3DS Server Admin User Management

Netcetera Identity for Admin UI users

The user management is in your hands so that you can operate more flexible and independently. For this we use our Netcetera Identity Service. To enable this, a representative from your organization is given Admin rights to Netcetera Identity for this organization. This person is empowered to establish users and permissions within the organization. To login to Netcetera Identity, as well as to the Admin UI application, users need to authenticate themselves using 2 factors. With this Netcetera reacts to growing cyber crime by updating security measures constantly.

In a nutshell:

The customer appoints a user (full name and email address) as the Administrator for their organization:

  • Netcetera creates the Admin user and sends email activation link to Netcetera Identity
  • The Admin user can create other users/accounts and provide different access rights/roles to Admin UI application
  • To log into Netcetera Identity, a username and password is needed
  • The second factor is the Futurae app
  • The same login credentials for Netcetera Identity are used for logging into the Admin UI application

What is the second factor?

Futurae Out-Of-Band authentication will be used as second factor for the user's authentication when accessing the Admin UI. Eligible users can download the Futurae Mobile App from apple or play store. Learn more about the Futurae app.

Example and flow of the 2-factor authentication

Step 1: Register the Futurae app with the Admin UI user account

Step 1

Step 2: Authenticate with 2 Factor Authentication

Step 2

Step 3: Replace mobile device or reinstall app

Step 3

If you plan to change your device, please take a moment to read the next section about the Futurae Reset.

Futurae reset

Automatic Account Recovery allows Futurae users to automatically migrate their Futurae 2FA accounts that are enrolled in a previous device, to a new one.

Automatic Account Recovery relies on a secret recovery token that is generated by the Futurae backend and exchanged with the authenticator app, every time the user activates a freshly installed Futurae authenticator or white label app (or a customer app that integrates the Futurae mobile SDK) for the first time.

On Android, the recovery token is stored using the device Key-Value backup (part of the official Google Drive/One backup mechanism), while on iOS it is stored in the iCloud or local encrypted backup, as well as the local keychain of the device.

A freshly installed authenticator app (that supports Automatic Account Recovery) will confirm if a valid recovery token exists and in case it does, will use it to authenticate the communication with the Futurae backend and check if the user has Futurae account(s) that can be recovered from his old device. When at least one account is recoverable, the authenticator app will let the user decide whether to perform Automatic Account Recovery or not.

The recovery token is exclusively required for the Automatic Account Recovery process, and can only be used once. In other words, when the user completes the recovery process, the used recovery token becomes invalid.

Upon successful migration, the user account is re-initialized on the new device.

The new device will be provisioned with a fresh recovery token which, once backed up, will allow for any activated accounts to be further recovered in a newer device at a later point in time.

Admin UI users (accounts) creation by the Administrator

Administrator is logged in organisation:

  1. Go to the Users tab, then click 'Add user'. Populate the fields: Username, email, First name and Last name only. Then click 'Create.'
Create User
  1. Click on the 'Created user' and go to Role Mapping tab. Click on 'Assign role', change the view to 'Filter by clients' and check box the needed roles.
Assign Roles
  1. Click on credentials tab, then 'Credential Reset' button, with Reset action Update password.
Reset Credentials
  1. Activate it to let the confirmation email sent out to the new account.
Activate Account

User Roles for accessing the Admin application

The Administrator user, in Netcetera Identity, can assign the following user roles for accessing the Admin application:

  • ROLE_CONFIG_GENERAL_EDIT
  • ROLE_CONFIG_ACQUIRER_VIEW
  • ROLE_CONFIG_ACQUIRER_EDIT
  • ROLE_CONFIG_MERCHANT_VIEW
  • ROLE_CONFIG_MERCHANT_EDIT
  • ROLE_TRANSACTION_SEARCH

The explanation of each is given on the table below:

RoleDescription
Edit general configCan edit general 3DS Server configuration such as 3DS Server URL Configuration and Timeout Configuration.
View AcquirersCan view configured acquirers.
Edit AcquirersCan add, edit and delete configured acquirers.
View MerchantsCan view configured merchants.
Edit MerchantsCan add, edit and delete configured merchants.
Search TransactionsCan search 3DS transactions.

Browser Requirements

Please note that we do no longer support IE11. Admin UI is based on Angular 18, and the supported browser versions are directly linked to the Angular versions. We regularly update our Angular versions to be up to date with the latest dependencies and minimize any potential risk for vulnerabilities.

The 3DS Server Admin should be run on browsers that support Angular 18. E.g.

  • Chrome - 2 most recent versions
  • Firefox - latest and extended support release (ESR)
  • Edge - 2 most recent major versions
  • Safari - 2 most recent major versions
  • iOS - 2 most recent major versions
  • Android - 2 most recent major versions

Note: While the application may still run on older browser versions, it’s important to note that the specified versions align with Angular 18 supported browsers.