Alliance Lite 2 2 Guide

Connectivity
Alliance Lite 2.2
Administration Guide
This guide describes how to perform Alliance Lite administration tasks. These tasks include configuring users, adding
your system's reference data, and generating various reports. This guide is for the personnel who have been assigned
the role of Alliance Lite administrator in your particular organisation.
18 November 2011
Alliance Lite 2.2
Table of Contents
1 Introducing Alliance Lite ............................................................................................................................. 3

1.1 What is Alliance Lite? ............................................................................................................................... 3
1.2 What Does the Web Interface Provide? ................................................................................................ 4
1.3 What Does AutoClient Provide? ............................................................................................................. 5
1.4 How is Alliance Lite Packaged? .............................................................................................................. 6
2 Getting Started ................................................................................................................................................. 7

2.1 Start Up Process ....................................................................................................................................... 7
2.2 Routine Procedures ................................................................................................................................ 15
2.3 Alliance Lite Certificate Renewal .......................................................................................................... 17
3 Navigating the Alliance Lite User Interface ....................................................................................... 22

3.1 How Tabs and Menus Work .................................................................................................................. 22
3.2 How Fields on Data Entry Windows Work .......................................................................................... 22
3.3 How Help Works ...................................................................................................................................... 22
4 Managing Users ............................................................................................................................................. 24

4.1 Setting Up Users ..................................................................................................................................... 25
4.2 Maintaining Users ................................................................................................................................... 40
5 Adding and Maintaining Your Reference Data ................................................................................ 46

5.1 Adding a Bank/Institution ....................................................................................................................... 46
5.2 Adding an Account .................................................................................................................................. 48
5.3 Adding a Relationship Management Application (RMA) ................................................................... 50
5.4 Adding a Financial Instrument ............................................................................................................... 51
5.5 Maintaining Bank/Institution Details ..................................................................................................... 52
5.6 Maintaining Account Definitions ............................................................................................................ 54
5.7 Maintaining RMA Relations or BICs ..................................................................................................... 55
5.8 Setting and Modifying Restrictions ....................................................................................................... 57
5.9 Maintaining Financial Instruments ........................................................................................................ 58
6 Configuring the Alliance Lite Modules ................................................................................................ 60

6.1 Number of Approvals .............................................................................................................................. 61
6.2 Maintaining Configuration Parameters ................................................................................................ 61
7 Reporting .......................................................................................................................................................... 64
7.1 Generation and Format Options ........................................................................................................... 64
7.2 Reporting Toolbar ................................................................................................................................... 65
7.3 Generating a Standard Admin Report ................................................................................................. 65
7.4 Generating a Filtered Admin Report .................................................................................................... 66
7.5 Using Report Profiles .............................................................................................................................. 67
7.6 Export Report ........................................................................................................................................... 70
.Legal Notices ...............................................................................................................................................................73
2 Administration Guide
Introducing Alliance Lite
1 Introducing Alliance Lite
1.1 What is Alliance Lite?

What are the components of Alliance Lite?
Alliance Lite is an Internet-based solution aimed at low-volume financial institutions, corporates,
investment managers, funds distributors, and transfer agents that want to connect to SWIFT
easily and securely. You can use Alliance Lite to send and receive message transactions using
the FIN, FileAct, or InterAct services over SWIFTNet.
Alliance Lite includes a Web interface and AutoClient. Your organisation can use either of both
of them for manual or automated operations.
• The Web interface: Use the Web interface that has message data entry and business
features if your organisation prefers to manually process a low number of message
transactions per day.
This interface offers a web experience for sending and receiving message transactions, with
a focus on the initiation of multi-bank payments, cash reporting, foreign-exchange, and funds
and securities transactions. Alliance Lite customers who have ordered Browse services can
also connect to Browse from the Web interface. For more information, see "What Does the
Web Interface Provide?" on page 4.
The Web interface can also monitor the status of message transactions that have been
initiated through AutoClient.
• AutoClient: Use AutoClient if your organisation has business applications and wants to
enable these applications to send and receive message transactions in an automated way.
For more information, see "What Does AutoClient Provide?" on page 5.
Types of services
Alliance Lite offers two types of services:
• Live service: You use this service to send live business messages and files. This service is
also called Production service.
• Test service: You use this service to exchange FIN Test and Training messages and
FileAct/MX Pilot files. Other benefits of this service are as follows:
– New Alliance Lite users can try the Alliance Lite service in a safe environment before using
the Live service. Messages and files that users exchange over the Test service have no
financial consequences.
– Existing Alliance Lite users can exchange test messages and files with a new
correspondent to learn how to send and process messages and files properly.
– Pilot customers can test new Alliance Lite releases.

The Test service has the following additional benefits for Alliance Lite:
– Users can create and maintain accounts for banks, institutions, and financial instruments
without impacting the Alliance Lite Live system.
– Users can use AutoClient for both FIN Test and Training and FileAct/MX Pilot services.
– Users can assign roles to other users for test purposes.
18 November 2011 3
Alliance Lite 2.2
You can view only live messages and files in the Live service and only test messages and files
in the Test service. The Test service is a simulation of the Live service, and you cannot send,
view, or process a live message or file in the Test service. Messages or files that you send from
the Test service are marked as test or pilot so that recipients of these transactions do not
process them as live messages or files.
Who are Alliance Lite users?

There are three categories of Alliance Lite user:
• Administrator. See "What Can Alliance Lite Administrators Do?" on page 4.
• User, uses Alliance Lite for the creation, update, approval, sending, and receiving of
messages and files to and from SWIFT. For more information, see the Alliance Lite User
Guide.
• AutoClient user (with access to the account that runs AutoClient) with a USB token. For
more information, see the Alliance Lite AutoClient Installation and User Guide.
1.2 What Does the Web Interface Provide?

Users of the Alliance Lite Web interface
The following types of user perform tasks in Alliance Lite through the Web interface:
• administrators that are responsible for sensitive tasks (for example, user creation and
defining what tasks users can do)
• users that perform day-to-day operations (for example, message creation, monitoring and
approval
Each administrator and user has a personal USB token and password.
1.2.1 What Can Alliance Lite Administrators Do?

What can Administrators do with the Alliance Lite Web interface?
For each organisation that uses Alliance Lite, SWIFT configures two administrators.
For the most critical administrator tasks, an approval by the other administrator is required
before the action can take effect.
The Alliance Lite administrators are responsible for user management of both the Live and Test
services.
An administrator's functions fall into two main categories, as shown in the following table.
User setup tasks Define a user for each Alliance Lite user.
Assign each user roles, and maintain them.
Create and maintain a corresponding USB token for each user.
Generate reports related to roles, user entitlements, and security audit trails.
Assign RBAC user roles using SWIFTNet Online Operations Manager (only
available if your institution has subscribed to a Browse service).
Reference data Select the RMA relations or BICs that your organisation wants to transact with (for
creation tasks Live services only).
Introducing Alliance Lite
Define bank and institution account numbers for use by users.
Set daily and individual approval amount limits.
Enter details for all of the banks and institutions that your organisation deals with.
Enter details for all of the financial instruments that your organisation deals with.
1.2.2 What Can Alliance Lite Users Do?

What can users do with the Alliance Lite Web interface?
You can use the Alliance Lite Web interface to access some or all of the following functions. For
more information, see the Alliance Lite User Guide.
The functions that are available to users depend on the user permissions that the Alliance Lite
administrator allocates. According to their permissions, users can perform the following tasks:
• create or initiate message transactions (from scratch, or from a predefined template).
• create and modify message transaction templates.
• approve (sign) message transactions ready for transmission to correspondents.
• reject message transactions or return them for modification.
• view incoming message transactions.
• monitor and confirm the status of message transactions, from creation to final delivery,
including those transactions handled by AutoClient.
• generate reports on message transactions or file transfers.
• access Browse services that are offered on SWIFTNet. This function is only available if your
institution has subscribed to one or more of these Browse services.
A user may have the permission to create message transactions, but may not have the
permission to approve these message transactions. Another user may have the permission to
create and approve message transactions, including their own.
1.3 What Does AutoClient Provide?

Automated file-based communication
AutoClient is an application that provides automated file-based communication to and from FIN,
FileAct, and InterAct (MX) services that enables your organisation to send and receive standard
message transactions (MT and MX). Through the Web interface an Alliance Lite user can
monitor the status of these message transactions that have been initiated through AutoClient.
The user can also configure the AutoClient USB token and AutoClient role.
Note MX files are sent using the CSV format.
18 November 2011 5
Alliance Lite 2.2
1.4 How is Alliance Lite Packaged?

The Welcome box
SWIFT delivers a Welcome box to the person who is identified as the first Alliance Lite
administrator. This box contains 10 USB tokens, a CD with the software, and Quick Start cards.
SWIFT creates an initial "bootstrap" certificate for each of the two Alliance Lite administrators,
and stores their certificate on their USB token. By separate e-mail, SWIFT then sends the two
administrators their password that protects their USB tokens.
On receipt of the Welcome box and the e-mail, the first administrator can start the installation
and bootstrap process. For more information, see "Register with Alliance Lite on First Use" on
page 9. This process replaces the bootstrap certificate with a new certificate. The certificate
is based on a new public and private key pair generated locally on the USB token. At the first
logon, the administrator must change the password that protects the token.
Generating the certificate and key pair on the tamper-proof token ensures that the private key is
completely secret. The key is not known to any other party, not even SWIFT. Only a person that
has a valid token and knows the password associated with this token can use Alliance Lite.
Firewall security
SWIFT strongly advises that you use a firewall between the Alliance Lite workstations (both the
Alliance Lite Web interface (browser) and the AutoClient) and the Internet. For Alliance Lite to
function, the firewall must allow outgoing TCP connections from one or more Alliance Lite
workstations towards www.swiftalliancelite.com (for Live service) and to
test.swiftalliancelite.com (for Test service) on the standard port for SSL/HTTPS (tcp/443). No
incoming connections are required, and SWIFT recommends that users block all incoming
connections from the Internet.
Note If you are using a local (host based) firewall on the computer that runs AutoClient,
then it must be configured to accept a local connection between two AutoClient
processes on this computer (localhost port 8000). This TCP connection flow is
required for AutoClient to function normally.
If you have a firewall setup on your system, and if you encounter problems accessing Alliance
Lite because of this, then configure your firewall to recognise the following IP addresses:
• IP 194.78.35.134 (TCP port 443)
• IP 194.78.35.135 (TCP port 443)
• IP 194.78.35.136 (TCP port 443)
• IP 194.78.35.137 (TCP port 443)
• IP 194.78.35.153 (TCP ports 80 and 443)
• IP 194.78.35.154 (TCP ports 80 and 443)
Getting Started
2 Getting Started
2.1 Start Up Process

What is involved
This section explains how to get started with Alliance Lite:
1. Install Java: This is a one-off setup procedure that you must do before you install the
driver for the USB tokens.
2. Install the driver for the USB tokens: This is also a one-off procedure that you must do to
have the necessary software to configure and read the certificates on USB tokens.
3. Register with Alliance Lite by re-initialising the certificate on your USB token. This is a one-
off procedure that you must do on first use of the application to recode the certificate on
your USB token. For more information, see "Register with Alliance Lite on First Use" on
page 9.
4. Log on to Alliance Lite.
5. Change the password that protects the USB token. See "Change Your Password Before
Its Expiry" on page 15.
Related routine procedures

This section describes routine procedures, for example, changing your password on its expiry,
using your password to sign important actions, and logging off from Alliance Lite.
2.1.1 Install Java

Why is this necessary?
Java 1.5.0_05 or a higher version is a pre-requisite for viewing the Alliance Lite Web
interface. SWIFT recommends that you install your version of Java, as detailed in the following
procedure, before installing the driver for the Alliance Lite USB tokens.
Note Java installation is not a requirement for a PC on which you are only installing
Alliance Lite AutoClient.
You may already have a version of Java installed, in which case, you must check the version. If
you do not have a recent enough version, then you must download it from the Java website and
configure it.
To check whether you already have the Java installed

1. Click Start and select Settings > Control Panel > Java.
The Java Control Panel appears.
2. Click the General tab, and click About .

