third party credentials to the correct user during the import. The system populates the associated Connector User Name and Connector Password from the file in the Credentials tab for the user once the Import process completes.
Connector User Name The username assigned to the user for the third party connector. This value populates within the ID column of the Credentials tab for the user once the Import process completes.
Connector Password

If a password is required, this column includes the value assigned to the user as a password for the third party connector. If a password is not required for the connector, this column can be left blank. The system populates this value within the Password column of the Credentials tab for the user.

For information on whether a password is required for a specific connector, please see the Configuring the Connector topic in the applicable Connector Guide.

Step Three: Run the Connector Credentials Import Process

After the Import file has been created and saved for the connector, the LMS.Core.CredentialsImport exe file process can be manually run from the institution's server.

To run this process:

  • Open File Explorer on the server where Temenos Infinity is installed for the institution.
  • Select the exe folder.
  • Within the exe folder, right-click on the LMS.Core.CredentialsImport process, and select Run as Administrator.
  • A window appears to import the file for the Connector Credentials Import process.

     

  • Within the window, click Browse... to navigate to the location where the Credentials file is saved. Once the file is selected, the path populates within the File Location box in the Import window.
  • After the file is located, select a value from the Credential Type drop-down to identify the connector for which the credentials are being imported. This drop-down includes a list of all active connectors for the institution, and identifies the Credential Type to be added to the Credentials tab for each user in the file.
  • Once the File Location and Credential Type are identified, click Import.
  • During the import, the system attempts to add a connector credential instance to the Credentials tab in System Management > Users for each user, or row, in the Import file. A Log File is also created on the Share Path to provide an overview of the Import results, including the reasons for any errors.
    • If the process is successful, a message is received to inform that all credentials were imported successfully, and the following information populates within the Credentials tab for each user in the file:                                
      • Type is populated with the value identified in the Credential Type drop-down for the import.
      • ID is populated with the value of the Connector Username listed in the file for the user.
      • Password is populated with the value of the Connector Password listed in the file for the user.
        If a password is not required for the connector, a blank value populates within the Password column for the user.
    • If any credentials cannot be imported due to errors, the process does not fail, but a message is received to inform that all records could not be imported successfully.

Step Four: Review Log File

When the Connector Credentials Import process is run, a Log File is automatically created on the Share Path to provide an overview of the Import results for each Credential Type.

The Log file for the Connector Credentials Import can be accessed by navigating to the share folder on the server where Temenos Infinity is installed, selecting the Log folder, and then opening the Connector Credentials Import file.

This file contains a section for each credential type imported during the Connector Credentials Import process, including the date and time the import was run, as well as the following information about the results of the Import:

  • Count of the total number of records in the file.
  • Count of the number of records successfully created.
  • Count of the number of records with errors.

If a failure occurs, a separate "Failed" entry appears in the file for each record that failed to import for the credential type. This entry lists the number of the record that could not be imported, the LMS username associated with the failed record, the connector username associated with the failed record, and an error message that identifies the reason for the failure. Reference the table below for an overview of the error messages that may appear for a failed record in the Log File for the Connector Credentials Import:

Error Message Received When
User Name not found The LMS User Name column does not match an existing user in Temenos Infinity.
Multiple matches found for User Name The LMS User Name matches multiple users from Temenos Infinity.
Password required A password is required for the Credential Type, and no password is supplied in the file.
Invalid file format The Import file is in an incorrect format.
The Microsoft Access database engine cannot open or write to the file. It is already opened exclusively by another user, or you need permission to view and write its data. The Log File is open while the Connector Credentials Import process is being run on the server.
Field Description
Type

Select the type of user credential being added for the user. Credentials may be system-defined, or specific to a connector. The following credentials are system-defined:

  • License Number - Used to identify the user that creates a loan application. This value is stored on an application when it is created.
  • NMLS - Used to identify the users that have obtained an NMLS license.
ID Enter the ID, or username, assigned to the user for the third party connector.
Password

If a password is required, enter the user's password for the third party connector. 

Not all connectors require a password for their user credential; however, if a password is required for a connector, a value must be entered within this field, or an error is received when trying to save the User Edit screen.

For the system-defined credentials, License Number does NOT require a password, while the NMLS credential does require a password to be entered. For information on whether a password is required for a specific connector, please see the Configuring the Connector topic in the applicable Connector Guide.
Confirm Password If a password is required, re-enter the password defined in the Password field.

Back to Top ^ 

Restrictions

Restriction Codes are used to identify accounts containing personal information for individuals employed by or related to a financial institution.

This section allows system administrators to restrict users from accessing specific accounts within Temenos Infinity. System administrators can assign codes to a user, which grant the user access to accounts that are restricted. Additionally, system administrators can prevent users from accessing a person's account by adding the person's identifier to the Restricted Persons grid.

In order to view an account, the user must be granted permission based on both the Restriction Code and Restricted Persons.

