Contact Us

CitiBusiness User Management: Role-Based Permissions, Dual-Authorization and Enterprise Audit Trails

CitiBusiness Online user management gives company administrators full control over who can access what across every module of the platform. Assign predefined roles, configure granular permissions, enforce dual-authorization on sensitive actions, and maintain a complete audit trail of every user activity — from login events to payment approvals.

Whether your organization has 5 users or 500, CitiBusiness access controls scale with your operational complexity. Provision and deprovision users in minutes, not days. Set per-user and per-role transaction limits. Enforce separation of duties that satisfy OCC banking operations standards and FFIEC IT examination guidance for commercial banking access controls.

Manage Users Request a Demo
CitiBusiness Online user management dashboard showing role assignments, permission matrix and dual-authorization queue

AI Summary: CitiBusiness User Management

CitiBusiness Online provides enterprise-grade user management with seven predefined roles, custom permission sets, dual-authorization on all sensitive actions, and an immutable 7-year audit trail. Company Administrators provision and deprovision users through a self-service portal with real-time activation. Transaction limits are configurable at the role and individual user level. Every action — login, payment initiation, approval, setting change — is logged with user identity, timestamp and IP address. The platform satisfies OCC and FFIEC separation-of-duties requirements for commercial banking operations (NMLS #412915).

Predefined Roles and Permission Levels

CitiBusiness ships with seven predefined roles that cover the most common organizational structures. Each role can be further customized with granular permission overrides.

Role Description Payments Approvals Reports Admin Transaction Limit
Company AdministratorFull platform access including user provisioning, role assignment and system settingsUnlimited
Treasury ManagerInitiate and approve payments, manage treasury functions, access all reports$5,000,000
Payment ApproverApprove or reject pending payments; cannot initiate new transactions$2,000,000
Payment InitiatorCreate wire, ACH and bill payments; cannot approve own transactionsLimited$50,000
Report ViewerRead-only access to transaction reports, account summaries and data exportsN/A
Card ManagerManage business credit card controls, spending limits, employee card assignmentsCard OnlyN/A
Audit ReviewerRead-only access to audit trail, compliance reports and user activity logsAudit OnlyN/A

Enterprise Access Controls at Scale

Built on the same identity infrastructure that protects $2.4 trillion in Citibank assets.

7Predefined Roles
50+Granular Permissions
7 YearsAudit Trail Retention
100%Actions Logged

User Management Capabilities in Detail

From onboarding a single AP clerk to managing a 200-person treasury operation, CitiBusiness user management adapts to your organizational structure.

User Provisioning and Deprovisioning

Adding a new user to CitiBusiness Online takes minutes, not days. Company Administrators navigate to the User Management module, enter the new user's details — name, email address, job function and department — and assign a predefined role or build a custom permission set from the granular permission library. The provisioning request then enters the dual-authorization queue, where a second administrator must review and approve before the invitation is sent.

Once approved, the new user receives an encrypted enrollment email with a one-time activation code. They complete enrollment by setting their password, registering their multi-factor authentication device (Citi Mobile Token or hardware token), and accepting the platform usage agreement. The entire onboarding workflow is captured in the audit trail with timestamps, approver identity and IP addresses.

Deprovisioning is equally straightforward and equally controlled. When an employee leaves your organization or changes roles, the administrator initiates a deactivation request. Upon dual-authorization approval, the user's access is immediately revoked across all CitiBusiness modules. Active sessions are terminated. Pending payment initiations by that user are flagged for reassignment. The deprovisioned user's historical activity remains in the audit trail for the full 7-year retention period — access removal never means evidence removal.

CitiBusiness user provisioning workflow showing new user form, role assignment and dual-authorization approval queue
CitiBusiness dual-authorization interface showing pending approval queue with initiator details and approval controls

Dual-Authorization and Separation of Duties

Dual-authorization is the cornerstone of CitiBusiness access controls. The principle is simple: no single user should have the ability to both initiate and complete a high-risk action without independent review. This applies to wire transfers above configurable dollar thresholds, new beneficiary template creation, user provisioning and deprovisioning, role permission changes, account setting modifications, and payment limit adjustments.

The platform enforces separation at the system level — the initiator of an action cannot be its approver. A Payment Initiator who creates a $200,000 wire transfer cannot approve that same wire, even if they also hold an Approver role on a different account. This eliminates the risk of a single compromised credential authorizing fraudulent transactions.