Check which version and build of Java is installed.
If you do not have at least Java version with build 1.5.0_05, or you do not have Java
installed at all, then you must install it.
18 November 2011 7
Alliance Lite 2.2
To download and install Java

• Access the latest Java software from the internet using the following URL: http://java.com.
To configure the settings for Java

The installer automatically configures Java for Alliance Lite but you can also configure the
setting manually. If you installed Java after the driver of the Alliance Lite USB token, then you
must configure Java as follows:
1. Click Start and select Settings > Control Panel > Java.
The Java Control Panel appears.
2. Click the Advanced tab to open the Settings window.
3. Expand the Security settings, and do as follows:
• Clear the Use SSL 2.0 compatible ClientHello format box and select the Use SSL 3.0
box.
• Select the Use TLS 1.0 box.
4. Click Apply and OK .
2.1.2 Internet Explorer Settings for Export Report

Settings
Enable the following settings:
1. Open Internet Explorer.
2. From the Tools menu select Internet Options > Security > Trusted Sites > Custom
Level.
In the section ActiveX controls and plug-ins, set Automatic prompting for ActiveX
controls to Enabled.
In the section Downloads, set Automatic prompting for file downloads to Enabled.
Note Updates to Internet Explorer may reset these settings (for example, resetting
the general security level for Trusted Site to 'Medium' or higher can disable
these two settings) . If you experience problems with report exports, then
check that these settings have not been reset.
2.1.3 Install Driver for USB Tokens

Prerequisites and other considerations before installing the driver
The following are pre-requisite requirements that you must have before you install the SafeNet
driver for the Alliance Lite USB tokens:
• You must have Windows Administrator privileges, and your Operating System must be one of
the following:
– Windows XP SP2 or SP3 (32-bit)
– Windows Vista SP1 or SP2 (32-bit)
Getting Started
– Windows Server 2003 SP2 (32-bit, for Alliance Lite AutoClient only)
– Windows 7 (32-bit, 64-bit)
– Windows Server 2008 R2 (64-bit)
• Your browser must be Internet Explorer 7 or 8.
• You must have the Windows Administrator All Access permission on the folder in which
you install the driver.
Note The installation of the driver for the Alliance Lite USB tokens overwrites all existing
SafeNet software that you may have installed on your PC.
If your PC uses an application that also uses USB tokens for identity management
or certificate storage, then SWIFT recommends that you do not install Alliance Lite
on that PC because it could make the other application unusable.
To install the driver for the Alliance Lite USB tokens

1. Remove all USB tokens from the machine.
2. Insert the CD that is labelled Alliance Lite 2.0 in the CD drive.
3. Double-click AllianceLite-install.exe.
(On Windows Vista that has User Account Control enabled, click allow to run the
program.)
The Alliance Lite Installer appears, and indicates that the data is being unpacked. This
may take 2 to 3 minutes.
When the data is unpacked, a Welcome page indicates what you must do next.
4. Click Next to install the driver for the USB tokens.

If you also want to install Alliance Lite AutoClient at the same time as the driver, then select
the box to install.
5. Accept the licence terms and click Next .

The next window indicates the location of the Alliance Lite installation and the location of
the USB token drivers. Then the installation begins.
If you are also installing AutoClient, then you can select the parameters that relate to
AutoClient in the next window. For more information, see the Alliance Lite AutoClient
Installation and User Guide.
When the installation is complete, a message prompts you to restart your computer, either
immediately or later.
6. Click your preferred Restart option and click Finish .
2.1.4 Register with Alliance Lite on First Use

What is registration?
When you log on for the first time as an Alliance Lite administrator, you must complete the
"bootstrap registration" process. The second Alliance Lite administrator must also do this. This
is a one-off process that initialises your administrator token and generates a PKI certificate on
the token.
18 November 2011 9
Alliance Lite 2.2
Important The second administrator must perform the same registration process, using their
own USB token and their initial password, immediately after the first administrator.
To log on to and register with Alliance Lite for the first time
1. Insert one of the blue-labelled Administrator USB tokens in a free USB port of a PC that
has an internet connection. You must also have installed on this PC the SafeNet driver for
the USB tokens.
Note On inserting a USB token, a SafeNet message confirms that a token is

inserted. Right-click the Token icon in the Windows Taskbar to read the
Certificate Information that is stored on the USB token.
2. Close any Internet Explorer windows that are currently open, and then open your browser
to enter this URL:
http://www.swiftalliancelite.com
You can also enter the URL first and then insert the USB token.
The Welcome to Alliance Lite window appears.
3. Click Go to Alliance Lite .

The Token Login window appears.
Note To register with Alliance Lite, you must log on to the Live service (not to the
Test service).
4. Enter the password that SWIFT sent to you by e-mail.

If you entered the correct password for the token, then the secure connection to the
Alliance Lite Central Infrastructure is established over the Internet, and the Alliance Lite
log on window appears.
Getting Started
Note A Java applet is used to access the Alliance Lite USB token. Java can also
prompt for the password to download the applet. Depending on your security
setting, a confirmation pop-up may appear. Verify the information displayed on
the pop-up and click Run to continue.
5. Click Log in Alliance Lite .

The Token Login window appears again.
6. Re-enter the password that SWIFT sent to you by e-mail.

This action authenticates you to the central infrastructure. If you have entered the correct
password, then the registration process starts.
7. Follow the instructions on the screen.

The application asks you to change the password of your USB token. The old password is
the password that SWIFT sent you by e-mail. The new password must only be known by
you. For more information about changing passwords, see "Change Your Password Before
Its Expiry" on page 15.
The final screen of the wizard indicates that you have successfully finished, and that a new
certificate is now present on the token.
8. Click Close to close the wizard and then log on again with the new password:
The Set Restrictions window appears, in which you must set restrictions for the future use
of the application by the users. For more information about the restriction settings, see
"Setting and Modifying Restrictions" on page 57.
9. To complete the registration process, select or enter the appropriate value for the following
fields:
• Base Currency: if different from the default EURO currency

This is the currency in which the limits are defined.
• Time Zone: if different from the default time zone

This is useful to display dates and time in your own time zone.
18 November 2011 11
Alliance Lite 2.2
• Instruction Daily Limit: establishes the total amount that a single user, with the
Approver role or the Approver Own role, can approve in one day.
This limit is expressed in the base currency that you select.
You must enter a value other than 0 (zero). This limit is not applicable to users that have
the Approver Unlimited role or the Approver Own role.
• Instruction Individual Limit: establishes the total amount that an individual user, with
the Approver role or the Approver Own role, can approve for a single transaction.
This limit is expressed in the base currency that you select. If payment is in another
currency, then a conversion is made based on an internal conversion table. The
exchange rates are updated every month
You must enter a value other than 0 (zero). This limit is not applicable to users that have
either the Approver Unlimited role or the Approver Own Unlimited role.
• Click Add .
The Alliance Lite home page appears. For more information, see "Log on to Alliance Lite
on a Daily Basis" on page 12.
The second administrator (Administrator 2) must review the restrictions by completing the same
procedure with the other Administrator USB token. Then both administrators are ready to use
the administrator functions of Alliance Lite.
The two initial Alliance Lite administrators are also registered on www.swift.com and will have
received a password from SWIFT to use that account on www.swift.com. This password and
account on www.swift.com are different from the administrator's password and user ID on
Alliance Lite.
Alliance Lite administrators must keep their contact details (phone number, e-mail address) up-
to-date in their individual account profiles on www.swift.com. This is required because SWIFT
must always have the correct contact details of each Alliance Lite administrator.
After the two Alliance Lite administrators have registered with Alliance Lite for the first time
(have completed "Register with Alliance Lite on First Use" on page 9), SWIFT recommends that
they assign at least one extra user that can act as an Alliance Lite administrator (a third
administrator). This is very useful when one of the two original Alliance Lite administrators is
unavailable (for example, on holiday) or forgets a password or loses a token, because certain
actions can only be done if two administrators are present. For more information, see
"Managing Users" on page 24.
2.1.5 Log on to Alliance Lite on a Daily Basis

Daily log on Procedure
This section describes a normal daily logon, using the password that you gave yourself after
initial registration and the Administrator token. This is one of the routine procedures.
To log on to Alliance Lite after registration

1. Insert the USB token into a free USB port of the PC on which you installed the SafeNet
driver for the USB tokens. The PC must have access to the Internet.
2. Close any Internet Explorer windows that are currently open, then open the browser and
enter the following URL to access the Alliance Lite application:
http://www.swiftalliancelite.com
The Welcome to Alliance Lite page appears.
Getting Started
3. Click Go to Alliance Lite to log on to the Live service or click Go to Test to log on to the Test
service.
The Token Login window prompts you to enter your password.
4. Enter your password and click OK .

The Alliance Lite logon page appears.
Note A Java applet is used to access the Alliance Lite USB token. Java can also
prompt for the password to download the applet. Depending on your security
setting, a confirmation pop-up may appear. Verify the information displayed on
the pop-up and click Run to continue.
5. Click Log in Alliance Lite .

The Token Login window reappears.
6. Re-enter the password entered at Step 4.

You can now connect securely to Alliance Lite. The Alliance Lite home page appears.
You can access all Alliance Lite administrator functions.
Note Alliance Lite user sessions are pre-set to time out after 10 minutes of inactivity.
If a timeout occurs, then the system automatically logs you off, and you lose
any unsaved changes.
Your interface home page

On successful log on, the Alliance Lite home page appears with a link to online training. This
page is the working area from which you can navigate to the different administrator tasks. The
number of tabs and main menus that you see reflects the number of permissions SWIFT has
granted to you.
The following screen shows the default range of the possible tabs for an Administrator:
18 November 2011 13
Alliance Lite 2.2
If your institution has subscribed to a Browse service (for example, TARGET2), then the
Alliance Lite administrators can also see the Browse over SWIFTNet tab on the Alliance Lite
home page.
For more information about how you can customise the Run automatically at log on options
and the interface, see "Customising a Toolbar of Shortcuts" in the Alliance Lite User Guide.
To log on to Browse over SWIFTNet

1. Click the Browse over SWIFTNet tab, and this brings up the Browse menu.
This Browse over SWIFTNet tab is only visible if your Alliance Lite administrators have granted
you the Browse over SWIFTNet role.
Alliance Lite home page
2. Click Browse > Start.

