330 likes | 459 Views
Basics. Intuit Financial Services University Business Financial Solutions Certification. Objectives. In this section, you will learn the basics of the BFS system. Specifically, by the end of this section, you will learn : the BFS security features
E N D
Basics Intuit Financial Services University Business Financial Solutions Certification
Objectives • In this section, you will learn the basics of the BFS system. • Specifically, by the end of this section, you will learn: • the BFS security features • how to log in and navigate through the BFS system • the portlets of the Dashboard for Bank Users • how users manage their security credentials • Password Reset • changing security questions, OTP delivery channel methods, and/or Dual Verify settings (as applicable)
System Requirements • Screen Resolution: 1024 x 768. • Java: Should be enabled in your browser. (BFS supports ONLY the Java Virtual Machines supplied with the browsers. No 3rd party plug-ins are supported. ) • Cookies: Should be enabled in your browser. • Browsers: A list of supported browsers can be found via the Knowledge Base in Admin Platform. (Admin Platform Home My Support Knowledge Base) • Operating Systems: If a browser is listed on the Browser Policy document on the Client Site (see above bullet), Intuit Financial Services supports any Operating System that is supported by that browser vendor.
Terms to Know System Administrator – Intuit employee(s) that have access to the financial institution's BFS system and maintain certain settings and options that are not accessible by the Lead Bank Administrator. Lead Bank -A financial institution that has a license agreement to use Intuit Financial Services’ products. Lead Banks have their own Corporate Customer and Bank Customer base. Lead Bank Administrator – One financial institution employee that has full access to BFS and is setup by Intuit Financial Services during the implementations process. Bank Personnel/Bank Users – Users at the financial institution who are responsible for the setup and management of the system and installed products. When permitted, Bank Users can perform all bank functions. Corporate Administrators – Users at corporate entities who are responsible for several corporate level administrative tasks, such as granting permissions, assigning accounts, and setting up product functions. Corporate Administrators can also be permitted to non administrative corporate functions. Corporate Users - Users at corporate entities who can be permitted to non-administrative corporate functions.
Security User Password Expiration – User passwords are subject to periodic change. This expiration duration is set by the financial institution (set via Security Center PR Settings). The minimum is 0 days and the maximum is 365 days. When a user’s password has expired, they are prompted to change their password before they can access the system again. The Password Expiration Warning setting (set via Security Center PR Settings) allows the financial institution to have the system display a warning regarding the number of days until the user’s password expires. The warning displays to the user on the Dashboard upon login. The financial institution sets the number of days before the user password expires that the system start to display the warning. NOTE: The Customer Password does not expire.Invalid Password Lockout – Access to BFS is denied after the user reaches the number of failed logins specified by the financial institution (set via Administration Leadbank). The minimum is 1 attempt. The maximum is 5 attempts. NOTE: The Customer Password does not cause a lockout.Session Inactivity Timeout - There is a “soft” timeout in which users are automatically logged off of the system after a designated period of inactivity (set by the financial institution via Administration Leadbank) and are prompted to enter their password before being able to continue. The timeout begins as soon as the user hits the login page. The minimum soft timeout is 30 seconds and the maximum soft timeout is 900 seconds. There is also a “hard” timeout feature in which BFS automatically logs users off of the system after 30 minutes of inactivity. The user is taken to the login screen where they must enter all four parts of their login credentials to gain access to the system again. The hard timeout automatically occurs regardless of what the financial institution sets for the soft timeout. NOTE: The system displays a timeout warning message that allows the Corporate User to extend their login session without timing out of BFS and losing data. The setting that controls when the warning message is displayed to the Corporate User is set via System Options Infrastructure Inactivity_Warning_Notice.Inactive User Lockout – A user is locked out of BFS if the user has not logged in to the system within the certain number of days (specified by the financial institution via Administration Leadbank). The user must be unlocked by a Bank User (or a Corporate Administrator if the user is a Corporate Administrator/User) in order to access the system again. The minimum is 1 day and the maximum is 120 days. Password History – BFS remembers a certain number of previously used passwords for a user (specified by the financial institution via Security Center PR Settings) in order to prevent the user from using the same password again. The minimum is 0 previously used passwords and the maximum is 20 previously used passwords. NOTE: These features apply to both Bank and Corporate Users.
