Professional Documents
Culture Documents
Alliance Lite 2 2 Guide
Alliance Lite 2 2 Guide
Administration Guide
This guide describes how to perform Alliance Lite administration tasks. These tasks include configuring users, adding
your system's reference data, and generating various reports. This guide is for the personnel who have been assigned
the role of Alliance Lite administrator in your particular organisation.
18 November 2011
Alliance Lite 2.2
Table of Contents
7 Reporting .......................................................................................................................................................... 64
7.1 Generation and Format Options ........................................................................................................... 64
7.2 Reporting Toolbar ................................................................................................................................... 65
7.3 Generating a Standard Admin Report ................................................................................................. 65
7.4 Generating a Filtered Admin Report .................................................................................................... 66
7.5 Using Report Profiles .............................................................................................................................. 67
7.6 Export Report ........................................................................................................................................... 70
.Legal Notices ...............................................................................................................................................................73
2 Administration Guide
Introducing Alliance Lite
• The Web interface: Use the Web interface that has message data entry and business
features if your organisation prefers to manually process a low number of message
transactions per day.
This interface offers a web experience for sending and receiving message transactions, with
a focus on the initiation of multi-bank payments, cash reporting, foreign-exchange, and funds
and securities transactions. Alliance Lite customers who have ordered Browse services can
also connect to Browse from the Web interface. For more information, see "What Does the
Web Interface Provide?" on page 4.
The Web interface can also monitor the status of message transactions that have been
initiated through AutoClient.
• AutoClient: Use AutoClient if your organisation has business applications and wants to
enable these applications to send and receive message transactions in an automated way.
For more information, see "What Does AutoClient Provide?" on page 5.
Types of services
Alliance Lite offers two types of services:
• Live service: You use this service to send live business messages and files. This service is
also called Production service.
• Test service: You use this service to exchange FIN Test and Training messages and
FileAct/MX Pilot files. Other benefits of this service are as follows:
– New Alliance Lite users can try the Alliance Lite service in a safe environment before using
the Live service. Messages and files that users exchange over the Test service have no
financial consequences.
– Existing Alliance Lite users can exchange test messages and files with a new
correspondent to learn how to send and process messages and files properly.
– Users can create and maintain accounts for banks, institutions, and financial instruments
without impacting the Alliance Lite Live system.
– Users can use AutoClient for both FIN Test and Training and FileAct/MX Pilot services.
18 November 2011 3
Alliance Lite 2.2
You can view only live messages and files in the Live service and only test messages and files
in the Test service. The Test service is a simulation of the Live service, and you cannot send,
view, or process a live message or file in the Test service. Messages or files that you send from
the Test service are marked as test or pilot so that recipients of these transactions do not
process them as live messages or files.
• User, uses Alliance Lite for the creation, update, approval, sending, and receiving of
messages and files to and from SWIFT. For more information, see the Alliance Lite User
Guide.
• AutoClient user (with access to the account that runs AutoClient) with a USB token. For
more information, see the Alliance Lite AutoClient Installation and User Guide.
• administrators that are responsible for sensitive tasks (for example, user creation and
defining what tasks users can do)
• users that perform day-to-day operations (for example, message creation, monitoring and
approval
Each administrator and user has a personal USB token and password.
User setup tasks Define a user for each Alliance Lite user.
Generate reports related to roles, user entitlements, and security audit trails.
Assign RBAC user roles using SWIFTNet Online Operations Manager (only
available if your institution has subscribed to a Browse service).
Reference data Select the RMA relations or BICs that your organisation wants to transact with (for
creation tasks Live services only).
4 Administration Guide
Introducing Alliance Lite
Enter details for all of the banks and institutions that your organisation deals with.
Enter details for all of the financial instruments that your organisation deals with.
• monitor and confirm the status of message transactions, from creation to final delivery,
including those transactions handled by AutoClient.
• access Browse services that are offered on SWIFTNet. This function is only available if your
institution has subscribed to one or more of these Browse services.
A user may have the permission to create message transactions, but may not have the
permission to approve these message transactions. Another user may have the permission to
create and approve message transactions, including their own.
18 November 2011 5
Alliance Lite 2.2
Firewall security
SWIFT strongly advises that you use a firewall between the Alliance Lite workstations (both the
Alliance Lite Web interface (browser) and the AutoClient) and the Internet. For Alliance Lite to
function, the firewall must allow outgoing TCP connections from one or more Alliance Lite
workstations towards www.swiftalliancelite.com (for Live service) and to
test.swiftalliancelite.com (for Test service) on the standard port for SSL/HTTPS (tcp/443). No
incoming connections are required, and SWIFT recommends that users block all incoming
connections from the Internet.
Note If you are using a local (host based) firewall on the computer that runs AutoClient,
then it must be configured to accept a local connection between two AutoClient
processes on this computer (localhost port 8000). This TCP connection flow is
required for AutoClient to function normally.
If you have a firewall setup on your system, and if you encounter problems accessing Alliance
Lite because of this, then configure your firewall to recognise the following IP addresses:
6 Administration Guide
Getting Started
2 Getting Started
1. Install Java: This is a one-off setup procedure that you must do before you install the
driver for the USB tokens.
2. Install the driver for the USB tokens: This is also a one-off procedure that you must do to
have the necessary software to configure and read the certificates on USB tokens.
3. Register with Alliance Lite by re-initialising the certificate on your USB token. This is a one-
off procedure that you must do on first use of the application to recode the certificate on
your USB token. For more information, see "Register with Alliance Lite on First Use" on
page 9.
5. Change the password that protects the USB token. See "Change Your Password Before
Its Expiry" on page 15.
Note Java installation is not a requirement for a PC on which you are only installing
Alliance Lite AutoClient.
You may already have a version of Java installed, in which case, you must check the version. If
you do not have a recent enough version, then you must download it from the Java website and
configure it.
18 November 2011 7
Alliance Lite 2.2
• Clear the Use SSL 2.0 compatible ClientHello format box and select the Use SSL 3.0
box.
2. From the Tools menu select Internet Options > Security > Trusted Sites > Custom
Level.
In the section ActiveX controls and plug-ins, set Automatic prompting for ActiveX
controls to Enabled.