The Browse home page appears, and you are now connected to the Browse over
SWIFTNet environment of Alliance Lite.
Getting Started
During the first logon to Browse with a user token, the system initialises your token for
Browse usage and this may take a few minutes. The logon process goes faster the next
time you log on to the Browse over SWIFTNet environment with this same token.
Note The Alliance Lite administrators can use SWIFTNet Online Operations Manager
to grant/ungrant RBAC roles to users with the Browse over SWIFTNet user role.
Non-administrators are not able to see the SWIFTNet Online Operations
Manager link in the available Browse Services list. For information about using
SWIFTNet Online Operations Manager to assign and approve RBAC roles, see
section "Assign and Approve RBAC Roles for Browse over SWIFTNet Users" on
page 32.
2.2 Routine Procedures

2.2.1 Change Your Password Before Its Expiry
Passwords have expiry dates
During the registration process, Alliance Lite forces you to change your Alliance Lite USB token
password from the one that SWIFT initially issues you. Thereafter, you must change your
password at least once a year.
Users can also renew their own passwords so that you do not have to do this on their behalf.
All users can change their passwords at any time before they expire. There is no limit to the
number of times that you can change a password.
For more information about when and how you change a password when you or another user
has been locked out, see "Renew a USB Token" on page 42.
18 November 2011 15
Alliance Lite 2.2
Note Passwords must be at least four characters long, and can consist of any upper
and lower case alphanumeric character or a special character. A password
must be different from the five previously used codes. If you do not change your
password before its expiry, then Alliance Lite forces you to change it the first time
you try to use it following its expiry.
To change your own Alliance Lite administrator USB token password

1. From the Utilities tab, select Change Password and the Modify option.
The Change Password window appears.
2. In Old Password, enter your current password.
3. In New Password, enter a new password.
4. In Confirm Password, confirm your new password.
Note You have up to five attempts to enter and correctly confirm a new password,
after which Alliance Lite automatically disables the USB token. In such a case,
contact SWIFT to generate a new USB token.
You can also renew your USB token when there are two other administrators
that have been successfully configured in Alliance Lite.
5. Click Save to save the information or Reset to clear all fields.
2.2.2 Use Your Password to Sign Important Actions: Token

Login Window
Rationale
You must enter your password to "sign" your action when you create, modify, approve, or delete
certain data in Alliance Lite. An electronic signature is calculated on the token, using your
personal private key that never leaves the token. The system then sends this electronic
signature to the Alliance Lite server at SWIFT. This prevents the action from being tampered
with, and provides irrefutable proof that it is you who initiated the transaction.
To sign an action
1. When you click a button to initiate an action that requires signing, the Token Login window
appears prompting you to enter your password.
Token Login window
2. Type your current password and click OK .
Getting Started
3. Click OK to acknowledge the success message.
2.2.3 Log off from Alliance Lite

To log off from Alliance Lite
• Click Log Off on the top right corner of the window.
You have now disconnected an active session of Alliance Lite.
Note SWIFT recommends that you log off before removing the USB token.
2.3 Alliance Lite Certificate Renewal

2.3.1 Certificate Expiry Warning
Certificate renewal in two modes
Certificates on Alliance Lite tokens have a lifetime of 2 years. When a certificate expires, you
can no longer use the token to log on to Alliance Lite. To continue using Alliance Lite, you must
renew the certificate.
You can perform the certificate renewal process in either of these two modes:
1. Warning mode: When the user certificate expiry is within the next 120 days, Alliance Lite
displays a certificate renewal notice page at logon. At this stage, you have the choice to
proceed with the renewal or to defer it to a later time.
2. Automatic mode: When the user certificate expiry is within the next 100 days, you must
renew the certificate at logon time.
2.3.2 Certificate Renewal Process

Renew certificate in warning mode
The Alliance Lite Certificate Renewal notice page appears.
18 November 2011 17
Alliance Lite 2.2
Note Alliance Lite certificates can only be renewed on the Live system. When you
see the Certificate Renewal notice on the Test system, you must renew the
certificate on the Live system.
2. Click Renew Now if you want to renew the certificate now.

The Alliance Lite certificate renewal screen appears.
Note The pane in the upper left corner of the screen shows the stage of the renewal
process in parallel with the stage that you are going through.
3. Click Next .
The Retrieving initial secrets from SWIFT window appears.
Getting Started
4. Enter your token password in the Token password field.
5. Click Next .
The Generate keys on the token window appears.
18 November 2011 19
Alliance Lite 2.2
When the generating keys process is done, the Finished successfully window appears.
Getting Started
You have completed the certificate renewal process and will be directed to the Alliance Lite
home page.
Renew certificate in automatic mode

The Alliance Lite Certificate Renewal window appears.
2. Click Next .
The Retrieving initial secrets from SWIFT screen appears. See step 2 of section "Renew
certificate in warning mode" on page 17.
3. Follow steps 3 to 5 of section "Renew certificate in warning mode" on page 17 to complete

the certificate renewal process.
Upon completion of the certificate renewal, you will be directed to the Alliance Lite home
page.
2.3.3 Certificate Renewal for AutoClient

Warning mode
Certificate renewal for AutoClient only has the warning mode.
When the AutoClient user receives a balloon pop-up warning in terms of certificate expiry when
starting AutoClient with a token, the user must contact the Alliance Lite Administrator to renew
the certificate. For more information about renewing a certificate, see section "Renew a USB
Token" on page 42 .
18 November 2011 21
Alliance Lite 2.2
3 Navigating the Alliance Lite User Interface

How to use the Alliance Lite user interface
This section explains how to perform the following tasks:
• Use the main components of the interface, which include the application's tabs, menus, and
fields.
• Use data selection and pop-up filter windows. See "How Fields on Data Entry Windows
Work" on page 22
• Access Alliance Lite Help.

For more information about the Alliance Lite user interface, see the following information in the
Alliance Lite User Guide:
• To use the application's filter windows to select data more precisely, see "How to Navigate
the Field Data."
• To create a customised toolbar of shortcuts for the tasks that you use most frequently, see
"Customising a Toolbar of Shortcuts".
3.1 How Tabs and Menus Work

Hierarchy of navigation items
Tabs are the highest level of navigation, with menus at the next level, followed by menu items
within menus.
Click a tab to select it. When selected, the tab displays the various menus or functions. Click a
menu to select it. Additional menu options may appear.
When you select a tab, a menu, or a menu item, the background colour changes from white to
blue.
3.2 How Fields on Data Entry Windows Work

Visual conventions for fields
All data entry windows use the following conventions:
Greyed out fields Indicate protected fields that appear by default. You cannot change a
greyed-out field because other screen data depends on this field.
Fields shaded in Blue Indicate mandatory fields to complete.
Fields shaded in White Indicate optional fields to complete.
Fields with ... Indicate that multiple options are available, from which you must select an
option using filter criteria.
3.3 How Help Works

Using online help
The Help link is available from any page in Alliance Lite.
Navigating the Alliance Lite User Interface
To access Help in Alliance Lite

• Click Help in the top right-hand corner of the Alliance Lite application.
Clicking the Help button displays the Alliance Lite Administration Guide and Alliance Lite
User Guide documents (in pdf format).
18 November 2011 23
Alliance Lite 2.2
4 Managing Users
Overview of how to manage users
A user role determines what you can and cannot do and what the user can access within
Alliance Lite.
Two Administrators are provided by default. It is strongly recommended that a third
Administrator be created as an optional backup:
• Administrator 1 establishes user roles and performs user administration.
• Administrator 2 approves and maintains users.
• Administrator 3 is an optional (but recommended) Lite user that is used in the unavailability of
Administrator 1 or Administrator 2.
The following lists the tasks that Administrator 1 must do to manage users:
• Set up a user by doing the following:
– define a unique user profile
– assign roles to the user
– create a USB token for the user

Then Administrator 2 must approve the user.
Administrators can also maintain user profiles, as follows:
• view users (the user list)
• view the user list, and modify users if necessary
• review user's certificate expiry
• renew and revoke USB tokens
• delete users
Administrator 3 is an optional user, however, SWIFT recommends the creation of this user
Providing access to Alliance Lite Live and Test service

The Administrators can create the following user types:
• Lite Live users: The administrator configures these users on the Live service (use
Go to Alliance Lite for logon).
• Lite Test users: The administrator configures these users on the Test service (use Go to Test
for logon).
If the Administrators have access to the Live service, then they can create a user on the Test
service by completing the following steps:
1. Create the user on the Live service and assign the user a token.
2. Create the user on the Test service with the same User ID that was used in the previous
step. The administrator does not assign a token for Test service.
You can access the Test service using the Lite Live token.
Managing Users
If administrators have access to the Live service, then the functions to create or renew
tokens will not be available when they access the test service.
If the Administrators have access to the Test service only, then to create a user on the Test
service they must first create the user on the Test service and then assign a token to the
user.
4.1 Setting Up Users

4.1.1 Overview
A four-stage process to set up users
At a high level, creating an account for a user involves four stages:
1. Define the user by entering a unique User ID and User name for the user.
2. Assign one or more roles to the user.
3. Initialise a USB token for the user.
4. Approve the user. The second administrator performs this action.
Note At each stage, you must do the following:
1. Click Update .
2. Sign your action by entering your password in the Token Login window.
3. Click OK to acknowledge and clear the success message.
4.1.2 Define a User

To define a user
1. From the Admin tab, select Users and the Add option.
A User window appears with the User Group field populated with your organisation's BIC,
which is either a financial institution BIC or a non-financial institution BIC. The Status field
is populated with the current status. The serial number is generated automatically by the
system when the token for this user is created.
18 November 2011 25
Alliance Lite 2.2
2. In the User ID field, type a short name of up to eight characters. The information is
displayed in upper case.
If you set AutoClient, then type AUTOCLNT in this field.
3. In the Username field, type the user's full name.

If you set AutoClient, then type AutoClient in this field.
4. (Optional) Complete the e-mail Address. This e-mail information is currently not used by
Alliance Lite.
5. In the Password and Confirm New Password fields, enter a 6-character password. This
password is currently ignored but is required for entry purposes at this time.
6. In the Locale field select the date format and decimal separator character (dot or comma)
for use in messages fields.
The format can be as follows, where dd = day, mm = month, and yyyy = year:
• dd/mm/yyyy - dot
• mm/dd/yyyy - dot
• dd/mm/yyyy - comma
7. Approver Type is currently not used and must be left empty.
8. Select the Administrator check box, only if you want to assign an Alliance Lite
Administrator role for this User ID (for example, Administrator 3).
Alliance Lite administrators are privileged users, and can manage (add or modify) other
users. If you select the Administrator check box, then take the following steps:
• In E-mail Address type the user's e-mail address (step 4).
• Register the user on www.swift.com under your BIC code. This action is necessary
because SWIFT must always have the contact details for Alliance Lite administrators. To
register a user, select Register Now on the www.swift.com home page. For more
information, see the Swift.com Registration and Administration User Guide on
www.swift.com.
9. Click Add .
The Token Login window appears.
Note An error message is displayed if any mandatory information is missing.
10. Sign your action (see "Use Your Password to Sign Important Actions: Token Login
Window" on page 16). This action creates a non-repudiation record of the action for future
reference.
11. A success message appears showing the name of the user that you created. Click OK to
acknowledge the success message.
The User screen appears showing the user you have just created:
Managing Users
The following buttons are available:
Click To
Update allows you to save data entered into this window
Add Function Roles opens the Roles window where you assign roles to the user
Remove Function Roles opens the Roles window where you delete roles to the user
Reset clear all data. If you click Reset before you click Add , then the
data you enter is not saved, and the user is not added.
Create Token opens the Create Token window where you initialise a user USB
token
12. From this screen you can perform the following tasks:
• Add or Remove Function Roles (see "Assign User Roles" on page 29).
• Create a Token for the User (see "Create a USB Token for a User" on page 36).
Complete any actions that are required.
13. Click Update to save any changes to the user information.
4.1.3 Define a User for AutoClient

To define the User for AutoClient with automatic approval
1. From the Admin tab, select Users and the Add option.
A User window appears with the User Group field populated with your organisation's
financial institution BIC or non-financial institution BIC, and the Status field populated.
Note The User Group field is configured during the SWIFT configuration for your
organisation.
2. In the User ID field, enter AUTOCLNT.

