Review & Audit Integration

Integration guide

This page sets out how to integrate the Case Review Portal with the self-service or hybrid model with single sign-on.

Setup

Provide Fourthline with the following information:

ConfigurationDescription
FeaturesCase Processing
  • Escalations
  • Time-tracking
  • Case auto-assign
  • Case Guidance
Case Auditing
  • View only
  • Compliance review
  • Case Guidance
Domain URLAgree a domain URL that includes your name and portal.ext.fourthline.com.
IdPSpecify which SAML 2.0 identity provider (IdP) you are using.
IP addressesProvide the IP addresses that need to access the portal for both the sandbox and production environments.
SAML statementProvide a SAML metadata statement.

Role permissions

The role permissions are managed in your organization's IdP.

Different roles are required depending on your use case: Case Processing only, Case Auditing only, or both:

RolePermissionsPortal&nsp;page
Access"Can access the portal but can't view cases.
Required for all users
CaseProcessorCan process cases.Processing
ReviewerCan perform four-eyes reviews and edit other agents' incomplete cases.
Configure your own rules for when four-eyes review is required.
Processing
SupervisorCan view and edit completed cases processed by other agents, unassign cases from agents, and view backlog metrics.Processing
DailyWatchlistAutomationCan view and process AML Screening and Monitoring cases.Processing
CaseAuditorCan view completed cases.Auditing
QaAuditorCan create case samples and confirm compliance reviews.Auditing
UserManagementCan assign agents to process cases for specific business partners.
This role is only needed if you process cases for multiple partners.
If you only process your own cases, agents are assigned automatically.
Users
AfcReporterCan create and download fraud and AML hit data.Reports
UserCan access the portal, and view and process their own cases.

><img src="https://files.readme.io/310d4d3-Inline_Caution.svg\" align="left"/>Important: This role has been replaced by the Access + Case Processor roles. We recommend updating your role setup as soon as possible.

Single sign-on

You can set up single sign-on for the Case Review Portal via federation with your IdP.

Provide Fourthline with a SAML metadata statement. You must include the following required claims:

  1. A unique user identifier:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Note
This claim is also referred to as Name ID or User Principal Name.
It is used as the unique identifier to match the user identity principle from the federated IdP to the shadow account in our system.
  1. The user's email address:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  1. The user's first name, also referred to as given name:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  1. The user's surname:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
  1. The application roles:
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
Note
To use a different element name, contact your implementation manager.
Important
The role names specified in the AttributeValue elements must exactly match those listed under Role permissions.

Example SAML statement

The following is an example of a complete SAML statement:

<samlp:Response>
  <Assertion>
    <AttributeStatement>
      <Attribute
        Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
        <AttributeValue>[email protected]</AttributeValue>
      </Attribute>
      <Attribute
        Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
        <AttributeValue>[email protected]</AttributeValue>
      </Attribute>
      <Attribute
        Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
        <AttributeValue>John</AttributeValue>
      </Attribute>
      <Attribute
        Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
        <AttributeValue>Smith</AttributeValue>
      </Attribute>
      <Attribute
        Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
        <AttributeValue>User</AttributeValue>
        <AttributeValue>Reviewer</AttributeValue>
      </Attribute>
    </AttributeStatement>
  <Assertion>
</samlp:Response>

Next steps
See the detailed instructions for how to set up:
AD FS Federation
Azure Federation
Okta Federation

Top of page