Security Center Overview • Security Center is a group of components that enhance the security of the BFS login procedures and user sessions. • Password Reset (standard) – allows the Bank or Corporate User to change their password upon forgetting their User Password. • DI Challenge (optional, separately-purchased) - is a cookie-based challenge question authentication process whereby the user’s computer credentials are stored and recognized as part of the user’s login information. When the user ID and computer are recognized, the user is allowed to access BFS. However, if the user is recognized but the user’s computer is not recognized, the user is prompted to answer a set of three challenge questions before being able to access BFS. Users establish these challenge questions and answers upon their initial login to BFS. • Challenge Manager (optional, separately-purchased) - provides additional security for specific BFS services. Bank Users indicate which BFS services require additional verification from users. If a service requires verification, the user must enter a response from a token or a OneTimePasscode (OTP) response sent via SMS text, voice message, or email before the user can access the selected service. NOTE: There is a separate detailed training that covers Challenge Manager with OTP located on the Resources page. • Dual Verify (optional, separately-purchased) – is a cookie-based authentication process whereby the user’s computer credentials are stored and recognized as part of the user’s login information in order to help prevent security breaches that may result from phishing, spyware, key logging, and account takeover threats. When the user ID and computer are recognized, the site displays a recognized image and text phrase to the user, indicating that it is safe to complete the login. However, if the user is recognized but the user’s computer is not recognized, the user is prompted to answer one of their challenge questions before being able to access BFS. Users establish three challenge questions and answers upon their initial login to BFS. NOTE: These features apply to both Bank and Corporate Users.
Login Screen • Both Bank and Corporate Customers use the same screen to log in to BFS. A four-part login is required for access: • Customer ID and Customer Password - identifies the financial institution or business • User ID and User Password – identifies the individual user at the financial institution or business • NOTE: A three-part login will be utilized if the financial institution has purchased Dual Verification (the user is prompted for their User Password after verifying their picture) or if the financial institution opts to have IFS disable the Customer Password (the Customer Password field label exists but the Customer Password input field is not displayed). • Customer ID and User ID can be 1 to 12 characters in length (not configurable). • Customer Password and User Password requirements are set via the Security Center PR Settings service.
Initial Login If Password Reset or DI Challenge has been enabled, upon initial login, the user is prompted to establish a set of security questions and answers. Then, under the "Remember this computer?" section, the user will determine if they want to enroll their computer in DI Challenge by either selecting “Yes” (which places a cookie on the computer for identification on future logins) or selecting "No" (which will keep computer from being recognized upon future logins and the user will need to answer their 3 challenge questions correctly in order to access BFS). NOTE: These questions/answers will be used for both Password Reset (when a user needs to reset their password) and DI Challenge (when a login to BFS occurs from a unrecognized computer). NOTE: The "Remember this computer" section will not display if DI Challenge is not enabled. After setting up their security questions and answers, the user is prompted to change their password.
Initial Login with Challenge Manager If Challenge Manager with OTP is enabled,upon initial login, users are prompted to set up at least one phone number (for SMS text or voice message) or email address to which they would like to receive their One Time Passcodes. NOTE: The login screen as well as any other BFS screen can be set as a challenge points by financial institution via the Security Center --> Challenge Manager service.
Initial Login with Challenge Manager (cont’d) If the financial institution sets the login screen to be a challenge point, any time the user logs in to BFS in the future, the user will be prompted to select how they would like to receive their One Time Passcode (SMS text, voice message, or email). The user will retrieve the system generated OTP via the aforementioned selected method and should enter the OTP on screen. If correct, the user will be allowed access in to BFS. If the OTP is not accepted, another passcode can be requested and delivered. However, the user will be locked out when the maximum number of passcodes have been delivered. Challenge Manager (with tokens): If the financial institution chooses to use tokens for Challenge Manager, each user will be given a token to be used in BFS. Any time the user attempts to access a service that has been enabled with Challenge Manager by the financial institution, the user is prompted for a token response. The user will enter the response show n on their token. If correct, the user will be allowed access to the particular service.
Initial Login with Dual Verify If Dual Verify is enabled, upon initial login, users enter their User Password on the enrollment screen (as opposed to the login screen) and click the Enroll button. Users select an image and enter a phrase to be displayed upon all future logins to BFS.
Initial Login with Dual Verify (cont’d) • Then, the user is prompted to choose three challenge questions and provide an answer to each. These questions will be used when a login to BFS occurs from a unrecognized computer. • The system confirms the user’s selected image, phrase, and questions. Then, under the “Remember this computer?” section, the user can: • Select “Yes” to place a cookie on the computer to identify the computer on future logins. • Select "No" and the computer will not be recognized upon future logins and the user will be prompted to answer one of their 3 challenge questions correctly in order to access BFS.