In the section Downloads, set Automatic prompting for file downloads to Enabled.
Note Updates to Internet Explorer may reset these settings (for example, resetting
the general security level for Trusted Site to 'Medium' or higher can disable
these two settings) . If you experience problems with report exports, then
check that these settings have not been reset.
• You must have Windows Administrator privileges, and your Operating System must be one of
the following:
8 Administration Guide
Getting Started
– Windows Server 2003 SP2 (32-bit, for Alliance Lite AutoClient only)
• You must have the Windows Administrator All Access permission on the folder in which
you install the driver.
Note The installation of the driver for the Alliance Lite USB tokens overwrites all existing
SafeNet software that you may have installed on your PC.
If your PC uses an application that also uses USB tokens for identity management
or certificate storage, then SWIFT recommends that you do not install Alliance Lite
on that PC because it could make the other application unusable.
3. Double-click AllianceLite-install.exe.
(On Windows Vista that has User Account Control enabled, click allow to run the
program.)
The Alliance Lite Installer appears, and indicates that the data is being unpacked. This
may take 2 to 3 minutes.
When the data is unpacked, a Welcome page indicates what you must do next.
18 November 2011 9
Alliance Lite 2.2
Important The second administrator must perform the same registration process, using their
own USB token and their initial password, immediately after the first administrator.
To log on to and register with Alliance Lite for the first time
1. Insert one of the blue-labelled Administrator USB tokens in a free USB port of a PC that
has an internet connection. You must also have installed on this PC the SafeNet driver for
the USB tokens.
2. Close any Internet Explorer windows that are currently open, and then open your browser
to enter this URL:
http://www.swiftalliancelite.com
You can also enter the URL first and then insert the USB token.
The Welcome to Alliance Lite window appears.
Note To register with Alliance Lite, you must log on to the Live service (not to the
Test service).
10 Administration Guide
Getting Started
Note A Java applet is used to access the Alliance Lite USB token. Java can also
prompt for the password to download the applet. Depending on your security
setting, a confirmation pop-up may appear. Verify the information displayed on
the pop-up and click Run to continue.
8. Click Close to close the wizard and then log on again with the new password:
The Set Restrictions window appears, in which you must set restrictions for the future use
of the application by the users. For more information about the restriction settings, see
"Setting and Modifying Restrictions" on page 57.
9. To complete the registration process, select or enter the appropriate value for the following
fields:
18 November 2011 11
Alliance Lite 2.2
• Instruction Daily Limit: establishes the total amount that a single user, with the
Approver role or the Approver Own role, can approve in one day.
This limit is expressed in the base currency that you select.
You must enter a value other than 0 (zero). This limit is not applicable to users that have
the Approver Unlimited role or the Approver Own role.
• Instruction Individual Limit: establishes the total amount that an individual user, with
the Approver role or the Approver Own role, can approve for a single transaction.
This limit is expressed in the base currency that you select. If payment is in another
currency, then a conversion is made based on an internal conversion table. The
exchange rates are updated every month
You must enter a value other than 0 (zero). This limit is not applicable to users that have
either the Approver Unlimited role or the Approver Own Unlimited role.
• Click Add .
The Alliance Lite home page appears. For more information, see "Log on to Alliance Lite
on a Daily Basis" on page 12.
The second administrator (Administrator 2) must review the restrictions by completing the same
procedure with the other Administrator USB token. Then both administrators are ready to use
the administrator functions of Alliance Lite.
The two initial Alliance Lite administrators are also registered on www.swift.com and will have
received a password from SWIFT to use that account on www.swift.com. This password and
account on www.swift.com are different from the administrator's password and user ID on
Alliance Lite.
Alliance Lite administrators must keep their contact details (phone number, e-mail address) up-
to-date in their individual account profiles on www.swift.com. This is required because SWIFT
must always have the correct contact details of each Alliance Lite administrator.
After the two Alliance Lite administrators have registered with Alliance Lite for the first time
(have completed "Register with Alliance Lite on First Use" on page 9), SWIFT recommends that
they assign at least one extra user that can act as an Alliance Lite administrator (a third
administrator). This is very useful when one of the two original Alliance Lite administrators is
unavailable (for example, on holiday) or forgets a password or loses a token, because certain
actions can only be done if two administrators are present. For more information, see
"Managing Users" on page 24.
2. Close any Internet Explorer windows that are currently open, then open the browser and
enter the following URL to access the Alliance Lite application:
http://www.swiftalliancelite.com
The Welcome to Alliance Lite page appears.
12 Administration Guide
Getting Started
3. Click Go to Alliance Lite to log on to the Live service or click Go to Test to log on to the Test
service.
The Token Login window prompts you to enter your password.
Note A Java applet is used to access the Alliance Lite USB token. Java can also
prompt for the password to download the applet. Depending on your security
setting, a confirmation pop-up may appear. Verify the information displayed on
the pop-up and click Run to continue.
Note Alliance Lite user sessions are pre-set to time out after 10 minutes of inactivity.
If a timeout occurs, then the system automatically logs you off, and you lose
any unsaved changes.
18 November 2011 13
Alliance Lite 2.2
If your institution has subscribed to a Browse service (for example, TARGET2), then the
Alliance Lite administrators can also see the Browse over SWIFTNet tab on the Alliance Lite
home page.
For more information about how you can customise the Run automatically at log on options
and the interface, see "Customising a Toolbar of Shortcuts" in the Alliance Lite User Guide.
14 Administration Guide
Getting Started
During the first logon to Browse with a user token, the system initialises your token for
Browse usage and this may take a few minutes. The logon process goes faster the next
time you log on to the Browse over SWIFTNet environment with this same token.
Note The Alliance Lite administrators can use SWIFTNet Online Operations Manager
to grant/ungrant RBAC roles to users with the Browse over SWIFTNet user role.
Non-administrators are not able to see the SWIFTNet Online Operations
Manager link in the available Browse Services list. For information about using
SWIFTNet Online Operations Manager to assign and approve RBAC roles, see
section "Assign and Approve RBAC Roles for Browse over SWIFTNet Users" on
page 32.
