Manage Users
With Manage Users, you can search for, add, edit, and perform other actions on users of Digital Banking or Account Opening, whether they are your staff or your customers/members. This article describes features of the Manage Users page.
To access, select Manage Users in the top navigation bar or in User Management section on the Dashboard.
In this article:
User List
The Manage Users page opens to a list of all your users.
The following information displays for each user in the list:
- Checkbox – Select the box next to one or more users to quickly send them a secure message. Once selected, the Send a secure message button appears, which you can use to open the New Secure Message dialog.
- User Type – Admins, Staff, or Customers/Members. At a glance, icons tell you the user type, as well as whether they have confirmed their email or if they are an archived user.
Login – The username. For users who have started the enrollment process but have not successfully created their login credentials, their Login displays “Temporary username” with an informational tooltip. The temporary username is created once the user completes the “Tell us more about you” page.
To continue enrollment, users can go to the link in the continuation email you send them (go to Resend Enrollment Code for instructions). Users can also continue enrollment by resetting their password, or re-entering their information in the "Tell Us More About You" page (upon doing so, they will receive an email with a link to continue).
- Name – The user’s first and last name
- Last Login – A timestamp for when the user last logged into their account
- Enrolled – A timestamp for when the user enrolled into Digital Banking
Search for a User
Search for a user by entering part of the user's Login or Name in the Search box, then select Search. To clear the search, delete the text you entered and select Search again.
Add a New User
To add a new user:
1. From the user list page, select Add a New User.
2. Select User Info to add a staff user, including Admins. Select Customer to manually add a new customer.
3. For staff users, select whether the user should be Admin or Non-admin. Enter the staff user's name, email address, and phone number. For non-admins, you'll also select a Role. For more information on roles, go to Manage Roles.
4. Select Add user.
User Profile
Select a user's name to view their user profile, which displays the following information and activity from top to bottom.
Sidebar
The right sidebar contains the following information:
- User Information – The user's username, first and last name, account category (personal or business), organization name, customer/member ID number, linked customer/member ID numbers, and referral code. For businesses, the organization phone number and organization role is also shown. For information about organization roles, go to Access Manager.
- Usage Information – The user's enrollment and last login dates
- Contact Information – The user's phone number, username, email address, and residential address. Staff members can update this information if they have the appropriate permissions. For example, staff with the permission "Can change user email" can update a user's email address. Warning: Updating user contact information is a high risk action. Please use caution as changes cannot be reversed.
- Account Information – The user's account number
Accounts
This is a list of all the user’s accounts, including account numbers, account names, account nicknames, whether the account is credit or deposit, and the account type
External Accounts
This is a list of the user's external accounts. These accounts were linked through the user's Settings > External Accounts.
For external accounts that were manually added, the status may be pending verification with microdeposits. Users cannot enter more than 10 guesses for microdeposits. Once the limit is reached, staff members can manually reset the attempts on microdeposit guesses by selecting Reset next to the pending account in the Status column.
Staff members can also manually change the information of the external account. For example, if a user is entering the wrong microdeposit values, but you’ve independently verified the user and ensured it’s not fraud, you can manually set the state from pending to verified.
Warning: This is a very high risk action and you should only change the account information when it has been independently verified. Updating this information may overwrite other verification methods like microdeposits or instant authentication.
To change external account information:
From the External Accounts list, select a Routing number, Account number or Name of the account to be changed.
On the page that appears, you can change the Product Type, Account Purpose, or State.
- Select Save to finish. A confirmation message appears when successful.
For more information on linking or unlinking external accounts, go to External Accounts.
Scheduled Transfers
This is a partial list of the user's scheduled transfers. Select See all scheduled transfers to view the full list. Go to Transfers to learn more.
External Transfer History
This is a list of the user's external transfers, including creation timestamp and status.
Wire Transfers
This is a list of the user's wire transfers, including creation timestamp and status.
Recent Messages
This is a list of recent message threads this user had with your institution via the Support hub.
Recent Notes
This is a partial list of internal notes added by your staff to the user's account via Admin Messages. Select See all notes to view a full list.