To navigate through the system, select a service group from the drop-down menu (on the left) to display the associated service tabs for that selected service group, then select the service tab to display the specific service. Navigating the BFS System • The utility navigation links (located in the upper right) can be used to offer assistance: • My Dashboard – returns the user to their Dashboard screen • Help -provides context related help for the page the user currently displays • Messages - displays any current bulletins to the user • Contact - provides the bank defined contact email and telephone numbers • Logout - logs the user out of the application
Every item (i.e. Wire Template, Corporate Customer, Currency, etc) in BFS is given a Code and a Name upon being added to the system. The Code is a short identifier for the item and the Name is the name of the item. The Code and Name fields allow users to: Search for specific existing items - If the user enters information in the Code and/or Name fields and clicks the Find/Refresh button, the system will display a list of items that match the searched item. TIP: The system can perform a search off of partial data entered in the Code and/or Name fields. For example, a user can enter “dog” in the Name field and the system will display a list of results that have “dog” in the Name. Add new items - If the user enters information in the Code and/or Name fields and clicks the Add button, the system will display the appropriate Add Entry screen that the user will fill out to add the item in BFS. Codes and Names
Input Fields Input fields with labels in red or with asterisk (*) are required fields. Fields with labels in black are not required fields. The numbers to the left of the field (i.e. (34)) indicate the maximum (sometimes minimum/maximum) character input. Input Fields
Dashboard The Dashboard is a one page summary screen that can be permitted to both Bank and Corp Users. If permitted, the Dashboard displays as the user’s default landing screen after login. At any time, the user can get back to their Dashboard by selecting “Dashboard” from the dropdown menu. NOTE: The Dashboard will only display if the Bank User has been permitted to the “dashboard: Dashboard” service via the Bank Personnel Bank User Permissions service. • For Bank Users, the Dashboard contains only 3 portlets: • Message of the Day • Action Required • Most Used Services • There are 4 additional portlets for Corporate Customers (one is an Administration portlet and the other 3 portlets are “permission-driven” as they only display if the Corporate Administrator or User is permitted to the particular corresponding service): • Administration - displays to Corporate Administrators only • Financial Overview – displays to Corporate Administrators and Users that are permitted to either the “Same Day Report” or “Previous Day Report” Balance Reporting service • Favorite Reports - displays to Corporate Administrators and Users that are permitted to the Favorite Reports service • Book Transfers - displays to Corporate Administrators and Users that are permitted to the Book Transfers service • NOTE: Please refer to the “Dashboard for Corporate Users” section for additional information regarding the Corporate Customer’s Dashboard.
Dashboard (cont’d) • Bank Users can change their landing page to be something other than the Dashboard via the Administration Self Admin service.
Message of the Day The Message of the Day portlet allows Bank Users to add information (such as scheduled downtime information) on other Bank or Corporate Administrators and Users’ Dashboards. Save Icon The Message of the Day text displays here. TIP: If a message needs to be displayed to all Bank and Corporate Admins/Users, then the same message will need to be set for “Message of Day: Permission Driven”, “Message of Day: Admin Only” as well as “Message of Day: Bank Administrator”. • To create a Message of the Day: • Step 1: Select the audience for the message from the Message Type dropdown: • Permission-Driven – Displays to Corporate Users as well as any Corporate Administrators with the Dashboard Style: “Permission Driven”. If a Corporate Administrator’s Dashboard Style is “Permission-Driven” that means that their Dashboard displays the standard portlets (Message of the Day, Action Required, and Most Used Services), the Administration portlet, as well as any of the 3 “permission-driven” portlets to which the Corporate Administrator is permitted. • Admin-Only – Displays to Corporate Administrators with the Dashboard style: “Admin Only”. If a Corporate Administrator’s Dashboard Style is “Admin-Only” that means that their Dashboard displays the standard portlets (Message of the Day, Action Required, and Most Used Services) and the Administration portlet only. • Bank Administrator – Displays to all Bank Personnel. • Financial Overview – Displays to any Corporate Users/Administrators with the Financial Overview portlet. NOTE: This message displays in the “Financial Overview” portlet. • Step 2: Enter the desired message. The message will appear in the preview area for review. Use the buttons for bold, italics, underline and hyperlink for HTML formatting. • Step 3: Click the Update Message button (or the save icon).
Action Required The Action Required portlet allows Bank Users to view how many Corporate Administrators/Users are in a “pending” status because they have had a change to their permissions, a change to their password, or have been added to the system. NOTE: Only Corporate Customers with “Secondary Admin Approval” enabled require approval when any of the aforementioned changes are made to their Corporate Administrators/Users. If action is required, Bank Users can click on the active link to be directed to the appropriate approval/review page. NOTE: Only the Bank Users that have the “Admin Approval” permission will see Corp Users listed in this portlet and be able to approve or reject changes. If the Bank User does not have this permission (or if no transactions are needing to be approved), the portlet will state: “Watch here for transaction review or approval requests.” TIP: Permit Corporate Administrators and/or Corporate Users to the “Administration: Admin Approval” service so that they can approve or reject these types of changes made to their own Administrators/Users as opposed to Bank Users having to do this on behalf of the Corporate Customer.