18 November 2011 15
Alliance Lite 2.2
Note Passwords must be at least four characters long, and can consist of any upper
and lower case alphanumeric character or a special character. A password
must be different from the five previously used codes. If you do not change your
password before its expiry, then Alliance Lite forces you to change it the first time
you try to use it following its expiry.
Note You have up to five attempts to enter and correctly confirm a new password,
after which Alliance Lite automatically disables the USB token. In such a case,
contact SWIFT to generate a new USB token.
You can also renew your USB token when there are two other administrators
that have been successfully configured in Alliance Lite.
To sign an action
1. When you click a button to initiate an action that requires signing, the Token Login window
appears prompting you to enter your password.
16 Administration Guide
Getting Started
Note SWIFT recommends that you log off before removing the USB token.
1. Warning mode: When the user certificate expiry is within the next 120 days, Alliance Lite
displays a certificate renewal notice page at logon. At this stage, you have the choice to
proceed with the renewal or to defer it to a later time.
2. Automatic mode: When the user certificate expiry is within the next 100 days, you must
renew the certificate at logon time.
18 November 2011 17
Alliance Lite 2.2
Note Alliance Lite certificates can only be renewed on the Live system. When you
see the Certificate Renewal notice on the Test system, you must renew the
certificate on the Live system.
Note The pane in the upper left corner of the screen shows the stage of the renewal
process in parallel with the stage that you are going through.
3. Click Next .
The Retrieving initial secrets from SWIFT window appears.
18 Administration Guide
Getting Started
5. Click Next .
The Generate keys on the token window appears.
18 November 2011 19
Alliance Lite 2.2
When the generating keys process is done, the Finished successfully window appears.
20 Administration Guide
Getting Started
You have completed the certificate renewal process and will be directed to the Alliance Lite
home page.
2. Click Next .
The Retrieving initial secrets from SWIFT screen appears. See step 2 of section "Renew
certificate in warning mode" on page 17.
18 November 2011 21
Alliance Lite 2.2
• Use the main components of the interface, which include the application's tabs, menus, and
fields.
• Use data selection and pop-up filter windows. See "How Fields on Data Entry Windows
Work" on page 22
• To use the application's filter windows to select data more precisely, see "How to Navigate
the Field Data."
• To create a customised toolbar of shortcuts for the tasks that you use most frequently, see
"Customising a Toolbar of Shortcuts".
Greyed out fields Indicate protected fields that appear by default. You cannot change a
greyed-out field because other screen data depends on this field.
Fields with ... Indicate that multiple options are available, from which you must select an
option using filter criteria.
22 Administration Guide
Navigating the Alliance Lite User Interface
18 November 2011 23
Alliance Lite 2.2
4 Managing Users
Overview of how to manage users
A user role determines what you can and cannot do and what the user can access within
Alliance Lite.
Two Administrators are provided by default. It is strongly recommended that a third
Administrator be created as an optional backup:
• Administrator 3 is an optional (but recommended) Lite user that is used in the unavailability of
Administrator 1 or Administrator 2.
The following lists the tasks that Administrator 1 must do to manage users:
• delete users
Administrator 3 is an optional user, however, SWIFT recommends the creation of this user
• Lite Live users: The administrator configures these users on the Live service (use
Go to Alliance Lite for logon).
• Lite Test users: The administrator configures these users on the Test service (use Go to Test
for logon).
If the Administrators have access to the Live service, then they can create a user on the Test
service by completing the following steps:
1. Create the user on the Live service and assign the user a token.
2. Create the user on the Test service with the same User ID that was used in the previous
step. The administrator does not assign a token for Test service.
You can access the Test service using the Lite Live token.
24 Administration Guide
Managing Users
If administrators have access to the Live service, then the functions to create or renew
tokens will not be available when they access the test service.
If the Administrators have access to the Test service only, then to create a user on the Test
service they must first create the user on the Test service and then assign a token to the
user.
1. Define the user by entering a unique User ID and User name for the user.
1. Click Update .
2. Sign your action by entering your password in the Token Login window.
18 November 2011 25
Alliance Lite 2.2
2. In the User ID field, type a short name of up to eight characters. The information is
displayed in upper case.
If you set AutoClient, then type AUTOCLNT in this field.
4. (Optional) Complete the e-mail Address. This e-mail information is currently not used by
Alliance Lite.
5. In the Password and Confirm New Password fields, enter a 6-character password. This
password is currently ignored but is required for entry purposes at this time.
6. In the Locale field select the date format and decimal separator character (dot or comma)
for use in messages fields.
The format can be as follows, where dd = day, mm = month, and yyyy = year:
• dd/mm/yyyy - dot
• mm/dd/yyyy - dot
• dd/mm/yyyy - comma
8. Select the Administrator check box, only if you want to assign an Alliance Lite
Administrator role for this User ID (for example, Administrator 3).
Alliance Lite administrators are privileged users, and can manage (add or modify) other
users. If you select the Administrator check box, then take the following steps:
• Register the user on www.swift.com under your BIC code. This action is necessary
because SWIFT must always have the contact details for Alliance Lite administrators. To
register a user, select Register Now on the www.swift.com home page. For more
information, see the Swift.com Registration and Administration User Guide on
www.swift.com.
9. Click Add .
The Token Login window appears.
10. Sign your action (see "Use Your Password to Sign Important Actions: Token Login
Window" on page 16). This action creates a non-repudiation record of the action for future
reference.
11. A success message appears showing the name of the user that you created. Click OK to
acknowledge the success message.
The User screen appears showing the user you have just created:
26 Administration Guide
Managing Users
Click To
Add Function Roles opens the Roles window where you assign roles to the user
Remove Function Roles opens the Roles window where you delete roles to the user
Reset clear all data. If you click Reset before you click Add , then the
data you enter is not saved, and the user is not added.
Create Token opens the Create Token window where you initialise a user USB
token
12. From this screen you can perform the following tasks:
• Add or Remove Function Roles (see "Assign User Roles" on page 29).
• Create a Token for the User (see "Create a USB Token for a User" on page 36).
Complete any actions that are required.
Note The User Group field is configured during the SWIFT configuration for your
organisation.