History
This is a log of account activity performed by all users accessing the account. This includes the IP address, device, and version of the OS or app that was used. Select See all history to view the full log. For a list of possible Actions shown in the History table, go to User History Actions.
Two-factor Authentication
This lists the devices chosen by the user for two-factor authentication (2FA), which users can manage in their Digital Banking Settings.
There are three options in this section:
Generate Backup Codes – Only staff users with the permission "Can generate lockout codes user" can generate backup codes. For instructions, go to Generate Backup Codes for Locked Users.
Warning: This is a very high risk action. You should only generate backup codes for a user if you are absolutely certain they are legitimate.
Communication Method – This allows your staff members to configure whether an end user gets their 2FA code via text message or phone call. A phone number 2FA device can be either a mobile number type that supports SMS texts, or a landline/VoIP number type that supports voice calls. Sometimes Twilio's default number type for a given phone number is incorrect; for example, Twilio is sending 2FA codes via text when the number only supports calls. Or, a Google Voice user is getting 2FA codes via call but they want texts.
This option is enabled only for staff users with the permission “Can update 2FA device number type.” This option will not appear for email or app 2FA devices.
Fetch Notification History – View the SMS notification history for each phone number listed in an individual user’s profile. This allows your staff to verify if a user’s 2FA notifications were delivered and see delivery logs for any SMS alerts that the user has set up. Only SMS notification history is shown. Voice call history to landline phone numbers is not shown.
To use notification history, add the permission "Can view notification history" to the appropriate staff user roles. Admins will be able to access it by default.
Note: This tool is not available in UAT environments because SMS messages do not send in UAT.
Next to the number you’d like to check, select Fetch Notification History and a page appears listing the content of each message, along with the Date, Status, From number, and To number. Verification codes are hidden for security.
Possible statuses are:
- Delivered – Twilio has received confirmation of message delivery from the carrier and the destination handset (where available).
- Delivery unknown – This indicates that a message has remained in the sent status for longer than 1 hour without receiving a further status update.
- Failed – The message could not be sent. This can happen for various reasons including queue overflows, account suspensions, and media errors (in the case of MMS).
- Sent – Twilio has not received updated delivery information for your message. Typically, a sent status will be replaced by a delivered or undelivered status within seconds or minutes.
- Undelivered – Twilio has received a delivery receipt indicating that the message was not delivered. This can happen for a number of reasons including carrier content filtering, availability of the destination handset, etc.
To fetch notification history for a different number, enter a new Destination phone number and select Fetch SMS Notification History to refresh results.
For more information on 2FA in our products, go to Two-Factor Authentication. For information on Twilio, go to Our Standard and Optional Third-Party Vendors.
Features
This is a list of features enabled or enforced for the user. To edit these features, contact support@narmi.com.
Authorized Apps
This is a list of the NAF Apps or AppXchange apps that are authorized for the user, as well as their permissions and expiration.
Linked Services
This is a list of any linked services available to the user, such as bill pay and check deposit.
User Actions
Within the user’s profile, staff can take specific action on the user from the Actions menu. The options available in the Actions menu of a specific user vary depending on the type of user they are, their linked services, and whether their account is locked or unlocked.
The following actions are available. Each action provides a confirmation message before continuing.
Lock User
This action locks the user's account, so they cannot log in to Digital Banking. It will also archive the account.
Verify User
Using this offline verification method, your staff can verify a user by sending them a support PIN via SMS. Optionally, you can select a verification reason from the list. Once the user receives the PIN, they can read it back to your staff to verify their identity. This option is not available for staff users verifying other staff users.
Resend Invite
This applies to Staff users who were manually added via Add a New User only. This resends an email to the Staff user to activate their Digital Banking account.
Check for Deleted Transactions
This action finds and deletes any voided transactions for all the user's accounts. Note: This action cannot be undone.
Manage Linked Core User IDs
Your institution may want to link core user IDs to additional users. This allows a single user to log in an see multiple accounts. For example, if a user has multiple customer information files (CIFs) on the core, they can be added manually to the user’s Narmi account using this tool. Warning: This is a very high risk action. You should only change linked account information once you have independently verified it.
