Security Settings - Super Admin

If you're a Sertifi Super Admin for your portal, you can update and make changes to the following security settings:

You can access these account settings through the portal by clicking AdministrationAccount SettingsSecurity Settings.

Only users with Super Admin status can make changes to any of these portal settings.

Security groups

Your Sertifi portal is prepopulated with four built-in security groups:

security groups

  • Role: Admin
  • Role: Auditor
  • Role: Power Admin
  • Role: Super Admin

These groups contain the standard security settings for each of the user types for the Sertifi Portal.

Security Settings Definitions

Refer to the following list for information on what each specific setting can enable or disable for a given security group.

  • Can invite participants - Controls if the Admin can invite participants from folder maintenance.

  • Can view documents on maintenance page - Controls if the Admin can access prefill/add locations, remove an unsigned document, replace document, expire document, download the original document, or view the partially/fully signed document.

  • Can view unmasked document - Can view unmasked document.

  • Can edit participant uploads - Controls if the Admin can edit the participant upload task.

  • Can add new payments on maintenance page - Controls if the Admin can add a new payment to an existing folder.

  • Can add payments when sending - Controls if the Admin can send a payment request when creating a folder.

  • Can edit payments on maintenance page - Controls if the Admin can edit a payment in a folder including deleting an unpaid payment.

  • Can view last 4 and type of payment method - Controls if the Admin can view the card/accout type, bank name, last 4 digits of the card number, and card expiration date on the payment receipt.

  • Can edit sending page defaults - Allows a user to configure sending page defaults.

  • Can clone payments - Controls if the Admin can clone a payment without having to resend a new payment request.

  • Can refund payments - Allows a user to return funds to a payer.

  • Can view payment information - Controls if the Admin can unmask and view the credit card information (card type, card number, expiration date).

  • Can view eConfirmations payment information - Controls if the Admin can unmask and view the credit card information (card type, card number, expiration date) used for an eConfirmation.

  • Can view eConfirmations - Allows a user to see any new eConfirmations that the portal has received.

  • Maximum payment clone amount - Sets the max clone amount an Admin can enter when cloning a payment.

  • Maximum that can be refunded over original amount - Maximum that can be refunded over original amount.

Viewing payment information

You can choose to either create a separate security group, outside of the built-in role groups, or add the ability to view payment information to a preexisting group. By default, no users created in the Sertifi portal, regardless of Sertifi Admin, Auditor, Power Admin, or Super Admin role can view payment and/or authorization information. Typically, Sertifi Power Admin+ roles are granted this privilege.

Although security groups cane be configured to hide payment information and credit card numbers in the online portal, that information will still be viewable on a signed document.

Creating security groups

As a Super Admin, you can create custom security groups for your portal and add users to it. For example, if you want to make a security group that prohibits users from inviting participants, you could create a security group called No Participant Invitations, and assign users of any user level to that group. Once the user is assigned to the group, they can't invite participants to any signing documents. The users you assign to the group don't see which security groups they're assigned to.

To create a security group:

  1. Navigate to AdministrationAccount SettingsSecurity Settings.
  2. Click Add Group in the Security Groups section.
  3. Enter a name for your group. For example, No Participant Invitations.
  4. Click Create. The new security group is automatically added to the Security groups list.
  5. Click edit icon next to the name of your new security group. The Group Permissions screen appears.
  6. Select Deny or Allow for the various security settings you want for the group. If you want to select the default settings based on the user role, select Role Based.
  7. Click Save.

Adding users to security groups

Try it out

Watch a quick demo on how to add admins to security groups.

To add users to a security group:

  1. Click add member iconnext to the name of the security group. The Group Members screen appears.
  2. Click Add Member.
  3. Enter the email of the user you want to add to the group. Ensure you use the same email address that your user uses to access the portal.
  4. Click Add.

While you can't add and remove members from the built-in security groups, you can change the permissions in the security groups if you need to.

Restricting Access to Site by IP Address

You can choose whether or not to restrict access to your Sertifi portal by IP Address. If you choose to enable this, only users using a computer with the IP address you enter can access your portal. Rather than creating IP restrictions in this section, you create Allowed IP Addresses, which means that only the IP addresses you enter as allowed can access your portal.

If you want to turn this functionality off, click Off next to the section title.

restict by IP address screen

To add an allowed IP address:

  1. Enter a name of description of the IP address you want to allow.
  2. Enter the IP address. You can also enter a range of IP addresses by using a hyphen, without spaces. For example: 98.76.543.210-215.
  3. Click check icon to save, or delete icon to delete.
  4. Toggle On or Off to activate or deactivate the list of IP addresses.

Remote employees

If you have employees who are remote, working from home, or working from a different location outside of the IP range you specify, those users receive an Unable to login from this location error upon logging in. If your users run into this issue, but still need access to the Sertifi portal outside of the established IP ranges, perform the following:

  1. Instruct the user receiving the error to locate their IP address. They can do this by entering what's my IP address into Google.
  2. Instruct the user to send their IP address to you, as the Sertifi Super Admin.
  3. Send a support ticket to Sertifi requesting the IP address be added to your restricted list.
  4. Receive confirmation from Sertifi, and have your user try to log in again.