18 November 2011 27
Alliance Lite 2.2
• If you want users to perform manual approvals of messages uploaded by AutoClient, then
you must::
2. From the Admin tab, select Users and then the Add option.
3. In the User ID field, enter AUTOCLNT. This must be the same User ID as defined on the
live system
5. Repeat Steps 4 through to 13 of "Define a User" on page 25 but do not create a token.
Note Tokens can only be created on the live system. The same token is shared
between the AUTOCLNT user on the live system and the AUTOCLNT user on
the test system.
You can grant different roles on the test system. For example, you can enable
automatic approval for AUTOCLNT on the test system while keeping manual
approval for AUTOCLNT on the live system.
28 Administration Guide
Managing Users
AutoClient Installation and User Guide). You only need one token for the test and live
AutoClient environments, but you have to alternate between the two operations.
If you want to test with AutoClient without needing to alternate between test and live modes,
then you must set up a separate test user and token for AutoClient called AUTOTEST.
Note This is a unique user ID solely intended for the AutoClient test.
4. Repeat Steps 4 through to 13 of "Define a User" on page 25. Create a token for the
AUTOTEST user.
Note You do not need to assign roles to the AUTOTEST user because the roles
assigned to the AUTOCLNT user will be used automatically. Any roles you
assign to the AUTOTEST user will be ignored.
5. Log off from the live system and log on to the test Alliance Lite system
(www.swiftalliancelite.com > Go to Test).
6. Define the AUTOTEST user on the Alliance Lite test system (by repeating the above steps
1 through to 4 on the test system, but do not create a token).
Note For the test token AUTOTEST to work, you must have already defined the
AUTOCLNT user. An AUTOTEST user without an AUTOCLNT user does not
work.
Once the AUTOTEST user is defined, you can no longer use the AUTOCLNT
token to start AutoClient in Test & Training mode (this will give an error). In other
words, after AUTOTEST is defined, the AUTOCLNT token can only be used for
live AutoClient operations.
Note It is not necessary to assign roles to the AUTOCLNT User ID other than the ones
defined in the previous section.
18 November 2011 29
Alliance Lite 2.2
its messages, then you need to create an AutoClient user (AUTOCLNT) with only the ACAUTO
role. The following table details all the possible roles that you can assign.
Role Permission to
Approver Own Unlimited approve messages created by themselves without a limit check
Viewer Cash Reports view cash messages and generate cash reports.
Viewer Funds Reports view funds messages and generate funds reports.
AC Auto Approval automatically approve all messages sent to SWIFT through AutoClient
- this role can only be assigned to the AUTOCLNT user that you create
specifically to use the USB token for AutoClient, and has no effect when
assigned to any other user
Browse over SWIFTNet log on to the Browse over SWIFTNet environment of Alliance Lite. This role
is only visible if the customer (institution) has subscribed to a Browse service
on SWIFTNet.
Viewer Inbox/Outbox view messages and files in the Alliance Lite inbox and outbox and download
messages in bulk for local archival
The Add Function Roles window appears containing the list of possible user roles that can be
added to the user.
30 Administration Guide
Managing Users
2. Click the roles appropriate to your user and then move them with the buttons provided ( >> ,
> ) to the Selected Items pane, bearing in mind the note below.
Note You must only select the AC Auto Approval role for the AUTOCLNT User ID if
your organisation wants automatic approval of all messages handled by
AutoClient. Your next stage then is to configure the USB token for the
AUTOCLNT user.
However, if your organisation has installed AutoClient, but wants one or more
of your users to use the Alliance Lite interface to manually approve messages
handled by AutoClient, you must select the AC Creator role. In this case,
Your next stage then is to configure the USB token for the AUTOCLNT user.
You should not assign AutoClient roles to non-AutClient users.
Note To perform tasks in Browse, the user must have the Browse over SWIFTNet
user role.
3. Click Save and then click OK to acknowledge the "User roles updated successfully"
message.
4. When the User Window appears, click Update to complete the process.
Now you must create a USB token for the user, as explained in "Create a USB Token for a
User" on page 36.
The Remove Function Roles window appears with a list of the roles that are associated
currently with the user.
2. Click the roles you want to remove in the Selected Items pane and then remove them with
the buttons provided ( << , < ) .
3. Click Save and then click OK to acknowledge the "User roles updated successfully"
message.
4. When the User Window appears, click Update to complete the process.
18 November 2011 31
Alliance Lite 2.2
3. Click OK .
The system starts the Authenticating process.
When the authentication completes, the SWIFTNet Online Operations Manager window
appears.
32 Administration Guide
Managing Users
18 November 2011 33
Alliance Lite 2.2
Note Alliance Lite creates the SWIFTNet identity (Distinguished Name) for an
Alliance Lite user that has the Browse over SWIFTNet role automatically in
the following pattern:
cn=<USERID>, ou=users, o=<BIC8>, o=swift.
In this DN, <BIC8> is the 8 characters of your institution's BIC8, <USERID> is
the User ID of the user in Alliance Lite (see "Define a User" on page 25),
converted to lowercase.
Example
cn=john, ou=users, o=bankbebb, o=swift
This identity will be displayed when you double click a user on the tree view to
display the role information for that user.
5. Double-click a user on the tree view and assign both the %1 and %2 the necessary RBAC
roles.
The %1 and %2 nodes relate to the high available configuration of the two Alliance Lite
servers. It is important that you grant the same roles to both %1 and %2. The easiest way
of doing this is to double-click to select both %1 and %2 in the tree view so that they are
displayed on the right side of the screen. You can then use the Group Grant function to
assign the same roles to both %1 and %2 at the same time.
7. For each role, select the corresponding checkbox to grant the role (to ungrant a role, clear
the corresponding checkbox).
When you do a modification, a light icon appears above the checkboxes.
This window looks like the following:
34 Administration Guide
Managing Users
Note The meaning of these roles is decided by the third party Browse service
provider (for example, TARGET2). You must follow the guidelines provided by
your service provider to understand and set the right roles.
8. Click Save .
The system prompts you to enter your password.
2. In the text box as indicated on the screen, type or paste the token that the first
administrator received at the end of the procedure for assigning the RBAC roles.
18 November 2011 35
Alliance Lite 2.2
3. Click Retrieve .
The details of the action to authorise appear in the right pane.
