An administrator can unlock a blocked user.

Scenario 1: Resetting the error counter

1. Log in with the administrator user.
2. Navigate to Settings – User administration.
3. In the login errors column of the user overview there is a Reset button for the blocked user. Click this button to unlock the user.

Scenario 2: The user cannot login even after resetting the error counter. The user has forgotten his password.

The user has to be reset.

Important: Resetting will also deactivate the user's EBICS connections. The user will need to initialize again at all bank afterwards

1. As an administrator go to the in the user management overview and click the checkbox in the line of the user to be reset.
2. Click on More actions and then click on Reset user password.
3. In the following dialog window assign a new password for the user, which he can then use to log in again.
4. If the checkbox Enable the new initialisation of the user on the bank side is displayed, activate it to make sure that a new initialization is possible immediately after the password change.
5. Click Submit to confirm the password reset.

After the user has logged in again with the password you assigned, he must first assign a new password and then re-initialize for all banks where he was initialized.

FAQ 250

A user with administrator rights can grant rights to another user. A bank connection is optional for this.

As an administrator, you generally have comprehensive rights to create and edit users and tenants, except for banking authorizations. You can edit the system settings that apply to all users. Certain rights such as adding users, changing and deleting other administrators and creating and deleting tenants can be revoked.

If you are only to be responsible for one tenant, you can be designated as the manager of the tenant. You can set up users and banks for this tenant and appoint additional managers. As manager, you do not have access to system settings and administrators.

FAQ 262

Making a user an administrator

1. Open Settings - User administration.
2. Click on the user.
3. Start the edit mode.
4. On the General tab, select the checkbox User with administrator permissions.
5. if necessary, configure the Permissions tab to restrict administrator rights.

Making a user the manager of a tenant

1. Open Settings – Tenants.
2. Click on the tenant you want to edit. The assigned users are displayed.
3. If the user is already in the list, click on it. A dialog window for editing opens. Click on the Grant button behind Authorized to manage the tenant.
4. if the user is not yet in the list, click on the "Add user" button. Select the user from the list and set the checkbox Authorized to manage the tenant.

Further information can be found in the chapters Settings - User administration and Settings - Tenants.

FAQ 270

As an administrator, you can set up users, give them rights, assign banks and accounts.

1. Open Settings - User administration and click on the New user button.
2. Enter the mandatory fields on the General tab. The setting now selected for Users with/without bank connection (license) cannot be changed later.
3. The options on the Permissions, Bank selection and Account selection tabs can be accepted with default values. Changes can be made later.

The user must also be set up as a participant on the bank side. To complete the setup, the user must initialize himself at the bank. An alternative is to import existing bank accounts.

Import a user with bank connections

Initialization is not required if the user already has a bank connection that is imported from another application or another installation. This procedure is split up between administrator and user.

1. As administrator, select More actions - Import user in the user administration.
   • The Import user page contains the checkbox User imports own bank connections. This is set and cannot be changed.
   • On the Permissions tab, the checkbox User is authorized to synchronize with Android™ or iPhone® app must be set.
   • The other options are the same as when adding a new user.
   • Provide the user with a new user name and temporary password.
2. As user, start the synchronization in the old application or installation by specifying the desired banks.
   • You will receive a synchronization number that is valid for five minutes. Copy the number to the clipboard.
   • Keep the old application or installation open.
3. As user, log in to the new BL Banking Web with the temporary password.
   • You will be asked to enter the synchronization number (paste from the clipboard) and your old password. The synchronization is carried out. Bank accesses and the old password are transferred.
4. Close the old application or installation.

You can import additional application data, e.g. account statements, separately if required.

FAQ 272

Check whether the user really does not remember the password. If program access has been locked due to too many failed login or signing attempts, you can first reset the error counter, see FAQ 283.

As an administrator, you can reset user passwords. The user must then reinitialize all bank accesses.

1. Open Settings - User management.
2. Click on the user.
3. Click on the button Reset user password.
4. Assign a temporary password in the following dialog box. The user can use this to log in once.
5. If the checkbox Enable the new initialization of the user on the bank side is available, you can automatically reset all bank accesses so that the user can reinitialize without prior contact with the bank.