This is a unique user ID solely intended for the AutoClient.
18 November 2011 27
Alliance Lite 2.2
3. In the Username field, enter AutoClient.
4. Do not select the Administrator check box.
5. Repeat Steps 4 through 13 of "Define a User" on page 25.
Setting up Automatic/Manual of FIN Messages Approval for AutoClient

If your organisation has installed Alliance Lite AutoClient, then you set the approval method as
follows:
• If you want AutoClient to perform automatic approvals of messages uploaded by

AutoClient, then you must:
– create the unique AUTOCLNT User ID for AutoClient
– Assign the AUTOCLNT user the ACAUTO role.
• If you want users to perform manual approvals of messages uploaded by AutoClient, then
you must::
– create the unique AUTOCLNT User ID for AutoClient
– Assign the AUTOCLNT user the ACCREATOR role.
To enable AutoClient for testing

To test with AutoClient, you must also define the AUTOCLNT user on the test system of
Alliance Lite. The procedure to define the AUTOCLNT user is as follows:
1. With your administrator token, log on to the test system of Alliance Lite
(www.swiftalliancelite.com > Go to Test).
2. From the Admin tab, select Users and then the Add option.
3. In the User ID field, enter AUTOCLNT. This must be the same User ID as defined on the
live system
4. In the Username field, enter AutoClient.
Note Do not select the Administrator check box.
5. Repeat Steps 4 through to 13 of "Define a User" on page 25 but do not create a token.
Note Tokens can only be created on the live system. The same token is shared
between the AUTOCLNT user on the live system and the AUTOCLNT user on
the test system.
You can grant different roles on the test system. For example, you can enable
automatic approval for AUTOCLNT on the test system while keeping manual
approval for AUTOCLNT on the live system.
4.1.4 Set Up a Separate Test User for AutoClient

Overview
With the standard AUTOCLNT user and token, you can start AutoClient in test mode or in live
mode. You make the choice between the two modes at startup time of AutoClient (see the
Managing Users
AutoClient Installation and User Guide). You only need one token for the test and live
AutoClient environments, but you have to alternate between the two operations.
If you want to test with AutoClient without needing to alternate between test and live modes,
then you must set up a separate test user and token for AutoClient called AUTOTEST.
To set up a separate test user and token for AutoClient

1. On the live Alliance Lite system, from the Admin tab, select Users > Add.
2. In the User ID field, enter AUTOTEST.
Note This is a unique user ID solely intended for the AutoClient test.
3. In the Username field, enter AutoClient Test.
Note Do not select the Administrator check box.
4. Repeat Steps 4 through to 13 of "Define a User" on page 25. Create a token for the
AUTOTEST user.
Note You do not need to assign roles to the AUTOTEST user because the roles
assigned to the AUTOCLNT user will be used automatically. Any roles you
assign to the AUTOTEST user will be ignored.
5. Log off from the live system and log on to the test Alliance Lite system
(www.swiftalliancelite.com > Go to Test).
6. Define the AUTOTEST user on the Alliance Lite test system (by repeating the above steps
1 through to 4 on the test system, but do not create a token).
Note For the test token AUTOTEST to work, you must have already defined the
AUTOCLNT user. An AUTOTEST user without an AUTOCLNT user does not
work.
Once the AUTOTEST user is defined, you can no longer use the AUTOCLNT
token to start AutoClient in Test & Training mode (this will give an error). In other
words, after AUTOTEST is defined, the AUTOCLNT token can only be used for
live AutoClient operations.
4.1.5 Assign User Roles

Why roles are assigned
SWIFT pre-configures the two Alliance Lite Administrator roles, and then you, as an
administrator can assign roles to your users. Several roles may be assigned to the same user.
Later on, you can modify the role assignments.
Note It is not necessary to assign roles to the AUTOCLNT User ID other than the ones
defined in the previous section.
Your choice of pre-defined roles

At a minimum, you need a user that can create messages, and one that can approve
messages. If you have installed Alliance Lite AutoClient and require automatic approvals of all
18 November 2011 29
Alliance Lite 2.2
its messages, then you need to create an AutoClient user (AUTOCLNT) with only the ACAUTO
role. The following table details all the possible roles that you can assign.
Role Permission to
Creator create and modify messages
Approver approve or reject messages within predefined limits
Approver Own approve messages created by themselves
Approver Unlimited approve messages without a limit check
Approver Own Unlimited approve messages created by themselves without a limit check
Viewer Cash Reports view cash messages and generate cash reports.
Viewer Payment view payment messages and generate payment reports.

Reports
Viewer Treasury view treasury messages and generate treasury reports.

Reports
Viewer Funds Reports view funds messages and generate funds reports.
Viewer Securities view securities messages and generate securities reports.

Reports
Viewer Asset Holdings view asset holding reports.

Reports
AC Auto Approval automatically approve all messages sent to SWIFT through AutoClient
- this role can only be assigned to the AUTOCLNT user that you create
specifically to use the USB token for AutoClient, and has no effect when
assigned to any other user
AC Creator manually approve all messages sent to SWIFT through AutoClient

- this role can only be assigned to the AUTOCLNT user that you create
specifically to use the USB token for AutoClient, and has no effect when
assigned to any other user
Browse over SWIFTNet log on to the Browse over SWIFTNet environment of Alliance Lite. This role
is only visible if the customer (institution) has subscribed to a Browse service
on SWIFTNet.
Template Management create, modify, and manage message templates
Viewer Inbox/Outbox view messages and files in the Alliance Lite inbox and outbox and download
messages in bulk for local archival
To add roles to a User

1. Continuing from the "Define a User" on page 25, on the User window, click
Add Function Roles to add roles.
The Add Function Roles window appears containing the list of possible user roles that can be
added to the user.
Managing Users
2. Click the roles appropriate to your user and then move them with the buttons provided ( >> ,
> ) to the Selected Items pane, bearing in mind the note below.
Note You must only select the AC Auto Approval role for the AUTOCLNT User ID if
your organisation wants automatic approval of all messages handled by
AutoClient. Your next stage then is to configure the USB token for the
AUTOCLNT user.
However, if your organisation has installed AutoClient, but wants one or more
of your users to use the Alliance Lite interface to manually approve messages
handled by AutoClient, you must select the AC Creator role. In this case,
Your next stage then is to configure the USB token for the AUTOCLNT user.
You should not assign AutoClient roles to non-AutClient users.
Note To perform tasks in Browse, the user must have the Browse over SWIFTNet
user role.
3. Click Save and then click OK to acknowledge the "User roles updated successfully"
message.
4. When the User Window appears, click Update to complete the process.
Now you must create a USB token for the user, as explained in "Create a USB Token for a
User" on page 36.
To remove roles from a User

1. Continuing from the "Define a User" on page 25, on the User window, click
Remove Function Roles to remove roles.
The Remove Function Roles window appears with a list of the roles that are associated
currently with the user.
2. Click the roles you want to remove in the Selected Items pane and then remove them with
the buttons provided ( << , < ) .
3. Click Save and then click OK to acknowledge the "User roles updated successfully"
message.
4. When the User Window appears, click Update to complete the process.
18 November 2011 31
Alliance Lite 2.2
4.1.6 Assign and Approve RBAC Roles for Browse over

SWIFTNet Users
User with Browse over SWIFTNet role
In some Browse services, subroles can be assigned to users to determine what the user is
allowed to access within the Browse service. These are called RBAC roles (RBAC = Role-
Based Access Control). To perform tasks in Browse, users with the Browse over SWIFTNet
user role must have the RBAC roles assigned by an Alliance Lite administrator. The second
administrator must approve the roles.
To assign RBAC roles to a Browse over SWIFTNet user, do the following

1. On the Browse home page, click Browse Services > SWIFTNet Online Operations
Manager.
The SWIFTNet Browse Confirmation window appears indicating that you must enter your
password. You will be required to enter your password twice.
2. Enter your password.
3. Click OK .
The system starts the Authenticating process.
When the authentication completes, the SWIFTNet Online Operations Manager window
appears.
Managing Users
4. Click Security > Role Management.

The following window appears that displays a tree view with user nodes and the Role
Information pane on the right side of the window.
18 November 2011 33
Alliance Lite 2.2
Note Alliance Lite creates the SWIFTNet identity (Distinguished Name) for an
Alliance Lite user that has the Browse over SWIFTNet role automatically in
the following pattern:
cn=<USERID>, ou=users, o=<BIC8>, o=swift.
In this DN, <BIC8> is the 8 characters of your institution's BIC8, <USERID> is
the User ID of the user in Alliance Lite (see "Define a User" on page 25),
converted to lowercase.
Example
cn=john, ou=users, o=bankbebb, o=swift
This identity will be displayed when you double click a user on the tree view to
display the role information for that user.
5. Double-click a user on the tree view and assign both the %1 and %2 the necessary RBAC
roles.
The %1 and %2 nodes relate to the high available configuration of the two Alliance Lite
servers. It is important that you grant the same roles to both %1 and %2. The easiest way
of doing this is to double-click to select both %1 and %2 in the tree view so that they are
displayed on the right side of the screen. You can then use the Group Grant function to
assign the same roles to both %1 and %2 at the same time.
6. Expand the roles in the Role Information pane as needed.
7. For each role, select the corresponding checkbox to grant the role (to ungrant a role, clear
the corresponding checkbox).
When you do a modification, a light icon appears above the checkboxes.
This window looks like the following:
Managing Users
Note The meaning of these roles is decided by the third party Browse service
provider (for example, TARGET2). You must follow the guidelines provided by
your service provider to understand and set the right roles.
8. Click Save .
The system prompts you to enter your password.
9. Enter your password and click OK .

The 4-Eyes Token window appears providing you with a 4-eyes token number that the
second administrator needs to approve the roles that are assigned to the user. It also
provides additional information about the token. An example 4-Eyes Token is as follows:
10. Click OK to complete the RBAC role assigning procedure.
To approve the assigned RBAC roles

1. On the SWIFTNet Online Operations Manager window, click Security > 4-eyes
Authorisations.
2. In the text box as indicated on the screen, type or paste the token that the first
administrator received at the end of the procedure for assigning the RBAC roles.
18 November 2011 35
Alliance Lite 2.2
3. Click Retrieve .
The details of the action to authorise appear in the right pane.
4. Verify the details and click Authorise .

The Operation Successful confirmation window appears.
5. Click OK .
For more information about SWIFTNet Online Operations Manager, see the SWIFTNet
Online Operations Manager User Guide.
4.1.7 Create a USB Token for a User

Why USB tokens are created
User security is set up on a USB token that you issue to each Alliance Lite user. This USB token
must have a unique certificate generated on it that is also linked to a specific User ID and the
organisation's BIC.
The USB token provides the user with secure external access to Alliance Lite. This means that
users do not have to enter a User ID and Password internally to log on to the application itself.
To create a USB token for a user

1. From the User window, click Create Token .
After a few seconds the first Welcome window appears.
Managing Users
2. Click Next , and wait until the second Initial secrets window prompts you to enter your
administrator password.
3. Enter your administrator password and click Next .