5. Click OK .
For more information about SWIFTNet Online Operations Manager, see the SWIFTNet
Online Operations Manager User Guide.
36 Administration Guide
Managing Users
2. Click Next , and wait until the second Initial secrets window prompts you to enter your
administrator password.
18 November 2011 37
Alliance Lite 2.2
• remove your administrator USB token from its USB port on your computer
• in the same USB port, replace your token with a new USB token for the user that you are
defining.
Note You must swap tokens. You cannot insert a new USB token in one USB
port and leave the Admin USB token in its existing port. Before inserting a
new USB token, wait until the SafeNet Borderless Security icon in the
Windows tray tells you it recognises that the USB token was removed: the
icon has a red line across it.
When a USB token is inserted SWIFT recommends waiting until the
SafeNet Borderless Security icon changes in the Windows tray: an icon
without a red line across it.
A SWIFT progress bar appears informing you that the system is going to initialise and store
new certificate information on the USB token.
On detection of the user's USB token, the Certificate window prompts you to enter and
confirm a new password for the user.
6. In User Password and Confirmation, enter the same new password for your user, and
click Next , when it becomes enabled.
The password must be at least four characters long.
A SWIFT status bar shows the progress of the key being generated on the USB token.
When the Certificate window informs you that the certificate was correctly stored on the
user's token, and you can swap tokens again.
7. Remove the user's USB token and replace it with your administrator USB token.
38 Administration Guide
Managing Users
Tip Before re-inserting your administration USB token, wait until the SafeNet
Borderless Security icon in the Windows tray tells you it recognises that the
USB token was removed: the icon has a red line across it.
8. When the Finished window appears, click Close to complete the token creation process
and close the Token Management wizard.
When the certificate on the USB token is successfully linked to a user, Create Token
disappears and two news buttons are enabled on the User window. Use these buttons as
follows:
• Revoke Token to remove the certificate of the user from the list of authorised certificates,
so breaking the link between it and the user.
• Renew Token to erase the existing certificate and data on the USB token and then create
a new certificate with a new Serial Number.
10. In the Login Token window sign your action and click OK . A "User update successful"
message appears.
Now the second administrator must approve the user. However, as the first administrator, you
can more efficiently also repeat Steps 1 to 3 of the previous process, so that you set up all your
Users first. Then ask the second administrator to approve all new users in one go.
Tip It is simplest and quickest to approve all new users created by the first
administrator at the same time from the same window.
To approve a user
1. Insert your USB token in a free USB port and log on to Alliance Lite.
2. From the Admin tab, select Users and the Approve option.
A filter window prompts you to specify a sort order.
3. Click Enter at the bottom of the window to list all user records entered in the system, or
enter filter criteria and Enter to list specific user records.
This list contains all User IDs that you can approve, such as: User IDs that were entered by
another administrator and that are in one of the following states:
18 November 2011 39
Alliance Lite 2.2
• PW = User ID is locked out. This state appears for a user ID that was previously
approved and has been locked out by the system. For example, because the user has
tried to log in with his token from one browser window, while they were still logged in
another browser window. In such cases, the system preventively locks out the user. The
user cannot log in again until the administrator re-approves him (the user's token does
not have to be renewed).
4. Check the box against a user with the EN status, or PW status and click Approve at the top
of the user list.
Important The User now has the approved status (AP, or AA for the AUTOCLNT user). The
first administrator must repeat the same three stage process for each user that you
both want to add to your system. Then the second administrator must approve
each new user.
• View users (the user list), see "View the User List" on page 41
• View the user list, and modify a user if necessary, see "Modify Users" on page 41
40 Administration Guide
Managing Users
2. Click Enter at the bottom of the window to list all user records entered in the system, or
enter filter criteria and Enter . The user list appears:
This list contains all User IDs against their User Names and their current status:
• AA = AutoClient Approved
• AP = Approved
Note The Application column is for internal use. The flag is set to N by default, but
it will be set to Y automatically when a role is assigned to the user.
The user list information can be sorted by selecting a column header.
2. Click Enter at the bottom of the window to list all user records entered in the system, or
enter filter criteria and Enter . The user list then appears.
For more information about fields on this window, see "Assign User Roles" on page 29.
5. When the changes are complete click OK to clear the success message.
6. On the User window, click Update and enter your password in the Token Login window.
A success message tells you the user's details were successfully updated.
18 November 2011 41
Alliance Lite 2.2
Note If the modified user is an Alliance Lite administrator (Administrator check box is
selected in the User window), then maintain this user's contact details on
www.swift.com.
SWIFT must know at all times the contact details for each Alliance Lite
administrator. The user can do this by logging in to www.swift.com with his
swift.com account, and updating the user profile.
2. Click Enter at the bottom of the window to list all user records entered in the system, or
enter filter criteria and Enter . The user list then appears.
5. Repeat Steps 2 and 3 of "Create a USB Token for a User" on page 36.
For this procedure, you must:
• remove your administrator USB token from its USB port on your computer
• replace it with the USB token for the selected user (if it has not been lost).
The administrator can use any disposable token (blank token, token locked, token from
deleted user). During the "Renew Token" process, the certificate of the lost token is
revoked. If the user retrieves his lost token he cannot use it to log in to Alliance Lite.
The Certificate window tells you that all information about the USB token will be erased.
7. Follow the prompts to enter a new password for the user and confirm that password.
A SWIFT status bar shows the progress of the new key being generated on the USB token.
42 Administration Guide
Managing Users
Then the Certificate window informs you that the certificate was correctly stored on the
token of the user, and you can swap tokens again.
8. Repeat Steps 7 through 10 of "Create a USB Token for a User" on page 36.
The User now reverts to the EN status for Entered (Waiting approval), and the Serial
Number field in the User window contains the serial number of the certificate generated by
the SafeNet USB token renewal process.
Note The second administrator must now approve this action, see "Approve a User" on
page 39.
Warning You must have at least two valid Alliance Lite administrator tokens at all times. Do
not accidentally revoke an administrator's token.
You may want to revoke a USB token when a user loses their USB token and needs another
one. If the user finds their USB token, and it is undamaged, then you can renew the certificate
on the found USB token.
