CorporateConnect User Management enforces the segregation-of-duties and approval discipline your auditors, board and cyber-insurance carrier expect from a commercial bank portal. Maker/checker workflows on every payment, tiered approval chains based on amount and risk, SAML SSO into your identity provider, permission inheritance across entities and complete audit logging on every click.
Built for the commercial operator whose AP clerk, treasury analyst, controller and CFO all need different slices of CorporateConnect — and whose audit team needs to prove that segregation held up every day of the fiscal year.
Open User Management Security Overview
User Management covers every capability around who sees what, who does what and who approves what. Configure once at the administrator level and CorporateConnect enforces consistently across wires, ACH, reporting and exports.
CorporateConnect User Management goes beyond basic role assignment. Every capability below exists to satisfy a specific audit or operational requirement.
Administrators provision users, assign roles, set transaction limits and configure approval chains. At least two Administrators are required for every company — no single point of failure. Administrator changes themselves require dual approval on production.
Transaction initiators cannot approve their own transactions. Every wire, ACH batch, beneficiary add and permission change flows through the maker/checker workflow. Aligned with Federal Reserve payment system controls for operational risk management.
Chains configurable by amount, currency, originating account, beneficiary country or transaction type. Up to five approval levels. Parallel and sequential approval supported. Time-based escalation if approvals stall.
Granular entitlements for every action: view balance, initiate wire, approve wire, add beneficiary, export data, view audit log, etc. Entitlements assign per role, per user, per entity and per account.
Permissions cascade through entity hierarchies. Grant parent-level access; subsidiaries inherit automatically. Override at any level for exceptions. Eliminates the manual per-account grant work that plagues legacy systems.
SAML 2.0 federation with Okta, Azure AD / Entra ID, Ping Identity, OneLogin, Google Workspace and any compliant IdP. Just-in-time provisioning on first login. Group claims map to CorporateConnect roles. SSO log in events flow through the central audit log.
Baseline configuration most CorporateConnect commercial clients adopt, tuned during implementation by your U.S. Bank treasury relationship manager.
| Role | Typical Permissions | Recommended Limits |
|---|---|---|
| Administrator | Manage users, roles, chains, limits, entitlements; full audit view. | No transaction initiation rights |
| Senior Approver (CFO / Treasurer) | Approve wires, ACH, beneficiary adds at all levels. | Up to $25M per wire |
| Approver (Controller) | Approve wires, ACH at tiered levels. | Up to $5M per wire |
| Senior Initiator (Treasury Analyst) | Initiate wires, ACH, prepare beneficiary adds, view reports. | Initiate up to $10M |
| Initiator (AP Clerk) | Initiate vendor ACH, prepare wires from templates, view AP reports. | Initiate up to $250K |
| Viewer (Business Unit Lead) | View balances and transactions within assigned entity; no initiation. | Read-only |
| Auditor (Internal/External Audit) | Read-only on transactions, audit logs, approval chains. | Read-only, time-bound access |
| Reconciler | View transactions, export data, run reports. | No initiation; export audit logged |
| Custom (per client) | Any combination of granular entitlements. | Administrator-defined |
How CorporateConnect enforces access discipline day-to-day without adding friction for legitimate operators.
External audit requests "list of users who approved wires over $1M in FY25." Administrator exports the approval-log report filtered to amount > $1M with approver metadata. One click. Audit receives a timestamped CSV with every approval event. Walkthrough testing evidence that would take a week in a legacy platform completes in minutes.
Pair with the Transaction Reporting module to join approvals against actual postings for full lineage.
Employee departs; HR deactivates their Okta identity. The SAML session at CorporateConnect invalidates immediately on next token refresh. If the user had active approval queues, CorporateConnect reassigns pending items to their backup per pre-configured escalation. No manual access revocation required. This is the gap that trips most mid-market firms on pen-test findings.
Just-in-time provisioning, group-claim mapping and instant SSO deprovisioning together deliver what the cybersecurity guidance from federal agencies describes as "identity lifecycle control."
Acquiring company adds 34 new AP and treasury users to CorporateConnect. Administrator uploads a CSV template with names, emails, roles, entity mappings and limits. System provisions accounts, sends enrollment invitations, configures entitlements. Thirty-four users onboarded in under 10 minutes. Users land into the correct role structure on first login. Historical onboarding friction — roughly two business days per cohort — eliminated.
For SAML-configured companies, add the new users to the appropriate Okta/Azure AD group and CorporateConnect creates accounts on first SSO login.