A SWIFT progress bar appears to indicate that the system is sending the request for an
Initial Secret. Then the third Certificate window appears to indicate that you must change
USB tokens.
4. Complete the instructions in the following prompts:
18 November 2011 37
Alliance Lite 2.2
• remove your administrator USB token from its USB port on your computer
• in the same USB port, replace your token with a new USB token for the user that you are
defining.
Note You must swap tokens. You cannot insert a new USB token in one USB
port and leave the Admin USB token in its existing port. Before inserting a
new USB token, wait until the SafeNet Borderless Security icon in the
Windows tray tells you it recognises that the USB token was removed: the
icon has a red line across it.
When a USB token is inserted SWIFT recommends waiting until the
SafeNet Borderless Security icon changes in the Windows tray: an icon
without a red line across it.
A SWIFT progress bar appears informing you that the system is going to initialise and store
new certificate information on the USB token.
On detection of the user's USB token, the Certificate window prompts you to enter and
confirm a new password for the user.
5. Click Next to display the password entry window.
6. In User Password and Confirmation, enter the same new password for your user, and
click Next , when it becomes enabled.
The password must be at least four characters long.
A SWIFT status bar shows the progress of the key being generated on the USB token.
When the Certificate window informs you that the certificate was correctly stored on the
user's token, and you can swap tokens again.
7. Remove the user's USB token and replace it with your administrator USB token.
Managing Users
Tip Before re-inserting your administration USB token, wait until the SafeNet
Borderless Security icon in the Windows tray tells you it recognises that the
USB token was removed: the icon has a red line across it.
8. When the Finished window appears, click Close to complete the token creation process
and close the Token Management wizard.
When the certificate on the USB token is successfully linked to a user, Create Token
disappears and two news buttons are enabled on the User window. Use these buttons as
follows:
• Revoke Token to remove the certificate of the user from the list of authorised certificates,
so breaking the link between it and the user.
• Renew Token to erase the existing certificate and data on the USB token and then create
a new certificate with a new Serial Number.
9. On the User window, click Update .
10. In the Login Token window sign your action and click OK . A "User update successful"
message appears.
11. Click OK to clear the "User update successful" message.

The User now has the EN status for Waiting approval. Also, the Serial Number field in the
User window contains the serial number of the certificate generated by the Token
Management process.
Now the second administrator must approve the user. However, as the first administrator, you
can more efficiently also repeat Steps 1 to 3 of the previous process, so that you set up all your
Users first. Then ask the second administrator to approve all new users in one go.
4.1.8 Approve a User

Why must a user be approved?
The second administrator must approve any user created by the first administrator - and the
other way around. This acts as a security mechanism to prevent an administrator single-
handedly creating a user.
Tip It is simplest and quickest to approve all new users created by the first
administrator at the same time from the same window.
To approve a user
1. Insert your USB token in a free USB port and log on to Alliance Lite.
2. From the Admin tab, select Users and the Approve option.
A filter window prompts you to specify a sort order.
3. Click Enter at the bottom of the window to list all user records entered in the system, or
enter filter criteria and Enter to list specific user records.
This list contains all User IDs that you can approve, such as: User IDs that were entered by
another administrator and that are in one of the following states:
18 November 2011 39
Alliance Lite 2.2
• EN = Entered (Waiting approval)
• PW = User ID is locked out. This state appears for a user ID that was previously
approved and has been locked out by the system. For example, because the user has
tried to log in with his token from one browser window, while they were still logged in
another browser window. In such cases, the system preventively locks out the user. The
user cannot log in again until the administrator re-approves him (the user's token does
not have to be renewed).
4. Check the box against a user with the EN status, or PW status and click Approve at the top
of the user list.
5. Enter your password on the Token Login window.

A success message appears to tell you the user has been approved.
6. Click OK to clear the message.
Important The User now has the approved status (AP, or AA for the AUTOCLNT user). The
first administrator must repeat the same three stage process for each user that you
both want to add to your system. Then the second administrator must approve
each new user.
4.2 Maintaining Users

What is involved in user maintenance?
The following lists what you must do to maintain user profiles:
• View users (the user list), see "View the User List" on page 41
• View the user list, and modify a user if necessary, see "Modify Users" on page 41
• Renew or reset a USB token, see "Renew a USB Token" on page 42
• Revoke a USB token, see "Revoke a USB Token" on page 43
• Delete a user, see "Delete a User" on page 43
• Check token expiry, see "Check Token Expiry" on page 44
Managing Users
4.2.1 View the User List

To view the list of users
1. From the Admin tab, select Users and the View option.
enter filter criteria and Enter . The user list appears:
This list contains all User IDs against their User Names and their current status:
• AA = AutoClient Approved
• AP = Approved
• PW = User ID is locked out.
Note The Application column is for internal use. The flag is set to N by default, but
it will be set to Y automatically when a role is assigned to the user.
The user list information can be sorted by selecting a column header.
4.2.2 Modify Users

To modify a user's details and role assignments
1. From the Admin tab, select Users and the Modify option.
enter filter criteria and Enter . The user list then appears.
3. Click the user whose details you want to modify.

Note that you cannot see your own User ID in the list, or modify your own user information.
Details for the selected user display in the User window.
4. Modify details as appropriate, and if appropriate click Add Function Roles or

Remove Function Roles and change the selection of roles on the Roles window.
For more information about fields on this window, see "Assign User Roles" on page 29.
5. When the changes are complete click OK to clear the success message.
6. On the User window, click Update and enter your password in the Token Login window.
A success message tells you the user's details were successfully updated.
18 November 2011 41
Alliance Lite 2.2
7. Click OK to clear the success message.
Note If the modified user is an Alliance Lite administrator (Administrator check box is
selected in the User window), then maintain this user's contact details on
www.swift.com.
SWIFT must know at all times the contact details for each Alliance Lite
administrator. The user can do this by logging in to www.swift.com with his
swift.com account, and updating the user profile.
4.2.3 Renew a USB Token

Why and when?
The certificate on all USB tokens must be renewed before its expiry date, or when a USB token
is damaged. Furthermore, if a user enters the password five times incorrectly the token is locked
and the user receives the message: "Signing failed: Password is permanently locked",
which means that the USB token must re-initialise. If the user tries to log in with a locked token
the following message may also appear: "The Password is permanently blocked. It cannot
be used". Also, for security reasons it may be necessary to overwrite the existing certificate on
the USB token. In this case, as an administrator, you can reissue or renew a USB token.
You can only renew a user's USB token if a user profile was previously set up for the user,
including creation of their USB token. Otherwise the Create Token button on the User window for
a particular user is disabled (or Create Token is displayed if the token has not been set).
To renew a USB token for a user

3. Click the user whose USB token you want to renew.

Details for the selected user appear in the User window.
4. Click Renew Token .

The first Welcome window appears.
5. Repeat Steps 2 and 3 of "Create a USB Token for a User" on page 36.
For this procedure, you must:
• remove your administrator USB token from its USB port on your computer
• replace it with the USB token for the selected user (if it has not been lost).
The administrator can use any disposable token (blank token, token locked, token from
deleted user). During the "Renew Token" process, the certificate of the lost token is
revoked. If the user retrieves his lost token he cannot use it to log in to Alliance Lite.
The Certificate window tells you that all information about the USB token will be erased.
6. Click Next when this button is enabled.
7. Follow the prompts to enter a new password for the user and confirm that password.
A SWIFT status bar shows the progress of the new key being generated on the USB token.
Managing Users
Then the Certificate window informs you that the certificate was correctly stored on the
token of the user, and you can swap tokens again.
8. Repeat Steps 7 through 10 of "Create a USB Token for a User" on page 36.
The User now reverts to the EN status for Entered (Waiting approval), and the Serial
Number field in the User window contains the serial number of the certificate generated by
the SafeNet USB token renewal process.
Note The second administrator must now approve this action, see "Approve a User" on
page 39.
4.2.4 Revoke a USB Token

Why and when?
When you want to terminate a user in Alliance Lite, you only have to revoke the certificate on
their USB token.
Warning You must have at least two valid Alliance Lite administrator tokens at all times. Do
not accidentally revoke an administrator's token.
You may want to revoke a USB token when a user loses their USB token and needs another
one. If the user finds their USB token, and it is undamaged, then you can renew the certificate
on the found USB token.
To revoke a USB token

3. Click the user whose USB token you want to revoke.

Details for the selected user display in the User window.
4. Click Revoke Token .

A pop-up window appears specifying "Revoking Token for User: <user name>".
5. Click OK to clear the "Revoking Token for User: <user name>" message.
The User window clears the Serial Number field, and the User now has the EN status for
Entered (Waiting approval).
4.2.5 Delete a User

Linked to revoking a user's USB token
When you want to remove a user from Alliance Lite, you only have to revoke the certificate on
the user's USB token. For more information, see "Revoke a USB Token" on page 43.
The following procedure deletes the User name from the user list.
To delete a User
1. From the Admin tab, select Users and the Delete option.
18 November 2011 43
Alliance Lite 2.2
Warning At all times, you must have at least two Alliance Lite administrators.
enter filter criteria and Enter to list specific user records.
This list contains all User IDs against their User Names and their current status (except the
user who is logged in):
• AA = Approved AutoClient
• AP = Approved
• PW = User ID is locked out.
3. Check the box against the user whose details you want to delete and click Delete .
You are then prompted to enter your password in the Token login window to delete the
user.
A message tells you "User XXX' was deleted successfully". Details for the selected user
disappear from the user list.
Note If the deleted user also has an account on www.swift.com, then you may want to
delete this user's account there, if they no longer require access to www.swift.com
on behalf of your organisation (for example, they left the organisation). This is
especially important if this user was an Alliance Lite administrator or had privileged
access to www.swift.com.
4.2.6 Check Token Expiry

Check tokens that will expire
1. From the Admin tab, Select Users and then the View option.
2. Check Token Certificate Expiry
• To get a list of all the user records entered in the system, click Enter at the bottom of the
window.
The user list appears with all the users. The token expiry information is shown in the
Token Certificate Expiry column.
Managing Users
• To look for the token expiry for a specific user, enter the filter values and click Enter . The
user list appears that lists the user you are looking for with the token expiry information
in the Token Certificate Expiry column.
18 November 2011 45
Alliance Lite 2.2
5 Adding and Maintaining Your Reference

Data
Overview of what is involved
This section details the organisational information that an Alliance Lite administrator can set up
and maintain with regard to providing the system's bank/institution reference data. This includes
the following:
• Bank/Institution - this includes name and address information for each BIC you want to
transact with, for identification purposes within your organisation. It also specifies the
Distinguished Name (DN).
• Account - details of accounts available to each BIC that you have added to the system
• Set Restrictions - the limits on the total transaction amounts that are permitted to be
approved (sent) by a user at both a daily and individual level. Set up during the first login
performed by the Administrator.
• RMA - the relationships used when launching automatic authorisation to deal with each of the
BICs your organisation wants to transact with.
• Financial Instrument - identification of Financial Instruments used in transactions.
5.1 Adding a Bank/Institution

How is this data used?
Bank/Institution details are pre-filled in all message type forms when a user selects a Bank
Code. This includes the identifying code itself, the bank or institution's full name and all address
details. The Bank Code that you add in the following procedure is used when adding account
definitions in the next stage of setting up your bank/institution information.
To add details for a particular bank/institution

1. From the Admin tab, select Setup > Client Setup > Bank/Institution and the Add option.
The Bank/Institution window appears.
Adding and Maintaining Your Reference Data
2. Complete mandatory fields as follows:
• In Bank Code, enter a "friendly" 8-character code as your reference for the bank
Note SWIFT recommends using the BIC code for uniformity and easy retrieval.
• In Bank Name, enter the full name of the bank
• Ignore Bank Group
• In International BIC, select the 8 or 11 digit code by clicking ...
Note if you add a bank in the Test service, you must type the FIN Test and
Training BIC (BIC0) of that bank. The BIC0s are not listed in ... .
• The Distinguished Name is automatically filled when you select the International BIC
in the previous step. You can change the default Distinguished Name manually. This
field is optional.
However, if your bank is going to exchange Funds messages, then the bank must define
a Distinguished Name.
Note If you want to use a bank or institution for exchanging Funds messages and
this bank or institution was already defined in a version prior to R2.0, then
you must update the Bank's data to enter its Distinguished Name. The
Distinguished Name field has been introduced in R2.0.
Note For the Test and Training system, the GUI will automatically populate the
Distinguished Name based on the BIC. However, on Test and Training the
BIC ends with a 0. This means that the automatically generated
Distinguished Name will be: o=bic0,o=swift. which is not valid. Be aware
that when creating a bank for Test and Training, the user must update the
automatically generated Distinguished Names to set the BIC8 instead of
the BIC0.
• For Country, click ... to select the country two letter code.
18 November 2011 47
Alliance Lite 2.2
3. Complete optional fields as follows:
• In Bank Address, enter the necessary details using up to four lines (maximum of 255
characters)
• In *Bank Info, enter additional free text data if required.
4. Click Add to add this bank data to the database: a message tells you that the bank details
were entered successfully.
Alternatively click Reset to clear all entered details.
Note The second Alliance Lite administrator does not have to approve this data.
You can modify the original value of the International BIC, Country, Bank
Address, Bank Info, and Distinguished Name fields after initial entry.
5.2 Adding an Account

You must initially define account definitions for each bank (BIC8) that you have defined as
entities that you want your organisation to deal with. Definitions can be created to define a
specific account such as a cash account or investment account.
How is this data used?