2. Click Enter at the bottom of the window to list all user records entered in the system, or
enter filter criteria and Enter . The user list then appears.
5. Click OK to clear the "Revoking Token for User: <user name>" message.
The User window clears the Serial Number field, and the User now has the EN status for
Entered (Waiting approval).
To delete a User
1. From the Admin tab, select Users and the Delete option.
18 November 2011 43
Alliance Lite 2.2
Warning At all times, you must have at least two Alliance Lite administrators.
2. Click Enter at the bottom of the window to list all user records entered in the system, or
enter filter criteria and Enter to list specific user records.
This list contains all User IDs against their User Names and their current status (except the
user who is logged in):
• AA = Approved AutoClient
• AP = Approved
3. Check the box against the user whose details you want to delete and click Delete .
You are then prompted to enter your password in the Token login window to delete the
user.
A message tells you "User XXX' was deleted successfully". Details for the selected user
disappear from the user list.
Note If the deleted user also has an account on www.swift.com, then you may want to
delete this user's account there, if they no longer require access to www.swift.com
on behalf of your organisation (for example, they left the organisation). This is
especially important if this user was an Alliance Lite administrator or had privileged
access to www.swift.com.
• To get a list of all the user records entered in the system, click Enter at the bottom of the
window.
The user list appears with all the users. The token expiry information is shown in the
Token Certificate Expiry column.
44 Administration Guide
Managing Users
• To look for the token expiry for a specific user, enter the filter values and click Enter . The
user list appears that lists the user you are looking for with the token expiry information
in the Token Certificate Expiry column.
18 November 2011 45
Alliance Lite 2.2
• Bank/Institution - this includes name and address information for each BIC you want to
transact with, for identification purposes within your organisation. It also specifies the
Distinguished Name (DN).
• Account - details of accounts available to each BIC that you have added to the system
• Set Restrictions - the limits on the total transaction amounts that are permitted to be
approved (sent) by a user at both a daily and individual level. Set up during the first login
performed by the Administrator.
• RMA - the relationships used when launching automatic authorisation to deal with each of the
BICs your organisation wants to transact with.
46 Administration Guide
Adding and Maintaining Your Reference Data
• In Bank Code, enter a "friendly" 8-character code as your reference for the bank
Note SWIFT recommends using the BIC code for uniformity and easy retrieval.
Note if you add a bank in the Test service, you must type the FIN Test and
Training BIC (BIC0) of that bank. The BIC0s are not listed in ... .
• The Distinguished Name is automatically filled when you select the International BIC
in the previous step. You can change the default Distinguished Name manually. This
field is optional.
However, if your bank is going to exchange Funds messages, then the bank must define
a Distinguished Name.
Note If you want to use a bank or institution for exchanging Funds messages and
this bank or institution was already defined in a version prior to R2.0, then
you must update the Bank's data to enter its Distinguished Name. The
Distinguished Name field has been introduced in R2.0.
Note For the Test and Training system, the GUI will automatically populate the
Distinguished Name based on the BIC. However, on Test and Training the
BIC ends with a 0. This means that the automatically generated
Distinguished Name will be: o=bic0,o=swift. which is not valid. Be aware
that when creating a bank for Test and Training, the user must update the
automatically generated Distinguished Names to set the BIC8 instead of
the BIC0.
• For Country, click ... to select the country two letter code.
18 November 2011 47
Alliance Lite 2.2
• In Bank Address, enter the necessary details using up to four lines (maximum of 255
characters)
4. Click Add to add this bank data to the database: a message tells you that the bank details
were entered successfully.
Alternatively click Reset to clear all entered details.
Note The second Alliance Lite administrator does not have to approve this data.
You can modify the original value of the International BIC, Country, Bank
Address, Bank Info, and Distinguished Name fields after initial entry.
48 Administration Guide
Adding and Maintaining Your Reference Data
• In Bank Code, click ... to select the code from the list of bank codes that your
organisation has added. (As added in "Adding a Bank/Institution" on page 46).
Tip Use the page arrows and, or the filter features on the listing to jump to
codes close to the ones that you want. For example, enter the first two
letters of a code and select "Starts with" in the Search field to display all
entries in the system containing those two letters.
• In Account Number, type the number. For example, the IBAN. This number must match
the one that your bank uses in its Cash Reporting messages.
• In Account Name/Owner, type a "friendly" name for how your organisation wants to
refer to this account.
However, this name is not used when sending the transaction.
• In Extended Account Name/Owner (350 char), type the extended name of this account
or owner information.
• In Account Type, select the account type from the drop-down list. The options available
are cash account and investment account.
• Against Currency Code, click ... to select the currency from the currency list or select
the Multi Currency check box.
If you select the currency from the currency list, then the currency must match the one
that your bank uses in its Cash Reporting messages.
• Against Country, click ... to select the country from country list.
4. Click Add to save this account data. A message tells you that the account details were
entered successfully.
Alternatively click Reset to clear all entered fields.
Note The second Alliance Lite administrator does not have to approve this data.
You can modify the original value of the Bank Code, and Account Number fields
after initial entry.
18 November 2011 49
Alliance Lite 2.2
Note Certain operations related to managing RMA relations require the signature or
approval of another administrator.
Customers can not exchange RMA authorisations in the Test and Training
environment of Alliance Lite. Customers can send Test and Training FIN messages
to the counterparty without the need for a prior RMA exchange.
2. Next to Correspondent BIC, click ... to display the selection list of BICs entered in your
system.
Tip: Use the page arrows and or the filter features on the BIC list to jump to codes close to
the ones that you want. For example, select the Starts With option and in the Search field,
enter the first two letters of a BIC and click Search to find all entries starting with those two
letters.
50 Administration Guide
Adding and Maintaining Your Reference Data
3. Select the appropriate BIC and click it once to make the selection list disappear and for the
BIC to appear in the Correspondent BIC field in the Add Contact window.
4. From the Add Contact window, click Add to save the new contact.
Alternatively click Reset to clear all entered fields.
A "Record saved successfully" message appears.