FAQ 274

Column Administrator:

• Gear: Administrator (highest authorization level) who has system-wide privileges
• Person: Manager of one or more tenants who is authorized to manage users within this or these tenants
• Dash: User without administrative rights

Column Bank connection:

• Tick: User with license, bank connection allowed
• Dash: User without license, no bank connection allowed

Column 2FA active (two-factor authentication):

• Tick: User applies 2FA
• Dash: User does not apply 2FA

Columns of the banks:

• Black tick: Bank connection is activated, not initialized
• Green tick: Bank connection is ready
• Red tick: Bank connection is deactivated or locked
• Dash: Bank is not assigned

Next to the tick is the user's subscriber ID at the bank, if entered. The bank status is shown by a tooltip for the icon, e.g. ready after activation.

FAQ 275

Passwords are very important in BL Banking Web because they protect access to the program and the users' banks. It therefore makes sense to configure a password policy that meets your requirements. Security criteria for passwords are their length and complexity.

1. Open Settings – System settings – General – Password requirements.
2. Combine the minimum requirements for the length and composition of passwords.
3. Set whether passwords must be changed regularly and whether old passwords are checked.
4. Limit the number of allowed failed attempts. If the number of incorrect login or signature attempts reaches this value, the user is locked. The error counter can be reset by an administrator or manager.

In addition to password guidelines, general password management is recommended. For example, ensure that users use different passwords for different applications and do not share passwords. It is also important to provide a secure storage option for passwords, since any loss leads to the effort of reinitializing all bank accesses.

Note: The use of two-factor authentication (2FA) offers even more security.

FAQ 276

By default, all users have access to the full range of functions in the menu. As an administrator or manager, you can lock menus or individual functions for specific users.

1. Open Settings – User management.
2. Click on the user whose menu you want to configure.
3. Switch to the Permissions tab.
4. Set permissions to enable access to functions. Remove permissions to lock functions. Locked functions are not displayed to the user.

Permissions and equivalents in the menu

• User is authorized to fetch files. applies to Orders – Retrieved files, Notifications
• User is authorized to send files applies to Orders – Sent files, Notifications
• User is authorized to view and send files from watched directories applies to Orders– Sent files, Files to send, Notifications. This permission must be combined with User is authorized to send files.
  
• User is authorized to sign orders in the EDS applies to Orders – EDS overview, Signed EDS orders, Cancelled EDS orders, *Notifications
• User is authorized to record payments applies to Payments – Open payments, Signed payments, Periodic payments, Payment templates, Originators, Recipients, SEPA mandates*.
• Permissions for salary payments.
  This permission regulates the visibility of salary payments in all functions of the payment recording and the EDS overview. It must be combined with User is authorized to record payments.
• User is authorized to confirm recipients in four-eyes principle. This authorization applies to the Confirm recipient function within payment recording and processing. It must be combined with the authorization User is authorized to record payments. In addition, the option Recipient recording – Allowed in four-eyes principle must be set in the cross-user system settings under Payment recording, otherwise the individual permission has no effect.
  
• User is authorized to record AWV notifications applies to AWV notifications – AWV report data, AWV participants.
• User is authorized to view banks and accounts in the settings menu applies to Settings – Banks, Accounts.
  This permission only applies to the display of data. The editing mode can also be enabled for bank settings.
• User is authorized to edit bank settings applies to Settings – Banks.
  This permission activates the edit mode for banks. It must be combined with User is authorized to view banks and accounts in the settings menu.
  
• User is authorized to synchronize with Android™ or iPhone® app applies to Settings – Synchronize with Android™ or iPhone® app.
  The synchronization transfers the master data to the BL Banking Web app. Additional permissions for banks, accounts and bank settings are not required for this. Administrators also need this permission to be able to import users with their bank connections.
  
• User is authorized to view account statements applies to Account statements – Account overview, Transactions, Batched transactions, Balances, Balance lists, Conversions, Automatic exports, Exported files, PDF documents.
• User is authorized to delete account statements and PDF account statements.
  This authorization applies to the delete functions within the account statements. It must be combined with User is authorized to view account statements.

Note: Available functions, data display and behavior are also generally affected by the cross-user system settings, the user's bank connection and the personal user preferences.

FAQ 279