Table of Contents |
---|
The user configuration page is where you configure the contact/login details of a user, update passwords for the user, as well as the user permissions and email notifications
Panel |
---|
Home Menu → Configuration (Back Office) → Users > Add or Edit user |
Table of Contents |
---|
User Configuration Introduction
...
Section
...
Description
...
Contact Information
...
You only need to populate these fields for new passwords. The are intentionally left blank the rest of the time.
...
Table of Contents |
---|
The user configuration page is where you configure the contact/login details of a user, update passwords for the user, as well as the user permissions and email notifications
Panel |
---|
Home Menu → Configuration (Back Office) → Users > Add or Edit user |
Table of Contents |
---|
User Configuration Introduction
There are six sections that can be configured for each user. This includes:
Section | Description | ||
---|---|---|---|
Contact Information | Mandatory Fields that can only seen by you and UltraCart staff | ||
New Password | You only need to populate these fields for new passwords. The are intentionally left blank the rest of the time.
| ||
New FTP Password | You only need to configure this if you are going to use UltraCart's FTP.
| ||
UltraSecure One-Time Password Token | You only need to configure this if you are going to use UltraSecure.
| ||
Permissions | Please spend some time considering how to set these up. There could be security risks to your company if you are not careful with who has access to what areas of UltraCart. | ||
Email Notifications | Email Notifications are what are sent to you when certain actions take place in your account. These are not for your customer, but for your information only. |
Contact Information
The contact information applies to this individual user only. It is very important that you configure each user with correct names and emails for obvious reasons. When a user contacts support via phone or email regarding account information, our support personnel will use the information entered here to help make accurate identification.
Field | Description |
---|---|
Login | In the login field, enter the user's first initial and last name. If there are very few users, then first names only are acceptable. This will be the login name that the user will use to access their account. |
Name | Please enter the full name of the user. |
Please enter the email address used to contact this user. It is very important to make sure this field is correct and a valid email. | |
Phone | Please enter the phone number used to contact the user. |
New Password
This section allows you to set a secure password for the new user or change the password for an existing user.
A secure password (8-25 characters) should contain both letters and numbers and not contain an English word or easily guessable value. The password has to be reentered into the confirm password field a second time (since the password is not visible the first time it's typed). A good technique for creating a safe password is to think of a memorable, but not easily guessable phrase, then use the first letter of each word plus an additional digit or two inserted somewhere within the password, so that the final password is not something that would be contained in the dictionary.
New FTP Password
This Section allows you to setup access to the account via FTP. This is mostly used for catalog and screen branding configuration.
The Password here will need to be something different from the main password but again should contain both letters and numbers and not contain an English word or easily guessable value.
...
You only need to configure this if you are going to use UltraCart's FTP.
Tip |
---|
FTP: merchantftp.ultracart.com User ID: <Your Merchant ID>/<Your Login ID>, Example: DEMO/johna Password: Whatever you fill in the New FTP Password field. |
...
You only need to configure this if you are going to use UltraSecure.
Tip |
---|
A secure password should contain both letters and numbers and not contain an English word or easily guessable value. This password will need to be different then your main account password. |
...
Please spend some time considering how to set these up. There could be security risks to your company if you are not careful with who has access to what areas of UltraCart.
...
Contact Information
The contact information applies to this individual user only. It is very important that you configure each user with correct names and emails for obvious reasons. When a user contacts support via phone or email regarding account information, our support personnel will use the information entered here to help make accurate identification.
...
Field
...
Description
...
New Password
This section allows you to set a secure password for the new user or change the password for an existing user.
A secure password (8-25 characters) should contain both letters and numbers and not contain an English word or easily guessable value. The password has to be reentered into the confirm password field a second time (since the password is not visible the first time it's typed). A good technique for creating a safe password is to think of a memorable, but not easily guessable phrase, then use the first letter of each word plus an additional digit or two inserted somewhere within the password, so that the final password is not something that would be contained in the dictionary.
New FTP Password
This Section allows you to setup access to the account via FTP. This is mostly used for catalog and screen branding configuration.