5. Click OK to clear the success message and to display the Add Contact window.
Note For more information, see "View Your List of RMA Relations" on page 56. Errors
during the processing of adding or deleting an RMA relation are logged on the
Alliance Lite server. When an error occurs, a message appears giving a reference
as to why the request failed. If you have to investigate the failure further, then
quote this reference to SWIFT who can then search for it in the log file.
18 November 2011 51
Alliance Lite 2.2
3. Click OK to clear the success message and to display the Add Financial Instrument
window.
3. Use the Page buttons or Filter criteria to jump to a particular bank/institution entry.
4. Click a particular bank/institution entry once to view its details in the Bank/Institution
details window.
Details for the selected bank/institution display in Read Only mode.
52 Administration Guide
Adding and Maintaining Your Reference Data
3. Use the Page buttons or Filter criteria to jump close to the bank entry that you want to
modify.
4. Click an entry once to display its details in the Bank/Institution details window.
Note The second administrator does not have to approve a modification of bank/
institution data.
3. Use the Page buttons or Filter criteria to jump close to the bank entry that you want to
delete.
4. Check the box against the particular bank/institution entry that you want to delete and click
Delete .
18 November 2011 53
Alliance Lite 2.2
2. Click Enter to view all account definitions in the system, or use the filter criteria to locate
account definitions.
4. Click a particular account definition once to view its details in Read Only mode in the
Account details window.
2. Click Enter to view all account definitions in the system, or use the filter criteria to locate
account definitions.
The account definitions list appears, displaying the account definitions for a particular bank.
4. Click a particular account definition once to view its details in Modify mode in the Account
details window.
5. Modify details as you require. For more information about the fields, see "Adding an
Account" on page 48.
• Update to save the modified account data to the database. A message indicates that the
record was successfully updated.
Note The second administrator does not have to approve a modification of account
definition information.
54 Administration Guide
Adding and Maintaining Your Reference Data
2. Click Enter to view all account definitions in the system, or use the filter criteria to locate
account definitions.
The account definitions list appears, displaying the account definitions for a particular bank.
4. Select the checkbox against the account definition that you want to delete and click Delete .
A message indicates that the record was successfully deleted.
2. Click Enter to view all deleted account definitions in the system, or use the filter criteria to
locate account definitions.
3. Select the checkbox against the account definition that you want to undelete (recover).
5. Click OK .
The account that you have just undeleted disappears from the deleted account definitions
list. This account now appears again in the list of the account definitions in the system.
You can verify the recovery of the account through the View option.
• Add a new RMA relation, see "Adding a Relationship Management Application (RMA)" on
page 50
• View the list of RMA relations that you have initiated and check what organisations have sent
requests to deal with your organisation
18 November 2011 55
Alliance Lite 2.2
Note The same BIC8 may be displayed several times because the BIC Directory List of
SWIFT contains for some BIC8s multiple bank names.
• a BIC with the SEND_TO status indicates your organisation received an Authorisation-
to-Send from this BIC8, so you can send transactions to that organisation
For more information, see "Adding a Relationship Management Application (RMA)" on
page 50.
2. Use the Page buttons to jump you close to a particular RMA relation that you want to
check.
2. Use the Page buttons to jump you close to a particular RMA relation that you want to
delete.
3. Check the box against any RMA relation entry or entries that you want to delete and click
Delete .
The RMA relation record disappears from the list of RMA relations.
56 Administration Guide
Adding and Maintaining Your Reference Data
2. Use the Page buttons to jump you close to a particular restriction that you want to modify.
3. Click a User Group restriction once to display the values entered during the "bootstrap
process" in the Set Restrictions window.
• Base Currency - click .... to display the list of currencies in the system, and click an
appropriate new currency code once for it to re-populate the field
• Time Zone - select the appropriate time zone your organisation operates within
• Instruction Daily Limit - enter the total amount a single user can approve in one day
• Instruction Individual Limit - enter the total amount that an individual user can approve
for a single transaction.
Note You must enter a value other than 0 (zero) for each of these limits. If you make
a mistake, then click Reset to start again.
6. A success message appears. It lists a success status for each of the limits that you
complete.
Note The second administrator does not have to approve modified restrictions.
18 November 2011 57
Alliance Lite 2.2
2. Use the Page buttons or Filter criteria to jump to a particular Financial Instrument entry.
2. Use the Page buttons or Filter criteria to jump to a particular Financial Instrument entry.
• Update - to save the modified data. A message tells you the record was successfully
updated.
2. Use the Page buttons to jump you close to a particular Financial Instrument that you want
to delete.
58 Administration Guide
Adding and Maintaining Your Reference Data
3. Check the box against any Financial Instrument entry or entries that you want to delete and
click Delete .
The Financial Instrument record disappears from the list.
18 November 2011 59
Alliance Lite 2.2
60 Administration Guide
Configuring the Alliance Lite Modules
Required number of approvals can be defined for different modules of Alliance Lite:
• Payments/Treasury
• Funds
• Securities
• Inbox/Outbox
The minimum required number of approvals for each message is one, which provides 4-eyes
control (one creator and one approver). Alliance Lite can be configured for up to six approvals
per message, which would be 14-eyes control (one creator and six approvers).
Alliance Lite administrators can configure the approval limits for the Alliance Lite modules. For
more information, see "Setting and Modifying Restrictions" on page 57
An approver can approve a message only once. After an approver has approved a message,
the message does not appear in the approver's list of messages that are awaiting approval. If
the message has not received the required number of approvals, then the message is flagged
as Incomplete Approval, and other approvers can view the message in their list of messages
awaiting approval. Other approvers can then approve the message. If the required number of
approvals are received, then the message is flagged as Approved, and is automatically sent.
An audit trail, listing all the approvers that have approved the message is maintained. For more
information on how to access the audit trail for each message, see the Alliance Lite User Guide.
18 November 2011 61
Alliance Lite 2.2
1. From the Admin tab, select Setup > Client Setup > Configure Modules > View.
The configuration parameters window appears. The configuration window shows the
configuration parameters for each of the message module. By default, the Payments/
Treasury module appears.
2. Click the message module tab to view the configuration parameters of that module.
The following table details the configuration parameters that can be viewed for each of the
message modules:
1. From the Admin tab, select Setup > Client Setup > Configure Modules> Modify.
The configuration parameters window appears. The configuration window shows the
configuration parameters for each of the message module. By default, the Payments/
Treasury module is displayed.