Account details are auto-populated in all message type forms when a user selects an Account
Number. This includes the account number itself, the Account Name, and the related Bank
Name. The message is sent to the bank linked to the account used in the message.
To add an account definition

1. From the Admin tab, select Setup > Client Setup > Account and the Add option.
The Account window appears with the correct User Group (BIC) identified.
2. Complete mandatory fields as follows:
• In Bank Code, click ... to select the code from the list of bank codes that your
organisation has added. (As added in "Adding a Bank/Institution" on page 46).
Tip Use the page arrows and, or the filter features on the listing to jump to
codes close to the ones that you want. For example, enter the first two
letters of a code and select "Starts with" in the Search field to display all
entries in the system containing those two letters.
• In Account Number, type the number. For example, the IBAN. This number must match
the one that your bank uses in its Cash Reporting messages.
• In Account Name/Owner, type a "friendly" name for how your organisation wants to
refer to this account.
However, this name is not used when sending the transaction.
• In Client Account Name, type the name or owner of this account.
• In Extended Account Name/Owner (350 char), type the extended name of this account
or owner information.
• In Account Type, select the account type from the drop-down list. The options available
are cash account and investment account.
• Against Currency Code, click ... to select the currency from the currency list or select
the Multi Currency check box.
If you select the currency from the currency list, then the currency must match the one
that your bank uses in its Cash Reporting messages.
Important A multi-currency account is an account with a single account number

holding more than one currency. You can set up multi-currency accounts
only once and mark the account explicitly as multi-currency. When you send
payment instructions with multi-currency accounts, you must be able to
change the currency of the (debit) amount to any currency, which is not
possible with single-currency accounts. You can receive MT 900, MT 910,
MT 940, MT 942, and MT 950 messages for multi-currency accounts.
Reporting transactions and balances for the different currencies is also
possible with multi-currency accounts.
• Against Country, click ... to select the country from country list.
3. Complete the optional bank address fields as required.
4. Click Add to save this account data. A message tells you that the account details were
entered successfully.
Alternatively click Reset to clear all entered fields.
Note The second Alliance Lite administrator does not have to approve this data.
You can modify the original value of the Bank Code, and Account Number fields
after initial entry.
18 November 2011 49
Alliance Lite 2.2
5.3 Adding a Relationship Management Application

(RMA)
What is an RMA relation, and why are RMA relations added?
In terms of Alliance Lite, an RMA relation is a contact that you establish with a counterparty. An
RMA relation is between your BIC and your counterparty's BIC.
As an administrator, you can add, view, and delete data related to RMA relations.
When you add an RMA relation in Alliance Lite, you are sending a special message over the
SWIFT network to your counterparty. This message is called an RMA authorisation. This
message grants your correspondent the permission to send you SWIFT messages. Alliance Lite
remembers that you have done this, by listing each new correspondent with the
RECEIVE_FROM status in the RMA relation list. This status indicates that you are ready to
receive messages from that correspondent.
When you add a contact, your organisation can transact with that correspondent or BIC, and
they can send transactions to your organisation. Similarly when other bank entities want to
establish dealings with your organisation, no special action is required. A new RMA relation is
added in your list of RMA relations.
When a correspondent rejects or deletes an RMA authorisation that you send, the
correspondent no longer appears in RMA relations list.
Alliance Lite users can request that you, as an administrator, add a new RMA to the system.
Note Certain operations related to managing RMA relations require the signature or
approval of another administrator.
Customers can not exchange RMA authorisations in the Test and Training
environment of Alliance Lite. Customers can send Test and Training FIN messages
to the counterparty without the need for a prior RMA exchange.
To add an RMA relation

1. From the Admin tab, select Setup > Client Setup > RMA and the Add option.
The Add Contact window appears. It contains two fields, one of which is the pre-filled My
own BIC field which contains your organisation's BIC.
2. Next to Correspondent BIC, click ... to display the selection list of BICs entered in your
system.
Tip: Use the page arrows and or the filter features on the BIC list to jump to codes close to
the ones that you want. For example, select the Starts With option and in the Search field,
enter the first two letters of a BIC and click Search to find all entries starting with those two
letters.
3. Select the appropriate BIC and click it once to make the selection list disappear and for the
BIC to appear in the Correspondent BIC field in the Add Contact window.
4. From the Add Contact window, click Add to save the new contact.
A "Record saved successfully" message appears.
5. Click OK to clear the success message and to display the Add Contact window.
Note For more information, see "View Your List of RMA Relations" on page 56. Errors
during the processing of adding or deleting an RMA relation are logged on the
Alliance Lite server. When an error occurs, a message appears giving a reference
as to why the request failed. If you have to investigate the failure further, then
quote this reference to SWIFT who can then search for it in the log file.
5.4 Adding a Financial Instrument

This function allows you to add any Financial Instruments used in your transactions to your
reference data. A Financial Instrument is identified by its International Securities Identification
Number (ISIN).
To add a Financial Instrument

1. From the Admin tab, select Setup > Client Setup > Financial Instrument and the Add
option.
The Add Financial Instrument window appears.
Enter the ISIN of the Financial Instrument.
18 November 2011 51
Alliance Lite 2.2
Enter the Financial Instrument Name. This is optional.
2. Click Add to save the new Financial Instrument entry.

A "Record saved successfully" message appears.
3. Click OK to clear the success message and to display the Add Financial Instrument
window.
5.5 Maintaining Bank/Institution Details

What does maintenance of bank/institution details involve?
You must complete various details for each bank or BIC that you add to your system. This
allows you to more easily identify and distinguish one bank code from another. In relation to
maintaining that bank reference data, you can:
• View, see "View Bank/Institution Details" on page 52
• Modify, see "Modify Bank/Institution Details" on page 53
• Delete, see "Delete Bank/Institution Details" on page 53
5.5.1 View Bank/Institution Details

To view reference data for a particular bank/institution
1. From the Admin tab, select Setup > Client Setup > Bank/Institution and the View option.
2. To view all bank/institution data in the system, click Enter .

The bank/institution list displays in Read Only mode showing all existing banks and
institution detailed in the system. Each bank/institution is listed with their Bank Name, Bank
Code, and User Group.
3. Use the Page buttons or Filter criteria to jump to a particular bank/institution entry.
4. Click a particular bank/institution entry once to view its details in the Bank/Institution
details window.
Details for the selected bank/institution display in Read Only mode.
5. Click Back to return to the bank/institution list.
5.5.2 Modify Bank/Institution Details

To modify details for a bank/institution
1. From the Admin tab, select Setup > Client Setup > Bank/Institution and the Modify
option.
2. To view all bank/institution data in the system, click Enter .

The bank/institution list appears showing all existing banks and institutions detailed in the
system. Each bank/institution is listed with their Bank Name, Bank Code, and User Group.
3. Use the Page buttons or Filter criteria to jump close to the bank entry that you want to
modify.
4. Click an entry once to display its details in the Bank/Institution details window.
5. Modify details as required. For more information, see "Adding a Bank/Institution" on

page 46.
6. Click Update to save the modified bank/institution data to the database.

A "Record updated successfully" message appears.
Note The second administrator does not have to approve a modification of bank/
institution data.
5.5.3 Delete Bank/Institution Details

To delete reference data for a particular bank/institution
1. From the Admin tab, select Setup > Client Setup > Bank/Institution and the Delete
option.
2. To view ALL bank/institution data in the system, click Enter .

The bank/institution list appears showing all existing banks and institutions detailed in the
system. Each bank/institution is listed with their Bank Name, Bank Code, and User Group.
3. Use the Page buttons or Filter criteria to jump close to the bank entry that you want to
delete.
4. Check the box against the particular bank/institution entry that you want to delete and click
Delete .
A "Record deleted successfully" message appears.
Note There is no undo for this action.
18 November 2011 53
Alliance Lite 2.2
5.6 Maintaining Account Definitions

What does maintenance of account definitions involve?
For maintenance purposes, you can view, modify, delete, undelete, and reassign account
definitions.
5.6.1 View Account Definitions

To view an account definition
1. From the Admin tab, select Setup > Client Setup > Account > View.
A filter window appears.
2. Click Enter to view all account definitions in the system, or use the filter criteria to locate
account definitions.
3. Use the Page buttons to jump to a particular account definition.
4. Click a particular account definition once to view its details in Read Only mode in the
Account details window.
5. Click Back to return to the account definitions list.
5.6.2 Modify an Account Definition

To modify an account definition
1. From the Admin tab, select Setup > Client Setup > Account > Modify.
The account definitions list appears, displaying the account definitions for a particular bank.
3. Use the Page buttons to jump you to a particular account definition.
4. Click a particular account definition once to view its details in Modify mode in the Account
details window.
5. Modify details as you require. For more information about the fields, see "Adding an
Account" on page 48.
6. Click one of the following buttons:
• Update to save the modified account data to the database. A message indicates that the
record was successfully updated.
– Click OK to clear the success message.
• Reset to reset to the original value all entered fields.
• Back to return to the account definitions list.
Note The second administrator does not have to approve a modification of account
definition information.
5.6.3 Delete Account Definitions

To delete an account definition
1. From the Admin tab, select Setup > Client Setup > Account > Delete.
The account definitions list appears, displaying the account definitions for a particular bank.
3. Use the Page buttons to jump you to a particular account definition.
4. Select the checkbox against the account definition that you want to delete and click Delete .
A message indicates that the record was successfully deleted.

The account record disappears from the account list.
5.6.4 Undelete Account Definitions

To undelete an account definition
1. From the Admin tab, select Setup > Client Setup > Account > Undelete.
2. Click Enter to view all deleted account definitions in the system, or use the filter criteria to
locate account definitions.
3. Select the checkbox against the account definition that you want to undelete (recover).
4. Click the Undelete button above the filter window.