To link a core user ID:
- Find the user's account in the Admin Platform, under Manage Users.
- Go to Actions > Manage Linked Core User IDs. On the dialog that appears, the current user's linked accounts are shown. Enter the new core user ID to add in the first box.
- Select Add Linked Customer.
To remove a linked ID:
- Find the user's account in the Admin Platform, under Manage Users.
- Go to Actions > Manage Linked Core User IDs. On the dialog that appears, the current user's linked accounts are shown. Enter the ID you would like to remove in the bottom box.
- Select Remove Linked Customer.
Change Core User ID
A financial institution may encounter a situation where they need to create a new core ID record for a user. This is usually because the user’s account has been compromised in some way. Your institution has the ability to link a pre-existing Narmi account to a new core account by using the Change Core User ID tool. This improves the user experience by allowing the user to continue to use their old login without needing to re-enroll. Warning: This is a very high risk action.
We recommend the following steps for changing a core user ID:
1. The compromised user reaches out to your institution's Support team.
2. Your staff finds the user's account in the Admin Platform > Manage Users and locks the user with Actions > Lock User.
3. Your staff creates a new core ID for the user on the core.
4. Your Support team works with the user to make sure their account settings are current (email, phone, 2FA, etc.)
5. Your staff finds the user's account in the Admin Platform > Manage Users and selects Actions > Change Core User ID. (This option is only available once the user's account is locked.) Enter the new core ID and select Update core user ID. The changes occur immediately.
6. Your staff unlocks the user's account.
Update User
This action calls the core and pulls the latest data for the user. The task may not render immediate results.
Create Billpay Credential
This action automatically creates an account identifier and access token for bill pay. Select Update Billpay Credentials to view the newly created credentials.
Update Billpay Credentials
Warning: This is a very high risk action. You should only change bill pay credentials when the updated information has been independently verified.
Resend Enrollment Code
If your institution has enrollment codes enabled, when a user enrolls in Digital Banking, they receive an enrollment code via email. When enrolling, they are prompted to enter this code. Select this option to resend the enrollment code email.
Reset Password
This action provides an onscreen link to reset the user's password. The link is helpful for your financial institution when testing in your UAT environment, since UAT environments do not send emails.
Update Email
Warning: This is a high risk action and will update the user's email in Digital Banking with the value from your institution's system. Since a password reset email can be sent to this address, changing the email allows the new email access to the account.
Login as User
This action allows you to log in as the user and view their account information. Only staff users with the permission "can emulate user" have the ability to log in as a user. This is read-only emulation and will not allow you to make changes. When you select Login as User, a message appears to confirm your action or to cancel. Select Yes, continue to proceed. A banner displays across the top of the account to while logged in as a user. To exit back into the Admin Platform, select Release in the banner.
Enrollment Debugger
If a user encounters an issue verifying their identity when enrolling in Digital Banking, you can use the Enrollment Debugger to troubleshoot. From Manage Users, select Enrollment Debugger. On the page that appears, enter a user's information and select Submit.
Any verification errors display after selecting Submit. The error indicates which field does not match the information in the core banking system for that particular account number/core user ID. Using this information, follow up with your core team/provider to correct information in the core.
