Creating users and roles allows you to manage who can access your Control Panel. You can also create different roles that restrict or allow access to certain functionalities. For example, you might have a member of your team that only needs to look at customer information but should never be able to create a transaction.

The PCI security standards council requires that you create a separate user for every person who needs access to the Control Panel. Since each user will have unique login credentials, you can track which user interacted with certain transactions.

note

For security, we recommend that all users of your Control Panel enable two-factor authentication (2FA).

Creating and editing roles

You must assign at least one role to each user, with specific role permissions granted to each role. If a user has multiple roles, the role with the greatest permissions trumps any others assigned. To create or edit a role:

  1. Log into the Control Panel
  2. Click on the gear icon in the top right corner
  3. Click Team from the drop-down menu
  4. Click the Roles tab ​to see a list of your existing roles
    • Click the New Role button to create a new role
    • Click the Edit link to the right of an existing role you'd like to alter

The Account Admin role has the maximum permissions possible and can't be edited or renamed.

Creating users

To create a new user:

  1. Log into the Control Panel
  2. Click on the gear icon in the top right corner
  3. Click Team from the drop-down menu
  4. Click the New User button at the top of the page
  5. Specify the user's email and configure their role permissions
  6. Click the Create User button

Once you’ve finished these steps, we will send an email prompting the new user to activate their account by completing the user information form. Here they will fill in their full name, create a username and password, and log into the Control Panel. After logging in, their status in the Control Panel will officially change from Pending to Active, and the Username and Name fields will be populated.

Editing users

After you’ve created a user, you can change most of their information and permissions. While you can't edit the username associated with a user, you can change the Name and Email fields, as long as the user still has access to the original email account in order to confirm the update. If they no longer have access to the original email account, you’ll need to create a new user.

To edit a user:

  1. Log into the Control Panel
  2. Click on the gear icon in the top right corner
  3. Click Team from the drop-down menu
  4. Locate the user you'd like to make changes to
  5. Click the Edit link to the right of the user
  6. Make any desired changes
  7. Click the Save button
note

When a user first sets up their account, it is possible for them to enter an email address as their username; this is separate from the Email field, which defines the email address associated with that user. If they later wish to change their email address, they will do so by adjusting the Email field. This will not impact the Username field, as usernames cannot be edited.

Password safety

In general, you’ll only need to reset your password if you’ve forgotten it, but there are some cases where resetting your password can help protect the security of your account. We recommend resetting your password in these cases:

  • You notice something suspicious in your Control Panel account
  • You suspect that someone you don't trust may have your password
  • You notice something suspicious in your email or other online accounts
  • You have recently removed malware from your system
  • We ask you to change your password

If you have not requested to reset your password and you receive an email asking you to change it, it could be a case of phishing. Instead of clicking on a suspect link in an email, log into your account to reset your password there.

Resetting user passwords

note

The Control Panel allows 6 failed login attempts before requiring a password reset.

Anyone can reset their password by clicking the Forgot link on the sign-in page. Alternatively, users with the Manage Users role permission can change passwords in the Control Panel. To reset a user's password:

  1. Log into the Control Panel
  2. Click on the gear icon in the top right corner
  3. Click Team from the drop-down menu
  4. Locate the user you'd like to make changes to
  5. Click on the link in the Username, Name, or Email column
  6. Scroll to the Authentication section
  7. Click the Change Login button
  8. Click Yes to confirm the change

The user will then receive an email to either reset their password or log in using their PayPal credentials.

important

If there is a phone number associated with the user (listed in the Details section), they will also be required to authenticate the password reset with a code sent via text to their mobile device.

Password requirements

New passwords must meet the following criteria:

  • Must be at least 7 characters
  • Must include at least 1 letter and 1 number
  • Can't be one of the last 4 previously used passwords

Log In with PayPal

If you already have an established PayPal account, you can choose to use your PayPal username and password to log into the Braintree sandbox or production environments. While this does not link your PayPal and Braintree accounts in any way, it does allow you the convenience of using only one set of login credentials for two separate accounts.

note

Enabling Log In with PayPal does not automatically set up your Braintree account to accept PayPal as a payment method. If you would like to accept PayPal via the Braintree gateway, you’ll need to configure PayPal separately.

Enabling Log In with PayPal on an existing account

If you already have Braintree user credentials and you would like to Log In with PayPal instead:

  1. Log into the Control Panel
  2. Click on your user icon in the top right corner
  3. Click My User from the drop-down menu
  4. Scroll to the Log In with PayPal section
  5. Click the Enable button
  6. Enter your Braintree user password when prompted
  7. Click the Log In with PayPal button
  8. Enter your PayPal user credentials in the PayPal pop up and click the Log In button
  9. Click the Agree button

You’ll receive an email confirming your switch to Log In with PayPal and letting you know your Braintree credentials are no longer active.

note

Once you’ve enabled Log In with PayPal on your account, your Braintree credentials will no longer be valid. If you would like to switch back, you can do so at any time by disabling log in with PayPal.

Two-Factor Authentication with Log In with PayPal

If you have 2FA set up for your Braintree user and you switch to Log In with PayPal, your 2FA settings will not transfer. If you would like 2FA, you’ll need to set up a PayPal Security Key.

Disabling Log In with PayPal

If you’d like to switch back to using your Braintree credentials, follow these steps:

  1. Log into the Control Panel
  2. Click on your user icon in the top right corner
  3. Click My User from the drop-down menu
  4. Scroll to the Log In with PayPal section
  5. Click the Disable button
  6. Confirm your Braintree username and enter a new password

New passwords must meet the following criteria:

  • Must be at least 7 characters
  • Must include at least 1 letter and 1 number
  • Can't be one of the last 4 previously used passwords

​Deleting or suspending users

If you have User Management permissions, you can suspend or delete users. Suspended users can be reactivated; deleted users will be permanently removed.

  1. Log into the Control Panel
  2. Click on the gear icon in the top right corner
  3. Click Team from the drop-down menu
  4. Locate the user you'd like to make changes to
  5. Click either the Suspend or Delete link to the right of the user
  6. Click the Yes button to confirm your selection
important

Be cautious when deleting or suspending users whose API credentials may be included in your integration – this could break your connection to Braintree and result in failed transactions. To avoid potential issues, we recommend creating an API user for the sole purpose of using their API keys for your integration.