SECURITY008 - Organization entities, user roles, and access levels

Modified on Thu, 14 Nov at 8:25 AM

XTRM is a global multi-tenant payment system. This means we have one organization account (Prime Entity) for a company worldwide with separate entities for regional subsidiaries or any legal entity owned by the organization. The regional user administrators can create and separately manage their own entity profile, users, wallets, and role-based access as needed for their local requirements.


Organization and entities give you a way to reduce your operational risk by centrally managing all of your accounts and the users who may have access to them and configuring your Organization-wide policies. 


To Summarize:

  • Only one org account is needed for your company globally. 
  • You can set up as many regional or subsidiary entities within the organization as you like.
  • You can add as many single-entity and multi-entity regional/subsidiary users as you like.
  • Wallet and service access are strictly controlled via security roles and settings.
  • Existing master admin, controller, or manager users can add new regional users. 
    How to add entities and users to global company accounts


Master Admin Consideration


One designated person, typically with signatory authority, is designated the "Master Admin" and should register the Org Acct. (Prime Entity) with the company headquarters details, i.e., register ACME Inc HQ. and associated address (Not ACME Region 1 or ACME Region 2). If you are a company regional office, you must register your Org Acct (Prime Entity) first. This can be done at www.xtrm.com - choose company registration. If an Org account (Prime entity) already exists, you will be notified and asked to contact the existing master, controller or manager users to add you as a user for your region. 


As XTRM operates as a financial service account under similar regulatory standards as a bank, selecting the master admin for your company account should prioritize individuals possessing financial signatory approval within your company. Typically, this individual belongs to the executive team, treasury department, or finance group. This person is not solely responsible for managing the XTRM account but can delegate responsibility to regional entity controllers, managers, and standard users.


Entities, user roles and access levels handle the separation of access to wallets and funds. Regional entities can have specific access to regional entity wallets and functions. It is identical to separate accounts from a compliance and security perspective but provides global account compliance and consolidated reconciliation reporting. It also simplifies onboarding times and ensures more accurate and faster payments whilst ensuring only the right people access the right wallets, funds, and services.


Some key terms


Term
Description
Identifier
#
Organization (Prime Entity)This is your prime entity, typically your HQ.  It has a unique Organization ID (OID) - the format is SPNXXXXXXXX. There is one ORG account (Prime Entity) globally with multiple regional entities below the org account. 
SPN Prefix + 7 Numbers
SPN1234567
1
EntitiesThese are the local country or regional entities. An example of a regional entity is ACME France or ACME EMEA. (An example of an ORG would be ACME HQ). Entities can also be legally separate companies or member firms rolling up into one organization.
Name

Acme France

Any
WalletsWithin an entity account, you can have as many currency wallets as you like. Wallets are assigned to entities and can only be seen by users with access to the wallet entity.
Unique Number
12345678910
Any
UsersAny person who has access to your company account. Users can have different roles, such as master admin, controller, manager, or standard users. Users have unique account IDs (AID) starting with SPAXXXXXXX.
PAT Prefix + 7 Numbers
PAT1234567
Any
Master AdminThis is the key global contact. There is one master admin per global Org account. This person should typically be in finance or treasury with company signatory authority. This person has full access to all services by default. (This can be restricted on request)
SPA Prefix + 7 Numbers
SPA1234567

1
Controller UserThese are multi-regional or entity administrators responsible for one or more regions or entities. There can be any number of controllers. These users can manage other "Controller", "Manager," or "Standard" users for only the regions they control, plus manage wallets and service access for all the users within their regions. 
SPA Prefix + 7 Numbers
SPA1234567

Any
Manager UserThese are regional administrators responsible for one region or entity.  For example, they are responsible for one country or one entity. There can be any number of manager users. These also have full access to all wallets and services within their entity and can create and manage standard users within their entity.
SPA Prefix + 7 Numbers
SPA1234567

Any
Standard UserThese are your regional program and wallet administrators. There can be any number of standard users. Very granular access can be set to these user types. 
SPA Prefix + 7 Numbers
SPA1234567

Any




Entities 

 

Review the instructions in this document on how to create new entities and add users to your global organization account How to add entities and users to global company accounts




User roles and access levels 


There are 4 levels of access. A master, controller, or manager user can edit any users that are in the entities they manage and are of a lower level. 


Level
Access
FullFull access to all features

Custom

Custom access to features
ViewView-only access to wallets and features
LimitedLimited access to basic features



✓ = Yes    X = No   O=Optional (Access Level Setting)


4 User Levels:
Master Admin
Controller
Manager StandardSuspended
Typical RoleSenior Finance/Treasury
Multi Region, Multi-Entity Finance/Treasury Head
Single Regional Finance, Department HeadDepartment Manager (Most common)N/A
Number Allowable1Any numberAny numberAny numberAny Number
Entity Control
Multi
MultiSingleSingleX
Log into the Company Account
X
Delete Users
✓ 
XXX
Manage Multi RegionsXXX
Create Users✓ XX
Suspend UsersXX
Set User Access Levels✓.XX
Send Password Reset EmailsXX
Fund WalletsOX
Send FundsOX
Transfer Funds (withdraw)OX
Currency ExchangeOX
Create ProgramsOX
Link BanksOX
Create Edit ClaimsOX
Create Edit BeneficiariesOX
Create Edit Connected OX
Create Edit WalletsOX
View ClaimsOX
View ReportsOX
View BeneficiariesOX
View ConnectedOX
View WalletsOX




1. Create the User account by completing the fields.





2. Selecting System Access level other than "Full" will direct you to this page to set specific access per User.






Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article