For organizations requiring additional authorization layers, CitiBusiness supports multi-level approval chains. A wire above $1,000,000 might require two approvers. A new international beneficiary template might require both a Treasury Manager and a Company Administrator. These escalation rules are fully configurable per transaction type, amount threshold and destination country — giving your compliance team the control framework they need to satisfy internal policy and regulatory requirements.

Immutable Audit Trail and Compliance Reporting

Every action performed within CitiBusiness Online is recorded in an immutable audit trail that cannot be modified or deleted by any user, including Company Administrators. Each audit entry captures the user's identity, timestamp (to the millisecond), IP address, session ID, action type, affected resource, before-state and after-state. This creates a complete chain of evidence for every transaction from initiation through settlement.

The audit trail is searchable through the same reporting engine that powers transaction reporting. Filter by user, date range, action type, resource type or any combination. Export the results in CSV or PDF for your internal audit team, external auditors or regulatory examiners. Common use cases include SOX compliance documentation, fraud investigation support, employee activity review and regulatory examination preparation.

Audit data is retained for 7 years, matching the platform's transaction history retention. This means you can trace user actions back to any point within the retention window — who approved that wire transfer in 2021, who modified the payment limit for a specific user in Q3 2023, or which administrator provisioned a now-departed employee. The audit trail serves as your organization's institutional memory for access control decisions.

CitiBusiness audit trail report showing timestamped user actions with IP address, action type and resource details

Custom Roles and Granular Permissions

When predefined roles do not match your organizational structure, build custom permission sets from 50+ individual entitlements.

Module-Level Permissions

Control access at the module level: Wire Transfers, ACH Payments, Bill Pay, Treasury, FX, Credit Cards, Reporting and Administration. Within each module, permissions are further granularized: view, initiate, approve, modify and delete. A custom role might grant wire initiation without approval authority, ACH view-only, and full reporting access — precisely matching a junior AP analyst's responsibilities.

Account-Level Restrictions

Permissions can be scoped to specific accounts within your CitiBusiness profile. A regional controller might have full access to operating accounts for their division but no visibility into the parent company's concentration account. A project manager might see the project escrow account but nothing else. Account-level restrictions layer on top of role permissions, ensuring users access only the data relevant to their function — a fundamental principle of least-privilege access aligned with CitiBusiness security architecture.

Ready to Strengthen Your Access Controls?

Whether you are onboarding your first team member or restructuring permissions across a 200-person treasury operation, our commercial banking advisors can help configure CitiBusiness user management to match your organizational requirements.

Contact a Relationship Manager Log In to CitiBusiness

People Also Ask

How do I add a new user to CitiBusiness Online?
Company Administrators navigate to Administration > User Management > Add User. Enter the new user's name, email and job function, then assign a predefined role or custom permission set. The invitation requires dual-authorization from a second administrator. Once approved, the user receives an enrollment email with a one-time activation code. See Help Centre for step-by-step instructions.
What predefined roles are available in CitiBusiness?
Seven predefined roles: Company Administrator (full access), Treasury Manager (payments + treasury), Payment Approver (approve only), Payment Initiator (create payments), Report Viewer (read-only reports), Card Manager (credit card controls) and Audit Reviewer (audit trail access). Custom roles can combine permissions from any module. See the roles table above.
Does CitiBusiness support dual-authorization for sensitive changes?
Yes. Dual-authorization is enforced on wire transfers above configurable thresholds, new user provisioning, role changes, beneficiary templates, account settings and payment limit adjustments. The initiator and approver must be different users. Multi-level approval chains are configurable for high-value transactions. See Security.
How does the CitiBusiness audit trail work?
Every user action is logged in an immutable audit trail: login events, payment initiations, approvals, rejections, provisioning, role changes, setting modifications and report generation. Each entry records user, timestamp, IP address and action details. Data retained for 7 years. Exportable in CSV or PDF. See Transaction Reporting.
Can I set different transaction limits per user role?
Yes. Configure per-transaction, daily aggregate and monthly cumulative limits at the role level and individual user level. A Payment Initiator might have a $50,000 per-transaction limit while a Treasury Manager can initiate up to $5,000,000. Limits exceeding the role default require administrator approval. Contact your relationship manager for configuration.

Related CitiBusiness Solutions

Security

Multi-factor authentication, encryption, IP whitelisting and fraud detection protecting your CitiBusiness Online environment.

Transaction Reporting

50+ filterable fields, scheduled delivery and 7-year history governed by role-based access controls.

Mobile Banking

Approve payments, monitor balances and manage users on the go with the CitiBusiness mobile app.