User History Actions
| Action | Definition |
| accept_terms.create |
User accepted terms of service |
| accountbalances.update |
Account balance of an account is updated |
| accountbalance.update |
Account balance of an account is updated |
| account.destroy |
Account removed from user |
| accounts.create |
Account added for user |
| account_stop.create |
Stop payment created |
| account.update |
Account information updated |
| accountverify.create |
Verification of external account via microdeposit created |
| accountverifyinstant.create |
Account verified using instant verification (MX) |
| ach.review |
ACH transaction moved to review state |
| address.update |
User’s address was updated |
| appauthorize.create |
NAF app credentials added for user |
| appauthorize.update |
NAF app credentials updated for user |
| application.change_state |
Account application state changed by a staff member (for example, force-pushing to "Rejected") |
| backoffice_ach_transaction.destroy |
User’s ACH transaction canceled by a staff member |
| backoffice_ach_transaction.update |
User’s ACH transaction updated/processed by a staff member |
| backoffice_workflow_rule.create |
New risk rule created |
| backoffice_workflow_rules.create |
New risk rule created |
| billpay_credential.create |
New bill pay credential created by a staff member |
| billpay_credential.update |
Bill pay credential updated by a staff member |
| billshark.create |
Billshark integration set up for user |
| billsharkuser.create |
Billshark integration set up for user |
| deposit.create |
Remote deposit capture (RDC) deposit created by user |
| deposits.create |
Remote deposit capture (RDC) deposit created by user |
| deposits.update |
Remote deposit capture (RDC) deposit updated by user |
| enroll_verify.create |
Created user enrollment verification |
| external_account.destroy |
User deleted an external account |
| external_accounts.create |
User created a new external account to their account |
| external_accounts_verify_instant.create |
User added an external account using instant verification |
| external_account.update | External account information is updated |
| external_account.verify |
User verified external account using microdeposit verification |
| external_account_verify.create |
User verified external account using microdeposit verification |
| insurance_policy.create |
Created Lemonade policy |
| insurance_quote.create |
Created Lemonade quote |
| limits.update |
User ACH or Remote deposit capture (RDC) limits were updated |
| message.create |
Secure message sent by user |
| message.delete |
Secure message deleted by staff member |
| messages.create |
Secure message sent by user |
| password_reset_confirm.create |
Generated when a password reset request is sent |
| payee.create |
User created a payee |
| payee.delete |
User deleted one of their payees |
| payees.update |
Updated billpay payee |
| payee.update |
Updated billpay payee |
| payment.create |
Created a billpay payment |
| payment.delete |
Canceled a billpay payment |
| payments.update |
Updated a billpay payment |
| phone.update |
User updated their phone number |
| referralcodes.update |
User profile’s referral code is updated |
| saved_search.alert | User transaction alert sent |
| saved_search.destroy | User transaction alert rule deleted |
| saved_searches.create | User transaction alert rule created |
| savedsearches.create | User transaction alert rule created |
| scheduledtransfer.create | Created a scheduled transfer (either recurring or one time) through the mobile application |
| scheduledtransfer.destroy | Deleted a scheduled transfer (either recurring or one time) through the mobile application |
| security_devices.create | Generated when a user adds a new multi-factor authentication device |
| security_devices.destroy | Generated when a user deletes a multi-factor authentication device |
| session.create | New user session created |
| thread.create | New secure message thread created by user |
| thread.destroy |
Secure message thread deleted |
| threads.create | New secure message thread created by user |
| tokens.create | Login token for mobile app created |
| tokens.destroy | Login token for mobile app deleted/expired |
| transaction.update | Transaction updated by user |
| transfer.create | Called when transfers.create is called and the scheduled transfer is for the current day |
| transfer.destroy | Deleted a scheduled transfer (either recurring or one time) through a web browser, not the mobile application |
| transfer.error | An error occurred during a transfer |
| transfer.process | Scheduled transfer was processed |
| transfers.create | Called when any transfer is being scheduled either recurring or one time on any type of device or mobile application |
| transfer.update | Transfer updated by user |
| user.create | A user is created |
| user.email_confirm | User email verification completed |
| user_email.create | User email entry was created |
| user.email_update | User updated email |
| user.emulate | Staff member emulated a user |
| user.enroll | User enrollment completed |
| user.lock | User account is locked |
| user.unlock | User account is unlocked by a staff user |
| user.login | Generated when a user logs in via web (not mobile) |
| user.login_failed | User failed login via web (not mobile) with incorrect password; generated when an incorrect password is entered for a username |
| user.password_change | User changed their password from Digital Banking |
| user.refresh_token | Mobile application authentication token refreshed |
| user.reset_password | Generated when a user changes their password via self-service or when they follow-through on a Reset Password email request. |
| user.request_email_update | Generated when a user resets their email. |
| user.request_password_reset | Generated when a user or staff member requests a password reset |
| users.create | A user is created |
| user.verify | Generated when a user verifies their account (for example, after logging in on an unknown device) |
| verify.create | Create user verification |
| wire.review | Wire moved to review |
| wires.create | User initiated a wire transfer |
| |
|