Provided that the corresponding permission is available, new users can be created or existing user profiles can be edited within a client. If several clients are being administrated, it is vital to assure that the user is created within the adequate client!
If a user is to be newly created or changed, some characteristics must be defined in the profile.
Personal information includes e-mail address, first name and last name. A change of first and last name can be made by any user who is authorized to do so.
A change of the e-mail address is only possible for the own user. To confirm the identity of the user, an e-mail with a confirmation code is sent to the current e-mail address when the e-mail address is changed.
The profile allows authentication settings to be for the login of a user. When logging in with a user name and password, the 2-factor authentication (2FA) is recommended for increased security. 2-factor authentication can be enabled or disabled in the profile.
When the user logs in via a third-party provider (OAuth 2.0 standard), it is not possible to switch to username & password (with or without 2FA).
2-factor authentication (e-mail)
For each user, 2-factor authentication via mail is active from the beginning. The user receives a confirmation code via email after successful login. The login has to be verified via the confirmation code.
2-factor authentication (App/OTP)
2-factor authentication via app is the preferred method over email as a second factor, as it is the more secure of the two. Here, via an app one-time passwords (OTP, One-Time-Password) are generated, which serve as a second factor for authentication. However, this procedure requires authentication to be set up with a corresponding app, which is why this procedure must be set up manually by the user. For setup, a QR code generated by konfipay must be scanned with the app and a one-time password must be entered to confirm the setup.
Among others, the following apps can be used for authentication:
The API access setting determines whether the user account can be used to log in to the konfipay API (versions 2.0 to 2.6). User group permissions have no effect for API access. Users with API access have unrestricted access to all functions of the API in the dataset of their main client.
If a user with API access is linked as a guest to additional clients, access to their datasets via the API is not possible.
Own user profile
The own user profile can be accessed at any time via the corresponding icon in the upper right part of the konfipay interface. There you can change your personal data if necessary.
Clients and invitations
Via the profile you can accept or reject invitations to other clients as a guest user. The menu item is only displayed if there is an open invitation. As soon as an invitation has been accepted, the user (within the scope of his assigned user group) has access to the other client's dataset.
The clients to which the user belongs are listed in the profile. From here, the user can switch to the dataset of his clients or leave a client, losing access to its dataset.
In the profile, the user groups of the user for the current client is displayed. Provided that he has the necessary permissions, the user can join other user groups or leave user groups of which he is a member.