The Password here will need to be something different from the main password but again should contain both letters and numbers and not contain an English word or easily guessable value.
Related: FTP Server Access
UltraSecure One-Time Password Token
UltraCart supports two factor authentication on your UltraCart account to enhance the security of your account. Two factor authentication means you have something you know (your regular password) and something you have (the token on your phone that is generating the one time password). Previously UltraCart used physical tokens from CryptoCard (deprecated) and our own OTP application for Android (deprecated), but has now standardized on the open source project Google Authenticator that is available for all the major mobile phone platforms. There are two primary benefits to using an OTP token:
- Enhanced security
- Removes the requirement for IP activation
- Removes the requirement for a password change every 90 days.
Related: UltraSecure OTP Tokens
Group Membership
Use group memberships to assign same permissions to multiple Users.
Permissions
Permissions allows you to set the level of access you want each user within your account to have. You should only grant each user the minimum permissions they need to perform their job tasks.
Simply place a check in the box to the left of the permissions you want to grant to this user.
...
Description
...
This is a special use setting typically configured on a user that is configured on the account specifically for use in API integration. Limiting this setting to users that are otherwise limited to very little access to the UltraCart backend improves security.
Info | ||
---|---|---|
| ||
When configuring a user with API permission, you will also click on [IP Addresses] then enter in the IP address(s) of the servers where you are implementing API scripts, this "white-listing" process protects against intrusion attempts where a hacker attempts to copy and edit your API implementation and then place their version on another website. The "IP Addresses" field can hold about 15 IP addresses. You can use The asterisk character to apply an IP range. The wildcard format is ###.###.###.* |
...
This gives a user access to the account's billing (SERVICE PLAN) area.
Info | ||
---|---|---|
| ||
Any user that has this permission configured will receive the automated service billing email notification for the account. This may confuse the user into thinking they are being charged when the message is indicating billing activity on the UltraCart account. Only give this permission to users on the account that need to be able to review the UltraCart related Service Plan billing activity and the updating of the billing credit card number on file. |
...
Related: FTP Server Access
UltraSecure One-Time Password Token
UltraCart supports two factor authentication on your UltraCart account to enhance the security of your account. Two factor authentication means you have something you know (your regular password) and something you have (the token on your phone that is generating the one time password). Previously UltraCart used physical tokens from CryptoCard (deprecated) and our own OTP application for Android (deprecated), but has now standardized on the open source project Google Authenticator that is available for all the major mobile phone platforms. There are two primary benefits to using an OTP token:
- Enhanced security
- Removes the requirement for IP activation
- Removes the requirement for a password change every 90 days.
Related: UltraSecure OTP Tokens
Group Membership
Use group memberships to assign same permissions to multiple Users.
Permissions
Permissions allows you to set the level of access you want each user within your account to have. You should only grant each user the minimum permissions they need to perform their job tasks.
Simply place a check in the box to the left of the permissions you want to grant to this user.
Admin
(These permissions should be restricted to only those users that are administrators on the account.)
Field | Description | |||||
---|---|---|---|---|---|---|
Edit Servicer Plan | This gives a user access to the account's billing (SERVICE PLAN) area.
