Review & Audit Integration
Integration guide
This page sets out how to integrate the Case Review Portal with the self-service or hybrid model with single sign-on.
Setup
Provide Fourthline with the following information:
| Configuration | Description |
|---|---|
| Features | Case Processing • Escalations • Time-tracking • Case auto-assign • Case Guidance |
| Case Auditing • View only • Compliance review • Case Guidance | |
| Domain URL | Agree a domain URL that includes your name and portal.ext.fourthline.com. |
| IdP | Specify which SAML 2.0 identity provider (IdP) you are using. |
| IP addresses | Provide the IP addresses that need to access the portal for both the sandbox and production environments. |
| SAML statement | Provide a SAML metadata statement. |
Role permissions
The role permissions are managed in your organization's IdP.
Different roles are required depending on your use case: Case Processing only, Case Auditing only, or both:
| Role | Permissions | Portal&nsp;page |
|---|---|---|
Access | Can access the portal but can't view cases.  Required for all users | |
CaseProcessor | Can process cases. | Processing |
Reviewer | Can perform four-eyes reviews and edit other agents' incomplete cases. Configure your own rules for when four-eyes review is required. | Processing |
Supervisor | Can view and edit completed cases processed by other agents, unassign cases from agents, and view backlog metrics. | Processing |
DailyWatchlistAutomation | Can view and process AML Screening and Monitoring cases. | Processing |
CaseAuditor | Can view completed cases. | Auditing |
QaAuditor | Can create case samples and confirm compliance reviews. | Auditing |
UserManagement | Can assign agents to process cases for specific business partners. This role is only needed if you process cases for multiple partners. If you only process your own cases, agents are assigned automatically. | Users |
AfcReporter | Can create and download fraud and AML hit data. | Reports |
User | Can access the portal, and view and process their own cases.  Important: This role has been replaced by the Access + Case Processor roles. We recommend updating your role setup as soon as possible. |
Single sign-on
You can set up single sign-on for the Case Review Portal via federation with your IdP.
Provide Fourthline with a SAML metadata statement. You must include the following required claims:
- A unique user identifier:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Note
This claim is also referred to as Name ID or User Principal Name.
It is used as the unique identifier to match the user identity principle from the federated IdP to the shadow account in our system.
It is used as the unique identifier to match the user identity principle from the federated IdP to the shadow account in our system.
- The user's email address:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- The user's first name, also referred to as given name:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- The user's surname:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- The application roles:
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
Note
To use a different element name, contact your implementation manager.
Important
The role names specified in the AttributeValue elements must exactly match those listed under Role permissions.
Example SAML statement
The following is an example of a complete SAML statement:
<samlp:Response>
<Assertion>
<AttributeStatement>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>[email protected]</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>[email protected]</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>John</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<AttributeValue>Smith</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
<AttributeValue>User</AttributeValue>
<AttributeValue>Reviewer</AttributeValue>
</Attribute>
</AttributeStatement>
<Assertion>
</samlp:Response>
Next steps
See the detailed instructions for how to set up:
• AD FS Federation
• Azure Federation
• Okta Federation
• AD FS Federation
• Azure Federation
• Okta Federation
Updated 3 days ago