Docs/Institutional Settlement/User and Access Management

User and Access Management

Production Track

Role-based access control for local portal and openibank.com online operations, including MFA, approvals, and audit trails.

Objective

Provide one access governance model that works for self-hosted local nodes and online enterprise tenants.

Identity Modes

Local mode supports operator-managed accounts with no mandatory cloud identity dependency.

Online mode supports federated enterprise identity patterns such as SSO and SCIM-aligned onboarding workflows.

Role and Approval Boundaries

Roles map to explicit capabilities across trading, settlement, node operations, and audit export.

Privileged operations can require dual approval to reduce single-operator risk in institutional environments.

Audit and Security Controls

Account lifecycle changes, role updates, and sensitive actions are expected to be audit-visible and exportable.

MFA coverage, session policy, and anomalous access handling should be monitored as first-class production controls.

Interfaces

Local Portal User Console

/portal/users for self-hosted user and role operations

Online User Console

/enterprise/users for openibank.com tenant and institution account governance

Production Checkpoints

  • All users have explicit role and scope assignments
  • Privileged role changes require documented approval path
  • MFA policy and coverage metrics are measurable
  • Audit timeline captures account lifecycle mutations

Continue exploring

Institutional Settlement