Creating users and roles allows you to manage who can access your Control Panel. You can also create different roles that restrict or allow access to certain functionalities. For example, you might have a member of your team that only needs to look at customer information but should never be able to create a transaction.

The PCI security standards council requires that you create a separate user for every person who needs access to the Control Panel. Since each user will have unique login credentials, you can track which user interacted with certain transactions.

note

For security, we recommend that all users of your Control Panel enable two-factor authentication (2FA).

Creating and editing roles

You must assign at least one role to each user, with specific permissions granted to each role. If a user has multiple roles, the role with the greatest permissions trumps any others assigned. To create or edit a role:

  1. Log into the Control Panel
  2. Navigate to Settings > Users and Roles
  3. Click Manage Roles ​to see a list of your existing roles
  4. Click New to add a new role or Edit ​to alter an existing role

The Account Admin role has the maximum permissions possible and cannot be edited or renamed.

Creating users

  1. Log into the Control Panel
  2. Navigate to Settings > Users and Roles > New User
  3. Specify the new user's email address
  4. Choose whether the new user will have API access
  5. Select the desired role for this user
  6. Choose which Merchant Account ID(s) this user will be able to view (and manipulate, as allowed by their role)
  7. Click Create User

Once you’ve completed these steps, we will send an email prompting the new user to complete the activation process. Their status in the Control Panel will be Pending until they create a username and password. Once they’ve done so, their status will change to Active.

Editing users

After you’ve created a user, you can change most of their information and permissions. While you cannot edit usernames, you can edit the email address associated with a user as long as they still have access to the original email account in order to confirm the update. If they no longer have access to the original email account, you’ll need to create a new user. To edit a user:

  1. Log into the Control Panel
  2. Navigate to Settings > Users and Roles
  3. Locate the user and click Edit
  4. Make any desired changes
  5. Click Save

Password safety

In general, you’ll only need to reset your password if you’ve forgotten it, but there are some cases where resetting your password can help protect the security of your account. We recommend resetting your password in these cases:

  • You notice something suspicious in your Control Panel account
  • You suspect that someone you don't trust may have your password
  • You notice something suspicious in your email or other online accounts
  • You have recently removed malware from your system
  • We ask you to change your password

If you have not requested to reset your password and you receive an email asking you to change it, it could be a case of phishing. Instead of clicking on a suspect link in an email, log into your account to reset your password there.

Resetting user passwords

note

The Control Panel allows 6 failed login attempts before requiring a password reset.

Anyone can reset their password by clicking the Forgot? link on the sign-in page. Alternatively, users with the Manage Users permission can change passwords in the Control Panel. To change a user’s login:

  1. Log into the Control Panel
  2. Navigate to Settings > Users and Roles
  3. Locate the user and click either the Login, Name, or Email
  4. Under Authentication, click Change Login
  5. Confirm the the login change

Once you’ve confirmed the login change, the user will receive an email to either reset their password or log in using their PayPal credentials.

New passwords must meet the following criteria:

  • Must be at least 7 characters
  • Must include at least 1 letter and 1 number
  • Cannot be one of the last 4 previously used passwords

Log In with PayPal

If you already have an established PayPal account, you can choose to use your PayPal username and password to log into the Braintree sandbox or production environments. While this does not link your PayPal and Braintree accounts in any way, it does allow you the convenience of using only one set of login credentials for two separate accounts.

note

Enabling Log In with PayPal does not automatically set up your Braintree account to accept PayPal as a payment method. If you would like to accept PayPal via the Braintree gateway, you’ll need to configure PayPal separately.

Enabling Log In with PayPal on an existing account

If you already have Braintree user credentials and you would like to Log In with PayPal instead:

  1. Log into the Braintree Control Panel with your existing credentials
  2. Navigate to Account > My User
  3. Under Login with PayPal section, click Enable
  4. Enter your Braintree user password when prompted
  5. When prompted, click Log In with PayPal to replace your current Braintree login
  6. Enter your PayPal user credentials in the PayPal pop up and click Log In

You’ll receive an email confirming your switch to Log In with PayPal and letting you know your Braintree credentials are no longer active.

note

Once you’ve enabled Log In with PayPal on your account, your Braintree credentials will no longer be valid. If you would like to switch back, you can do so at any time by disabling log in with PayPal.

Two-Factor Authentication with Log In with PayPal

If you have 2FA set up for your Braintree user and you switch to Log In with PayPal, your 2FA settings will not transfer. If you would like 2FA, you’ll need to set up a PayPal Security Key.

Disabling Log In with PayPal

If you’d like to switch back to using your Braintree credentials, follow these steps:

  1. Log into the Braintree Control Panel with your PayPal credentials
  2. Navigate to Account > My User
  3. Under the Log In with PayPal section, click Disable
  4. Confirm your Braintree username and enter a new password

New passwords must meet the following criteria:

  • Must be at least 7 characters
  • Must include at least 1 letter and 1 number
  • Cannot be one of the last 4 previously used passwords

​Deleting or suspending users

If you have User Management permissions, you can suspend or delete users. Suspended users can be reactivated; deleted users will be permanently removed.

  1. Log into the Control Panel
  2. Navigate to ​Settings > Users & Roles
  3. Locate the user you would like to suspend or delete
  4. Under Actions, click Edit > Suspend or Delete
important

Be cautious when deleting or suspending users whose API credentials may be included in your integration – this could break your connection to Braintree and result in failed transactions. To avoid potential issues, we recommend creating an API user for the sole purpose of using their API keys for your integration.

Still have questions?

If you can’t find an answer, contact our Support team.


← Back to Previous Page