The "Record undeleted successfully" message appears.
5. Click OK .
The account that you have just undeleted disappears from the deleted account definitions
list. This account now appears again in the list of the account definitions in the system.
You can verify the recovery of the account through the View option.
5.7 Maintaining RMA Relations or BICs

What does maintaining RMA relations involve?
In relation to maintaining RMA relations, you can do the following:
• Add a new RMA relation, see "Adding a Relationship Management Application (RMA)" on
page 50
• View the list of RMA relations that you have initiated and check what organisations have sent
requests to deal with your organisation
• Delete RMA relations that your organisation no longer needs.
18 November 2011 55
Alliance Lite 2.2
5.7.1 View Your List of RMA Relations

Overview
By viewing your current list of all RMA relations entered in Alliance Lite, you can effectively use
the list to search for a particular BIC entry, and check when the contact was created.
View also activates received authorisations that you must view before a relation is effective.
Note The same BIC8 may be displayed several times because the BIC Directory List of
SWIFT contains for some BIC8s multiple bank names.
To view your system's list of RMA relations

1. From the Admin tab, select Setup > Client Setup > RMA and the View option.
The list of all existing RMA relations contained in your system appears in Read Only mode.
Each Bank BIC lists with its Bank Name, Bank Country Code, and Direction.
In the Direction column, note the following:
• a BIC with the RECEIVE_FROM status indicates your organisation sent an

Authorisation-to-Send to this BIC8, so you can receive transactions from that
organisation
• a BIC with the SEND_TO status indicates your organisation received an Authorisation-
to-Send from this BIC8, so you can send transactions to that organisation
For more information, see "Adding a Relationship Management Application (RMA)" on
page 50.
2. Use the Page buttons to jump you close to a particular RMA relation that you want to
check.
5.7.2 Delete an RMA Relation

When do you delete a contact?
Deleting an RMA relation means that your organisation no longer wants to carry out business
transactions with a particular bank entity that you previously established contact with. This
effectively means that bank entity can no longer send transactions to your organisation in future,
and your organisation will not receive transactions from them.
To delete an RMA relation or BIC

1. From the Admin tab, select Setup > Client Setup > RMA and the Delete option.
The list of all existing RMA relations contained in your system appears. Each Bank BIC is
listed with its Bank Name, and Bank Country Code.
2. Use the Page buttons to jump you close to a particular RMA relation that you want to
delete.
3. Check the box against any RMA relation entry or entries that you want to delete and click
Delete .
The RMA relation record disappears from the list of RMA relations.
5.8 Setting and Modifying Restrictions

Why set and then modify restrictions?
The Set Restrictions window allows you to set or modify restrictions for all currencies and
one time zone only. This window also allows you to limit the total amount of an individual
transaction, and to limit the total amount for all transactions any individual user can issue in one
day.
These restrictions are initially set during the "bootstrap process" when the first administrator
registers with Alliance Lite for the first time. You never normally have to change any of these
restrictions after the "bootstrap process".
To modify restrictions on daily and individual transaction limits

1. From the Admin tab, select Setup > Client Setup > Set Restrictions and the Modify
option.
The list of all existing restrictions contained in your system appears in Read Only mode.
Each User Group lists with its Base Currency, Time Zone, Instruction Daily Limit, and
Instruction Individual Limit.
2. Use the Page buttons to jump you close to a particular restriction that you want to modify.
3. Click a User Group restriction once to display the values entered during the "bootstrap
process" in the Set Restrictions window.
4. Modify any of the following restrictions as follows:
• Base Currency - click .... to display the list of currencies in the system, and click an
appropriate new currency code once for it to re-populate the field
• Time Zone - select the appropriate time zone your organisation operates within
• Instruction Daily Limit - enter the total amount a single user can approve in one day
• Instruction Individual Limit - enter the total amount that an individual user can approve
for a single transaction.
Note You must enter a value other than 0 (zero) for each of these limits. If you make
a mistake, then click Reset to start again.
5. Click Update to save this data to the system.
6. A success message appears. It lists a success status for each of the limits that you
complete.
7. Click OK to clear each success message.
Note The second administrator does not have to approve modified restrictions.
18 November 2011 57
Alliance Lite 2.2
5.9 Maintaining Financial Instruments

What does maintenance of Financial Instruments involve?
In relation to maintaining Financial Instruments, you can view, modify, delete your Financial
Instruments.
5.9.1 View Financial Instruments

To view your list of Financial Instruments
1. From the Admin tab, select Setup > Client Setup > Financial Instrument and the View
option.
The list of all existing Financial Instruments contained in your system appears in Read Only
mode.
2. Use the Page buttons or Filter criteria to jump to a particular Financial Instrument entry.
5.9.2 Modify a Financial Instrument

To modify a Financial Instrument
1. From the Admin tab, select Setup > Client Setup > Financial Instrument and the Modify
option.
The list of all existing Financial Instruments contained in your system appears in Read Only
mode.
2. Use the Page buttons or Filter criteria to jump to a particular Financial Instrument entry.
3. Click a particular Financial Instrument once to view its details.

Modify details as you require. For more information about the fields, see "Adding a
Financial Instrument" on page 51.
4. Click one of the following:
• Update - to save the modified data. A message tells you the record was successfully
updated.
– Click OK to clear the success message.
• Reset - to reset to original values all entered fields.
• Back - to return to the account definitions list.
5.9.3 Delete a Financial Instrument

Delete a Financial Instrument
1. From the Admin tab, select Setup > Client Setup > Financial Instrument and the Delete
option.
The list of all existing Financial Instruments contained in your system appears.
2. Use the Page buttons to jump you close to a particular Financial Instrument that you want
to delete.
3. Check the box against any Financial Instrument entry or entries that you want to delete and
click Delete .
The Financial Instrument record disappears from the list.
18 November 2011 59
Alliance Lite 2.2
6 Configuring the Alliance Lite Modules

Overview
This section details how the Alliance Lite administrator can modify specific configuration
parameters, for each of the modules of Alliance Lite. The parameters include the following:
• Required Number of Approvals

When an instruction or message is created on the Alliance Lite web interface, an approval is
always required before the message is sent to the correspondent. By default, the required
number of approval is one (a minimum of one person has to approve the message before the
message is sent). However, the required number of approvals can be configured between
one and six. If the required number of approvals is more than one, then each message must
be approved by more than one person before the message is sent. The required number of
approvals can be defined independently for Payments/Treasury module, Funds module,
Securities module, and Inbox/Outbox module
• System Prepares Draft Status and Confirmation for Received Order

When your institution receives a Funds order on Alliance Lite (that is, you act as a Funds
Transfer Agent), then by default, Alliance Lite will automatically create a draft of the status
and a draft of the confirmation for that order. The automatic creation of the draft of the status
or the confirmation saves time and effort when you want to send the status or confirmation
using the Alliance Lite web interface. The automatically created drafts contain relevant
information copied from the incoming order (for example the ISIN). These drafts are visible
when you select Enter from existing order , in the Statuses menu and Confirmations menu of
the Funds Management module. However, the automatic creation of drafts can be turned off
when you create the status or confirmation using the AutoClient, wherein turning off the
automatic generation will avoid the display of unused drafts in the reports.
Note This configuration parameter is only applicable to the Funds Management

module, and is only relevant if your institution receives Funds orders on Alliance
Lite (that is act as a Funds Transfer Agent).
Configuring the Alliance Lite Modules
Required number of approvals can be defined for different modules of Alliance Lite:
6.1 Number of Approvals

Configuring the number of approvals
The Alliance Lite administrator can configure the number of approvals before a message is sent.
The number of required approvals can be configured for each of the below message modules:
• Payments/Treasury
• Funds
• Securities
• Inbox/Outbox
The minimum required number of approvals for each message is one, which provides 4-eyes
control (one creator and one approver). Alliance Lite can be configured for up to six approvals
per message, which would be 14-eyes control (one creator and six approvers).
Alliance Lite administrators can configure the approval limits for the Alliance Lite modules. For
more information, see "Setting and Modifying Restrictions" on page 57
An approver can approve a message only once. After an approver has approved a message,
the message does not appear in the approver's list of messages that are awaiting approval. If
the message has not received the required number of approvals, then the message is flagged
as Incomplete Approval, and other approvers can view the message in their list of messages
awaiting approval. Other approvers can then approve the message. If the required number of
approvals are received, then the message is flagged as Approved, and is automatically sent.
An audit trail, listing all the approvers that have approved the message is maintained. For more
information on how to access the audit trail for each message, see the Alliance Lite User Guide.
6.2 Maintaining Configuration Parameters

What does maintenance of configuration parameters per module involve ?
You can update the default settings of the configuration parameters in Alliance Lite and
configure the system to meet your needs.
18 November 2011 61
Alliance Lite 2.2
6.2.1 View Configuration Parameters

To view the values of the configuration parameters
1. From the Admin tab, select Setup > Client Setup > Configure Modules > View.
The configuration parameters window appears. The configuration window shows the
configuration parameters for each of the message module. By default, the Payments/
Treasury module appears.
2. Click the message module tab to view the configuration parameters of that module.
The following table details the configuration parameters that can be viewed for each of the
message modules:
Message Configuration parameters

module
Payments/ required number of approvals (default 1)

Treasury
Funds required number of approvals (default 1)

prepare draft status and confirmation for the orders received (default yes)
Securities required number of approvals (default 1)
Inbox/ required number of approvals (default 1)

Outbox
6.2.2 Modify Configuration parameters per module

To modify the values of the configuration parameters
1. From the Admin tab, select Setup > Client Setup > Configure Modules> Modify.
The configuration parameters window appears. The configuration window shows the
configuration parameters for each of the message module. By default, the Payments/
Treasury module is displayed.
2. Click the message module tab to view the configuration parameters of that module.
Configuring the Alliance Lite Modules
The following table details the configuration parameters that can be viewed for each of the
message modules:
Message Configuration parameters

module
Payments/ required number of approvals (minimum 1, maximum 6)

Treasury
Funds required number of approvals (minimum 1, maximum 6)

prepare draft status and confirmation for the orders received
Securities required number of approvals (minimum 1, maximum 6)
Inbox/ required number of approvals (minimum 1, maximum 6)

Outbox
3. Update the details.
4. Click Update to save the modified configuration.

A "Record updated successfully" message appears.
5. Click OK to acknowledge the success message.
18 November 2011 63
Alliance Lite 2.2
7 Reporting
Types of Admin reporting
As an administrator, the Admin tab allows you to access the following types of report:
• Roles reports to list role allocations against each or selected users in your system
• User Entitlements reports to list the functions assigned and against each or selected users
in your system
• Security Audit Trail reports to list Token Creation and Password allocation against each or
selected users in your system.
7.1 Generation and Format Options

Generation options
You have the following options when generating a report:
• Standard report. This option gives you a predefined report generated on an entire database
table.
• Filter report. This option gives you a tailored report for which you specify selected criteria on
a standard filter window, for example for a particular time period.
• Profile report. This option gives you a report based on criteria that you filter and then save so
you can use the criteria for another purpose.
Format options
In terms of the output format in which you want to generate your report, you have the following
options:
• Print Report - to a designated printer
• Export Report - the following formats are available:
– Crystal Reports (RPT)
– Adobe Acrobat (PDF)
– Microsoft Excel 97-2000 (XLS)
– Microsoft Excel 97-2000 - Data Only (XLS)
– Microsoft Word (RTF)
– Microsoft Word - Editable (RTF)
– Rich Text Format (RTF)
Reporting
7.2 Reporting Toolbar

Standard toolbar
The following toolbar is standard for any report that you generate:
Icons
The following options are provided on the Reporting toolbar:
• Click the Show/Hide Group Tree icon to the left of the First page icon to display a hierarchy
in a new column of the data on which you are reporting. This allows you to drill down to see
only information that you want without having to flip through all the pages of the report.
– Click an item in that column, for example the date to jump to the first page in the report
that shows confirmations of that date
– Click an expanded item, to jump to the first page in the report that shows confirmations for
this item.
• Use the page navigation (Previous, and Next) icons to jump to a specific page, or to the
First or Last page of the report
• Alternatively type a page number and click the Go to Specific Page icon to go to a particular
page of the report
• Click the Refresh icon to update the information displayed in the report
• Click the Print Report to output to a designated printer
• Click the Export Report icon to initiate the export functions on the Export Report window.
See "Export Report" on page 70 for more details.
• Type specific text in the free text field to find an occurrence in the report
• Select a display size from the drop-down list
• Select the Reselect icon to return to the filter window.
7.3 Generating a Standard Admin Report

