How Desk Kls Access management work?

1. Introduction to how Access management work 

Access is defined by having one's email address entered as a contact on behalf of a financial institution. Every user of an app, whether a customer or not, therefore has authorisation.

However, there is a difference in access management for users of a client financial institution (holding a Desk licence) and those of a non-client financial institution (simply invited): The “Access management” page.

If you are a user of the Desk on behalf of a non-client financial institution, access is managed reactively and only by invitation from a client financial institution, on a per-transaction basis.

Conversely, a client financial institution can proactively manage its employees' authorisations via a dedicated page.

The “Access management” page enables you to:

• Manage your organisation chart;
• Add or archive users on behalf of your entity;
• Assign personalised roles and rights to each user.

2. Desk Kls: roles

• Team leader:

This role is frequently assigned to team managers or those responsible for managing tool/software authorisations on behalf of employees.

It grants the following rights, solely for the entity or entities where the user is authorised:

• Access the “Access management” page
• Create/manage teams
• Create/manage user access

By capillarity, a Team Manager sees and has access to transactions created and managed by users in his or her team and in lower-level teams. If a Team Leader is added to a team, he or she automatically gains viewing and access rights to the transactions of users present in that team, as well as users in related lower-level teams.

A Team Leader empowered at root team level (see below) will therefore have full visibility of all existing transactions on the Kls Desk.

• User:

The “User” role is a simple user. You become a user as soon as you have been entered as a contact within a entity.

It has no specific capabilities beyond the rights assigned to it (see rights below), and will only be able to view items it has created (if it has the right to do so) or to which it has been specifically invited by a peer. 

3. Access management

The "Access management" page is accessible only if you have the “Team Leader” role (see above). It enables you to manage the users who have access to your entity's Kls space, as well as the teams and rights of each user.

To access it, follow these steps:

• Log in to the platform
• Hover over the entity icon at the bottom left of your screen
• Click on “Access management”

1. Basic teams : 

When you become a Kls customer, at your first login to the Access management, you will find an organisation chart consisting of a single team—the root team. It's from here that the other teams can be created. Once onboarding is complete, the root team should contain only the highest hierarchical managers.

This page is divided into three tabs:

• The “Authorised” tab: contains users who have been assigned to one of the entity’s teams and granted access rights.
• The “Guests” tab: contains users who have been invited to participate in an transaction in Debt Syndication or Debt Tracking but not been authorised. They are not in any of the teams in the organisation chart and have no rights except for the transactions they have been invited.
• The “Archived” tab: contains users whose access rights have been revoked. They no longer have access to the platform via this entity.

2. Create a team : 

When creating a new team, the team leader has two options: at the same level as an existing team, or below an existing team.

By hovering the cursor over an existing team, you may decide where to add the new team, using the (+) symbol that appears (in this case, below or next to it).

When teams are on the same level, there is no connection between them. This creates a veritable "Chinese wall" between two teams, as user activity on one team will be completely invisible to the other.

Conversely, when a team is created beneath another, it is possible to implement the principle of capillarity, enabling “higher” teams to view activities carried out by the collaborators in the “lower” team.

In this way, a manager of a group of collaborators split across several teams can maintain an overview of the activity of their teams, without one teams being able to see the activity of another.

3. Create (or modify) a user

Only a user with the Team Leader role can add or modify a user.

He or she may act only on the team in which he or she is empowered, as well as on any subordinate teams.

To create a new user, simply go to the Access management page. Then you have two options: 

•  Create a user directly using the “Add some users” button within the organisation chart view.
•  Create a user after clicking on the team to which they will be assigned. In this case, the team selection will be pre-filled.

There are three steps to add the user:

• Enter basic information: email address, team, and markets
• Specify the role
• Specify access rights

Once validated, a new entry will appear in the list of team users, displaying the collaborator's email address and the message “Invitation sent by email”. This signifies that the new user has received an email from no-reply@kls-desk.com to initialise the account (set a password and complete details). Once their profile is completed, you will see the first name and last name.

i. Assign markets

When settling up user profiles, you may customise their scope of access.

There are 8 different markets: Corporate, Pro, Agriculture, Public Authorities, Renewable Energy, Real Estate development, Public-Private Partnership, and Wealth Management.

The markets assigned to a user have the following impacts:

• Debt Syndication:
  • A user with creation rights in Debt Syndication may only create transactions for the markets for which they are authorised.
  • When inviting a Kls client entity, the list shows:
    • First, users authorised for the relevant market to the specific transactions
    • Second, those authorised for the other markets
• Debt Tracking: The markets assigned to a user do not affect their use of this app.
• Debt Eligibility:
  • A programme manager may create and access programmes for the markets in which they are authorised.
    A distributor may access and make reservations in programmes pertaining to the markets for which they are authorised.
  • The markets assigned to a user are of primary importance whenever their entity is invited to an operation via Kls Desk.

ii. Assign creation rights

As Kls is a multi-app software publisher, you may use our tools  in several ways depending on your subscriptions. 

You can assign creation rights by app in the Desk, specifically:

• Debt Syndication: allows a user to create financing transactions collaboratively with their partners. See the article on How to create and manage an transaction in the Debt Syndication app.
• Debt Tracking: allows a user to create syndicated and/or bilateral transactions in conjuction with lenders, clients, and internal teams. See the article on How to create and publish an transaction in Debt Tracking.
• Debt Eligibility – CDC journey: See the article on specific rights for the CDC journey (currently under construction).

5. Archiving and access management

A Team Leader may archive a user who falls within their scope. This action instantly deactivates the user’s access. The user will therefore lose access to all transactions.

To archive a user:

• In the Chart view, click on the team of which the user is a member. In the corresponding row for the user, click the three dots at the end of the row, then select “archive”.
• In the List view, use the search bar to enter the user’s first name, last name, or email address to easily find them. Then click the three dots at the end of the row and select “archive”.