Restricted Account

Account Restriction allows access to restricted accounts to be controlled on an account by account basis. Permissions are set on each user to give access to restricted accounts.

To enable Account Restriction in Temenos Infinity, select the "Enable Account and Person Restrictions" check box on the Security Tab in System Management > Administrative Settings.

The restriction level on an account is determined by the Temenos Account Restriction Code field. If Account Restriction Processing is enabled in Temenos Infinity, then a user must be given the appropriate permissions in order to view restricted accounts.

By default, all users have access to accounts with a 0 or no Account Restriction Code. To grant a user access to restricted accounts, enable access within the Restricted Account section by entering a value in each applicable Restriction Code field. The possible value for the Restricted Access field on each account are 0-6. The numeric values represent the following types of restricted accounts:

(0) Normal
(1) Restricted
(2) Sensitive
(3) Employee
(4) Employee Family
(5) Employee Sensitive
(6) Employee Sensitive Family

In order for a user to view an account with a Restricted Access level of 1 or higher, the user must have an Account Restriction Access of an equal or greater value. For example, if an account has a Restricted Access level of 3, then a user must have a 3, 4, 5, or 6 entered in the "Restriction Code 1" field in order to view the account.

Restricted Person

System administrators can restrict persons from a user, which prevents that user from gaining access to the person’s account workspace. When a person is restricted, all of the person's related accounts and cases are also restricted. If the user tries to access a restricted person through a search, or when working a queue, a message appears stating that the person/account requires special permission to view.

The system uses the following logic to populate accounts for restricted and non-restricted persons in the workspace:

  • If a person is restricted, accounts related to the person are not displayed in the workspace, regardless of whether the person is primary or joint.
  • If an account includes a joint owner, and both the primary and joint are restricted, accounts related to both persons are not displayed in the workspace.
  • If the primary is not restricted, but the joint is restricted, only accounts related to the primary that do not include the joint owner display in the workspace.
  • If the primary owner is restricted, but the joint owner is not restricted, only accounts related to the joint owner that do not include the primary are displayed.

Reference the example below for an overview of this functionality:

John is an employee of ABC Financial. He has two accounts at the institution, under membership #12345, on which he is primary, and his wife Jane is a joint owner. Jane also one account of her own under membership #67890. Since John is an employee, users are restricted from accessing his accounts in the workspace; however, Jane is not a restricted person. When Jane contacts the Call Center for ABC Financial, she is only able to conduct business on the one account under her membership #67890 that does not include John; any accounts related to John are not displayed, as they are restricted from appearing in the workspace.

To add a person restriction for a user:

Back to Top ^ 

Notification Groups

In the Notification Groups tab, assign available notification groups to the user. If assigned, the user has the ability to receive notifications when a comment is added to an application via email or from the Notifications icon in the ribbon bar.

This tab is available for all users, but is only used to assign Notification Groups for use in the Origination modules.

Back to Top ^ 

Assignment Groups

This tab is available for all users, but is only used to assign Assignment Groups for use in the Origination modules.

In the Assignment Groups tab, assign the user to the applicable Assignment Groups.

Application Assignment Parameters

Field Description
Max Number of Applications Assigned

Enter the maximum number of applications that can be assigned to the user.

This is a required field. By default, this parameter is set to 25.
If the assigned user has reached or exceeded the Max Number Applications Assigned, a notification is sent to the Notification Group associated with the Assignment Group.

Available/Assigned Groups

Assign available assignment groups to the user. If assigned, the user is able to have applications automatically assigned.

For more information on Assignment groups, please see the Assignment Groups topic in this guide. 

Back to Top ^ 

Scheduling

The Scheduling tab enables administrators to identify a user’s scheduled time off, so that applications are not assigned to the user during a time that he or she is not available to work applications.

This tab is available for all users, but is only used to set a schedule for users who work in the Origination modules.

 

The Scheduling tab includes a calendar that displays the days and times that the user is not available to work applications.

At the top of the calendar, administrators are able to click  to go back to the previous month, and click  to advance to the next month.

 

To establish a schedule, hover over the desired day, and click Add to open the Calendar pop-up window.

 

Within the Calendar window, use the Date/Time controls to set the user's schedule.

Once a schedule is set, the Start/End Time displays in the calendar within Scheduling tab.

 

Back to Top ^ 

Lending Settings

Lending Settings enables administrators to assign Application Sources and Restricted Account Types to each user working in the Origination module.

This tab is available for all users, but is only used to assign Lending Settings for the Origination modules.

Back to Top ^ 

Create and Managing Users 

Create Users

To create a user:

Copy Existing Users

To copy an existing user:

Edit Existing Users

To edit an existing user:

Unlock Deactivated Users

When a user is deactivated, the Active check box on the General tab is disabled.

To unlock a user that has been deactivated, perform the following actions:

Delete Users

To delete a user:

 

 

©2024 Temenos Headquarters SA - all rights reserved.

Send Feedback