2. Click the message module tab to view the configuration parameters of that module.
62 Administration Guide
Configuring the Alliance Lite Modules
The following table details the configuration parameters that can be viewed for each of the
message modules:
18 November 2011 63
Alliance Lite 2.2
7 Reporting
Types of Admin reporting
As an administrator, the Admin tab allows you to access the following types of report:
• Roles reports to list role allocations against each or selected users in your system
• User Entitlements reports to list the functions assigned and against each or selected users
in your system
• Security Audit Trail reports to list Token Creation and Password allocation against each or
selected users in your system.
• Standard report. This option gives you a predefined report generated on an entire database
table.
• Filter report. This option gives you a tailored report for which you specify selected criteria on
a standard filter window, for example for a particular time period.
• Profile report. This option gives you a report based on criteria that you filter and then save so
you can use the criteria for another purpose.
Format options
In terms of the output format in which you want to generate your report, you have the following
options:
64 Administration Guide
Reporting
Icons
The following options are provided on the Reporting toolbar:
• Click the Show/Hide Group Tree icon to the left of the First page icon to display a hierarchy
in a new column of the data on which you are reporting. This allows you to drill down to see
only information that you want without having to flip through all the pages of the report.
– Click an item in that column, for example the date to jump to the first page in the report
that shows confirmations of that date
– Click an expanded item, to jump to the first page in the report that shows confirmations for
this item.
• Use the page navigation (Previous, and Next) icons to jump to a specific page, or to the
First or Last page of the report
• Alternatively type a page number and click the Go to Specific Page icon to go to a particular
page of the report
• Click the Refresh icon to update the information displayed in the report
• Click the Export Report icon to initiate the export functions on the Export Report window.
See "Export Report" on page 70 for more details.
• Type specific text in the free text field to find an occurrence in the report
• Roles
• User Entitlements
3. When the report displays in the standard reports window, navigate it using the page
navigation buttons, see "Reporting Toolbar" on page 65.
For example, to go to Page 8 of the report, type "8" and press ENTER.
18 November 2011 65
Alliance Lite 2.2
Note If you click Enter on a filter pop-up without specifying the changes that you want to
see displayed, then ALL data relevant to your report appears.
Click To
Profile import filter criteria from a previously created report. This allows you to create a Profile of
filtered information that you can re-use.
Save save the data contained in the filter window as a report profile. This allows you to save
filtered information as a new Profile.
66 Administration Guide
Reporting
Note If you click Enter without specifying any criteria, then a report is created
including all criteria.
3. (Optional) Click Save to save the filter criteria for future use (see "Creating and Copying a
Report Profile" on page 68).
4. Click Enter to create a report that uses your selected filter criteria.
• Click Save - if you want to save selections that you make on the filter window as criteria for a
new report profile
• Click Profile - if you want to re-use previously filtered information from an existing report
profile by importing that filter criteria.
Click To
18 November 2011 67
Alliance Lite 2.2
Click To
• Admin tab > Profiles > Add > Reports > "type" > "report"
• Payments tab > Profiles > Add > Reports > "type" > "report"
• Cash Reporting tab > Profiles > Add > Reports > "type" > "report"
2. Enter a Profile ID and a Description to name and fully identify your report profile.
3. Specify the criteria as wanted. For more information, see "Generating a Filtered Admin
Report" on page 66.
2. Click Copy to display a tabled list of report profiles for the report type selected.
3. Click the report profile whose filter criteria you want to copy.
The filter criteria for the report profile appears.
4. Re-specify and sort other criteria as wanted. For more information, see "Generating a
Filtered Admin Report" on page 66.
5. Enter a new Profile ID and a Description to name and fully identify the new report profile.
6. Click Add to save the report profile with the modified criteria.
A "Profile saved successfully" message appears.
68 Administration Guide
Reporting
2. Click Enter to display a tabled list of report profiles matching the entered criteria.
3. Click the report profile whose filter criteria you want to modify.
The filter criteria for the report profile appears.
4. Re-specify and sort criteria as wanted. For more information, see "Generating a Filtered
Admin Report" on page 66.
5. Click Update to save the report profile with the modified criteria.
A "Profile saved successfully" message appears.
18 November 2011 69
Alliance Lite 2.2
2. Click Enter to display a tabled list of report profiles matching the entered criteria.
3. Check the box against the report profile whose filter criteria you want to delete and click
Delete .
• Payments Reports:
70 Administration Guide
Reporting
Note The data displayed is not easily readable as it has been prepared for export to
a file.
3.
To export the report click the Export Report button in the toolbar.
Provide affirmative responses to the security pop-ups that appear, until the Export Reports
Format screen appears:
18 November 2011 71
Alliance Lite 2.2
Select the format "Microsoft Excel 97-2000 - Data Only (XLS)" and click OK . The Report
will be opened up in Excel as a spreadsheet with each element of the data represented by
a field in the spreadsheet.
4. You can now save the report from Excel as a CSV format file or any other format that you
require (for example XML).
Note Export from Microsoft Excel using only CSV(CRLF), or DOS(CRLF) format. Do not
use MAC (CR) format.
Note Ensure that the Internet Explorer Security setting is enabled to Allow Automated
Download of File... as described in the Alliance Lite AutoClient Installation and
User Guide "Security Considerations".
72 Administration Guide
Legal Notices
Legal Notices
Copyright
SWIFT © 2011. All rights reserved.
You may copy this publication within your organisation. Any such copy must include these legal notices.
Confidentiality
This publication may contain SWIFT or third-party confidential information. Do not disclose this publication
outside your organisation without the prior written consent of SWIFT.
Disclaimer
SWIFT supplies this publication for information purposes only. The information in this publication may
change from time to time. You must always refer to the latest available version on www.swift.com.
Translations
The English version of SWIFT documentation is the only official version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: SWIFT,
the SWIFT logo, the Standards Forum logo, 3SKey, Innotribe, Sibos, SWIFTNet, SWIFTReady, and Accord.
Other product, service, or company names in this publication are trade names, trademarks, or registered
trademarks of their respective owners.
18 November 2011 73