| |||||
Edit Users | No one but the Owner on the account and/or a very trusted employee should have access to this permission. With this setting you can add or delete users whenever you want. |
Advanced
Field | Description |
---|---|
Affiliate Management | Allows the user to navigate to the Affiliate Management location. |
Configuration
Field | Description |
---|---|
Edit Customer Notification | Allows the user to access the email notification section, which controls the emails sent to customers. |
Edit Export Settings | Allows the user to use the Exporting Orders section. The user will also need the Edit Settings permission. |
Edit Fraud Rules | Allows user to access and edit the Fraud Prevention Rules |
Edit Gift Giving | Allows the user to make changes to the gift giving section of the checkout. *The user will also need the permission to edit settings. |
Edit Look and Feel | Allows the user to make changes to the screen branding themes. Screen branding themes control the look and feel of your checkout pages. |
Edit Return Policy | Allows the user to make changes to the global Return Policy page. |
Edit Tax Rates | Allows the user access to Sales Tax. The user will also need the Edit Setting permission. |
Manage Marketing | Allows the user to access the marketing section, which includes Emails and 3rd party Emails. |
Conversations
Field | Description |
---|---|
Phone System | Enables access to the Phone System |
SMS/Web Chat Administrator | Enable for administrators of the SMS/Chat |
SMS/Web Chat User | Enable for users/operators of the SMS/Chat |
Data Warehouse
Field | Description |
---|---|
Level 1 - Standard Access (No PII) (Owner Managed) | |
Level 2 - Low sensitive data (Owner Managed) | |
Level 3 - Medium sensitive data (Owner Managed) | |
Level 4 - High sensitive data (Owner Managed) |
Items
Field | Description |
---|---|
Destructive Import Options | Enable only for users performing advanced Item Imports. This enables the "destructive" import options that erase/overwrite catalog assignments, related item assignments, item attributes, or delete items. |
Edit Items | Allows the user to make changes to the items configured within the account. This also includes adding and removing items from the account. |
Edit Reviews | Allows the user to view and make changes to customer reviews. |
View Items | "Read only" permission to view the items and item editor but can't make changes to the items configuration. |
Operations
Field | Description | |||||
---|---|---|---|---|---|---|
Access Accounts Receivable | Allows the user to navigate to the Accounts Receivables location. | |||||
Access Quotations | Allows the user to go into the Quotes review location. | |||||
Access Reports | Allows the user to navigate to the Reporting location. | |||||
Access Reports without PII | Allows the user to navigate to the Reporting location, but restricts access to reports that contain PII (Personally Identifiable Information.) | |||||
Access Shipping Department | Allows the user to navigate to to the Shipping Department location. | |||||
API Access ([IP Addresses]) | This is a special use setting typically configured on a user that is configured on the account specifically for use in API integration. Limiting this setting to users that are otherwise limited to very little access to the UltraCart backend improves security.
| |||||
Accounts Receivable - Skip Payment Processing | Enabling this permission, allows the A/R (viewing a specific order) to display the 'Skip Payment Processing' button , as well as the 'Authorize Orders' button, in the Payment processing section. *Only enable if the user requires these actions as part of their role responsibilities. | |||||
Back End Order Entry | Allows access to the Back End Order Entry (BEOE). Since the BEOE tool allows for overriding of item costs and shipping costs on-the-fly, you may choose to be selective about which users have access to the BEOE tool. | |||||
Back End Order Entry (Customer Profiles) | Allows the user to access customer profiles search tool when using the BEOE tool. | |||||
Back End Order Entry (Prevent Direct Credit Card Entry) | Select this to restrict direct credit card entry (for example to limit them only to the PII protected CC entry by the customer via phone call. | |||||
Delete Order | Deleting an order removes it from your system there is no way to get it back. | |||||
Edit Catalog | Allow the user access to the Catalog configuration pages. (Applies only to the deprecated legacy catalog system) | |||||
Edit Order | Allows the user to Edit, Delete and make changes to customers orders. | |||||
Edit Settings | Allows the user access to the configuration section. | |||||
Manage Auto Orders | Allows the user to have access to review or make changes to auto orders. The user will also need the permission to Review Orders. | |||||
Manage Chargebacks | Allows the user to access the Chargeback Processing section. The user will also need the Edit setting permission. | |||||
Manage Customer Profiles | Allow the user to have access to the Customer Profiles section. This will allow the user to edit, delete, and add customer profiles. | |||||
Manage Gift Certificates | Allows the user to edit and create Gift certificates within the marketing section. | |||||
Refund Order | Allows the user to issue a refund on orders. | |||||
Review Orders | Allows the user access into the Order Management section. | |||||
View Amazon PII | Enable this for users that are reviewing orders and need to be able to see the Personally Identifiable Information. | |||||
Edit StoreFront | Allows user to access the storefront menu. | |||||
Edit StoreFront - Download Lists/Segments | Allows the user to download Email Lists and Email Segments from the Storefront Communications. | |||||
Edit StoreFront - Use Communication | Allows the user to access the Communications menu within the Storefronts menu. |
Storefronts
Field | Description | |||||
---|---|---|---|---|---|---|
Communications - Download Lists/Segments | Enable for marketing users that may require access to this customer data | |||||
Communications - Readonly | Allow 'Read only' access to the Communications area. | |||||
Communications - Use | Allow editable access to the Communications area. | |||||
Full Access | Allow editable access to the Communications area. Enable for users with role to create and edit Flows, Campaigns, etc.