Most Used Services The Most Used Services portlet allows Bank Users to quickly access the 5 services that the system has identified as the most used for that user. The user clicks on the link in the portlet (as opposed to having to use the navigation dropdown) to access the service. NOTE: The links that appear for the user will vary depending on services they have been using recently and will change accordingly with the user’s change in use of the system.
Password Reset If a Bank or Corporate User forgets their password, the user can reset it via the following steps: Step 1: On the login screen, enter in the Customer ID, Customer Password (if not disabled), and User ID. Leave the User Password field blank and click the Password Reset button. Step 2: The system displays the stored security questions. Enter the correct answer to each question and click the Submit button. Step 3: Enter a new password and confirm the new password. Then, click the Submit button to be taken directly into the BFS system. NOTE: If a Corporate User forgets their answers to their security questions, they should contact their Corporate Administrator (or the financial institution). Bank Users should contact the Lead Bank Admin to be reset. The Lead Bank Admin can be reset by the System Admin.
Password Maintenance Bank and Corporate Users can change their User Password at any time while logged in to BFS via the following steps: Step 1: Go to the Security Center Password Maintenance service. Step 2: Choose the “Change Your Password” link. Step 3: The system will display the stored security questions. Enter the correct answer to each question and click the Submit button. Step 4: Enter in the current password and the new password . Confirm the new password and click the Submit button.
Security Questions Maintenance Bank and Corporate Users can change their Security Questions at any time while logged in to BFS via the following steps: Step 1: Go to the Security Center Password Maintenance service. Step 2: Choose the “Change Your Security Questions” link. Step 3: Enter in the current password and answer all 3 security questions. Then, click the Submit button.
Security Questions Maintenance (cont’d) Step 4: Choose a question from the dropdowns and provide an answer for each question. Then, click the Submit button. • NOTES: • If DI Challenge is not enabled, the “Remember this computer” section will not appear. • If DI Challenge is enabled, the same set of security questions is used for both DI Challenge and Password Reset.
OTP Delivery Channel Maintenance Bank and Corporate Users can modify their OTP delivery channels via the following steps: Step1: Go to the "Administration Self Admin" service. Step 2: Click the One Time Passcode tab. Step 3: Edit the necessary phone numbers or email addresses to which passcodes should be sent and click Submit.
Dual Verify Image/Phrase Maintenance Bank and Corporate Users can modify their Dual Verify image, phrase, and/or challenge questions via the following steps: Step1: Go to the “Security Center Dual Verify Settings" service. Step 2: Click the appropriate link to be taken to the corresponding screen for edits.
Dual Verify Image/Phrase Maintenance (cont’d) Screen to edit the image and/or phrase used with Dual Verify. Screen to edit the challenge questions used with Dual Verify.
Practical Applications • Define the following types of BFS users. • Lead Bank Admin • Bank Personnel/Bank Users • Corporate Administrators • Corporate Users • True/False: All of the Security features (User Password Expiration , Invalid User Lockout, Session Inactivity Timeout, and Inactive User Lockout) apply to users at both the financial institution as well as the Corporate Customer. • What happens when a user hits the financial institution’s defined User Password Expiration setting? • What happens when a user hasn’t logged into BFS within the financial institution’s defined Inactive User Lockout period?
Practical Applications • Define the following types of BFS security features: • Password Reset • DI Challenge - “Remember this computer” • Challenge Manager • Dual Verify • When would a user be prompted to answer their challenge questions? • The user logged in from an unrecognized/un-enrolled computer. • The user is attempting to reset their password via the Security Center Password Maintenance service. • The user is attempting to reset their challenge questions via the Security Center Password Maintenance service. • The user is attempting to rest their password via the Password Reset feature. • A, B, and D. • All of the above. • True/False: The same set of security questions is used for both DI Challenge and Password Reset. Questions continue on next page!
Practical Applications • True/False: If a user is not permitted to the Dashboard, they will not see any messages set via the Message of the Day. • Bank Users utilize the Action Required portlet for which of the following: • to approve transactions (i.e. book transfers, ACH, wires, etc) • to approve the text set for the Message of the Day • additions, permission changes and password changes of Corporate Administrators/Users • True/False: The services that appear in Most Used Services portlet are the same for all Bank Users.