To generate a Standard Admin report
1. From the Admin tab, select Reports > Standard.
2. Then select one of the following Admin report options:
• Roles
• User Entitlements
• Security Audit Trail
3. When the report displays in the standard reports window, navigate it using the page
navigation buttons, see "Reporting Toolbar" on page 65.
For example, to go to Page 8 of the report, type "8" and press ENTER.
18 November 2011 65
Alliance Lite 2.2
4. View, export, or print the report as required.
7.4 Generating a Filtered Admin Report

How to filter data
When you select a menu option for a filtered report, a filter window prompts you to refine the
range of data that you want to see. The window allows you to group data within your report by
specifying one, many, or all of the filter criteria available.
Click each hyperlink under the Field Name column to open a filter selection pop-up that also
allows you to sort selection criteria in ascending or descending order. You can also specify the
order in which you want the fields to display.
Note If you click Enter on a filter pop-up without specifying the changes that you want to
see displayed, then ALL data relevant to your report appears.
How to use the buttons on a filter window

The following table details how to use the functions that you see on a report filter window.
Click To
Enter create a report using your selected filter criteria
Reset clear entered filter details from the window
Profile import filter criteria from a previously created report. This allows you to create a Profile of
filtered information that you can re-use.
Save save the data contained in the filter window as a report profile. This allows you to save
filtered information as a new Profile.
Reporting
To generate a Filtered Admin report

1. From the Admin tab, select Reports and the Filter option followed by one of the report
options:
• Roles - user can filter on the Role Id
• User Entitlements - can filter on Role Id and User ID
• Security Audit Trail - can filter on Log Time and User ID

A filter window prompts you to specify and sort the data that is relevant for your selected
option.
2. Specify and sort criteria as required.
Note If you click Enter without specifying any criteria, then a report is created
including all criteria.
3. (Optional) Click Save to save the filter criteria for future use (see "Creating and Copying a
Report Profile" on page 68).
4. Click Enter to create a report that uses your selected filter criteria.
7.5 Using Report Profiles

What is a report profile?
A report profile is a report that you generate using a previously saved filtered report. It serves as
a Report Template and allows you and the other administrator to use the same type of report
with the same criteria again, but for another time period.
From the Admin tab and Profiles menu, you can do the following:
• Add or create a report profile
• Copy and Modify a report profile
• Delete a report profile
Two ways to create a report profile

You can create a report profile by doing either of the following from the filter window that
appears after you select the type of report:
• Click Save - if you want to save selections that you make on the filter window as criteria for a
new report profile
• Click Profile - if you want to re-use previously filtered information from an existing report
profile by importing that filter criteria.
Buttons to use when you create or modify report profiles

The following table details the available buttons you can use when creating a report profile.
Click To
Add save a report profile to the system
Reset clear entered profile details from the window
18 November 2011 67
Alliance Lite 2.2
Click To
Copy copy a report profile, so you can modify it
7.5.1 Creating and Copying a Report Profile

To create a report profile
1. Depending on the type of report profile that you want to create, select one of the following
options:
• Admin tab > Profiles > Add > Reports > "type" > "report"
• Payments tab > Profiles > Add > Reports > "type" > "report"
• Cash Reporting tab > Profiles > Add > Reports > "type" > "report"
• Treasury tab > Profiles >Add> "report"
• Securities Instructions tab > Profiles > Modify
• Funds Management tab > Profiles > Modify
• Asset Holdings tab > Profiles > Modify

A filter window prompts you to specify and criteria that you want for your report profile.
2. Enter a Profile ID and a Description to name and fully identify your report profile.
3. Specify the criteria as wanted. For more information, see "Generating a Filtered Admin
Report" on page 66.
4. Click Add to save this new filtered information as a report profile.

A "Profile saved successfully" message appears.
To copy a report profile

1. Repeat Step 1 of the preceding instruction.
2. Click Copy to display a tabled list of report profiles for the report type selected.
3. Click the report profile whose filter criteria you want to copy.
The filter criteria for the report profile appears.
4. Re-specify and sort other criteria as wanted. For more information, see "Generating a
Filtered Admin Report" on page 66.
5. Enter a new Profile ID and a Description to name and fully identify the new report profile.
6. Click Add to save the report profile with the modified criteria.
Reporting
7.5.2 Modifying a Report Profile

To modify a report profile
1. Depending on the type of report profile that you want to copy, select one of the following
options:
• Admin tab > Profiles > Modify
• Payments tab > Profiles > Modify
• Cash Reporting tab > Profiles > Modify
• Treasury tab > Profiles > Modify
• Securities Instructions tab > Profiles > Modify
• Funds Management tab > Profiles > Modify
• Asset Holdings tab > Profiles > Modify

A filter window prompts you to specify the Profile ID at least, and optionally the Function
and the Action/Type.
2. Click Enter to display a tabled list of report profiles matching the entered criteria.
3. Click the report profile whose filter criteria you want to modify.
The filter criteria for the report profile appears.
4. Re-specify and sort criteria as wanted. For more information, see "Generating a Filtered
Admin Report" on page 66.
5. Click Update to save the report profile with the modified criteria.
7.5.3 Deleting a Report Profile

To delete a report profile
1. Depending on the type of report profile that you want to delete, select one of the following
options:
• Admin tab > Profiles > Delete
• Payments tab > Profiles > Delete
• Cash Reporting tab > Profiles > Delete
• Treasury tab > Profiles > Delete
• Securities Instructions tab > Profiles > Delete
• Funds Management tab > Profiles > Delete
• Asset Holdings tab > Profiles > Delete

A filter window prompts you to specify the Profile ID at least, and optionally the Function
and the Action/Type.
18 November 2011 69
Alliance Lite 2.2
2. Click Enter to display a tabled list of report profiles matching the entered criteria.
3. Check the box against the report profile whose filter criteria you want to delete and click
Delete .
A "Profile Delete successful for Profile <Xxxxxx>" message appears.
7.6 Export Report

Overview
The Report options contain for some types of transaction the ability to create files which can be
exported to Excel and then saved as CSV files (or other formats of the user's choosing) for
processing by the back-office. These options are recognised by the word "Export" in the option
name.
The Export Report option is available for:
• Payments Reports:
– Payment Data Export
• Asset Holdings Reports:
– Accounting Assets Position Export
– Custody Assets Position Export
• Securities Instructions Reports:
– Settlement Confirmation Export
– Settlement Status Export
• Funds Management Reports:
– Order Export Report
– Confirmation Export Report
To generate an export report

1. Click a tab that has the required Reports menu option and then the Reports option, report
category, and then a particular report. For more information about menu options.
For example, click the Payments tab, and > Reports > Payment Data Export.
A filter window prompts you to specify and sort the data that is relevant for your selected
option.
Reporting
2. Specify and sort the criteria as required, and click Enter .

A report that has been tailored to your criteria appears in a standard reports window.
Note The data displayed is not easily readable as it has been prepared for export to
a file.
3.
To export the report click the Export Report button in the toolbar.
Provide affirmative responses to the security pop-ups that appear, until the Export Reports
Format screen appears:
18 November 2011 71
Alliance Lite 2.2
Export Format Reports
Select the format "Microsoft Excel 97-2000 - Data Only (XLS)" and click OK . The Report
will be opened up in Excel as a spreadsheet with each element of the data represented by
a field in the spreadsheet.
4. You can now save the report from Excel as a CSV format file or any other format that you
require (for example XML).
Note Export from Microsoft Excel using only CSV(CRLF), or DOS(CRLF) format. Do not
use MAC (CR) format.
Note Ensure that the Internet Explorer Security setting is enabled to Allow Automated
Download of File... as described in the Alliance Lite AutoClient Installation and
User Guide "Security Considerations".
Legal Notices
Legal Notices
Copyright
SWIFT © 2011. All rights reserved.
You may copy this publication within your organisation. Any such copy must include these legal notices.
Confidentiality
This publication may contain SWIFT or third-party confidential information. Do not disclose this publication
outside your organisation without the prior written consent of SWIFT.
Disclaimer
SWIFT supplies this publication for information purposes only. The information in this publication may
change from time to time. You must always refer to the latest available version on www.swift.com.
Translations
The English version of SWIFT documentation is the only official version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: SWIFT,
the SWIFT logo, the Standards Forum logo, 3SKey, Innotribe, Sibos, SWIFTNet, SWIFTReady, and Accord.
Other product, service, or company names in this publication are trade names, trademarks, or registered
trademarks of their respective owners.
18 November 2011 73

Alliance Lite 2 2 Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Alliance Lite 2 2 Guide

Uploaded by

Copyright:

Available Formats

Connectivity

Alliance Lite 2.2

1 Introducing Alliance Lite ............................................................................................................................. 3

2 Getting Started ................................................................................................................................................. 7

3 Navigating the Alliance Lite User Interface ....................................................................................... 22

4 Managing Users ............................................................................................................................................. 24

5 Adding and Maintaining Your Reference Data ................................................................................ 46

6 Configuring the Alliance Lite Modules ................................................................................................ 60

1 Introducing Alliance Lite

1.1 What is Alliance Lite?

– Pilot customers can test new Alliance Lite releases.

– Users can assign roles to other users for test purposes.

Who are Alliance Lite users?

• Administrator. See "What Can Alliance Lite Administrators Do?" on page 4.

1.2 What Does the Web Interface Provide?

1.2.1 What Can Alliance Lite Administrators Do?

Assign each user roles, and maintain them.

Create and maintain a corresponding USB token for each user.

Define bank and institution account numbers for use by users.

Set daily and individual approval amount limits.

1.2.2 What Can Alliance Lite Users Do?

• create or initiate message transactions (from scratch, or from a predefined template).

• create and modify message transaction templates.

• approve (sign) message transactions ready for transmission to correspondents.

• reject message transactions or return them for modification.

• view incoming message transactions.

• generate reports on message transactions or file transfers.

1.3 What Does AutoClient Provide?

Note MX files are sent using the CSV format.

1.4 How is Alliance Lite Packaged?

• IP 194.78.35.134 (TCP port 443)

• IP 194.78.35.135 (TCP port 443)

• IP 194.78.35.136 (TCP port 443)

• IP 194.78.35.137 (TCP port 443)

• IP 194.78.35.153 (TCP ports 80 and 443)

• IP 194.78.35.154 (TCP ports 80 and 443)

2.1 Start Up Process

4. Log on to Alliance Lite.

Related routine procedures

2.1.1 Install Java

To check whether you already have the Java installed

2. Click the General tab, and click About .

To download and install Java

To configure the settings for Java

2. Click the Advanced tab to open the Settings window.

3. Expand the Security settings, and do as follows:

• Select the Use TLS 1.0 box.

4. Click Apply and OK .

2.1.2 Internet Explorer Settings for Export Report

2.1.3 Install Driver for USB Tokens

– Windows XP SP2 or SP3 (32-bit)

– Windows Vista SP1 or SP2 (32-bit)

– Windows 7 (32-bit, 64-bit)

– Windows Server 2008 R2 (64-bit)

• Your browser must be Internet Explorer 7 or 8.

To install the driver for the Alliance Lite USB tokens

2. Insert the CD that is labelled Alliance Lite 2.0 in the CD drive.

4. Click Next to install the driver for the USB tokens.

5. Accept the licence terms and click Next .

6. Click your preferred Restart option and click Finish .

2.1.4 Register with Alliance Lite on First Use

Note On inserting a USB token, a SafeNet message confirms that a token is

3. Click Go to Alliance Lite .

4. Enter the password that SWIFT sent to you by e-mail.