| |||||
Recordings | Allows user to access the shopping session recordings. | |||||
Upsells - Readonly | Allow 'Read Only' access to the upsells area to review but not edit the flows. If unchecked, the user will have create/edit/delete permissions. | |||||
Visual Builder Enable/Disable Protected Content | Allows user to enable/Disable protected content within the Storefront Visual Builder editor. Enable only for the admin users. |
Email Notification
Just like Permissions the Email Notification section allow you to set each user with their own set of email notifications. This allows you to have one user that only handles order that need to be shipped or another user that is looking at auto order (recurring orders).
Simply place a check in the box to the left of the notification you want to grant to this user.
...
The Configurable Email Notifications Appear in Sections
...
Field | Description |
---|---|
eBay | Notifications related to sales activity on eBayeBay. |
Conversations
Field | Description |
---|---|
Unread SMS messages | Enable for users that are users of the SMS Conversations, to notify them when a SMS message has been received that needs follow up. |
Customers
Field | Description |
---|---|
Auto Order Cancellations | Select this checkbox to be notified whenever an auto order is cancelled. |
Auto Orders | Select this box to be alerted to any problem with processing of a scheduled auto order. (The message will include reference to the auto order customer and the transaction response recorded from the gateway.) |
Customer Feedback | Select this box to receive notifications related to the "Case Management" tool that is part of the "My Account, Customer Portal" |
Wholesale Signup | Select this box to receive notifications related to Wholesale Signups |
...
Field | Description | |||||
---|---|---|---|---|---|---|
Integration Log Health Report | Sends a daily email notification related to the account integrations. See also the integration logs reports in the reporting area:
|
...
Field | Description |
---|---|
Low Activation Codes | If selected, user receives notifications when items which are configured with the "Activation Codes from List" in the Digital Delivery tab of the item editor. |
Safety Stock | If selected, user receives notification when items configured with Safety Stock threshold reaches the configured quantity. (See Safety Stock Reporting) |
Unapproved Reviews | If selected, user receives notifications of newly submitted reviews that require approval. (see My Account Customer Portal#Reviews) |
Marketing
Field | Description |
---|---|
Storefront Communications | If checked, user receives notifications related to activity/errors occurring with Storefront Communications email campaigns and flows.quantity. (See Safety Stock Reporting) |
Unapproved Reviews | If selected, user receives notifications of newly submitted reviews that require approval. (see My Account Customer Portal#Reviews) |
Marketing
Field | Description | |||||
---|---|---|---|---|---|---|
Storefront Communications | If checked, user receives notifications related to activity/errors occurring with Storefront Communications email campaigns and flows..
|
Orders > Overall
Field | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
Order Placed | If checked, user receives notification whenever an order is placed. This notification has the following optional settings:
|
...
Field | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Fraud Review | Sends notification whenever an order triggers a Fraud Review rule configured in the Fraud Prevention configuration page.
| |||||||||
Process Credit Card Payment | Check this box to have UltraCart send notification any time a credit card order needs to be processed.
| |||||||||
Process PayPal Payment | Check this box to have UltraCart send notification any time a PayPal order needs to be processed.
| |||||||||
Queued Refund Failure | Check this box to have UltraCart send notification any time a Queued Partial Refund failure occurs for an order.
| |||||||||
Quotation Request | ||||||||||
Check this box to have UltraCart send notification any time a quote request is generated.
|
...