Users
- Miguel Correa Calvo
- Vincent Vila
- Sarah Hassan
- Victor Taïx
Overview
User access in the OneStock platform is managed across three platforms: Store App, Order Management Center (OMC aka backoffice), and API. Users can be granted access to one or more of these platforms.
Users can be managed from the Order Management Center or from the Store App:
From the Order Management Center you are able to create, edit and delete users across the whole of OneStock. You will be able to gran access to Store App, Order Management Center and API as well.
From the Store App, you can only manager Store App users with individual access to the store you are logged at.
Management from the Order Management Center
The “Users” page is only accessible to Client Admin, Client Headquarters and Client Retail Directors
Access is granted per site and application. Rights per application depend on the role that is assigned to the user. Details about rights are detailed per application:
If a Store App user does not have an email for login credentials, a new user account with an email login must be generated to provide access to the OMC.
Multiple Site access
A user can have access to multiple sites. To grant access to a new site, you need to be logged in with a user who already has access to one of the existing sites the user is authorized to access. Simply click on the "assign site" button and provide access to the new site.
Store App Access
Store app access details are provided in the following table.
Store App Roles
Green = Full access (write) Blue = limited access (read only) Red = No access
Rank | Store App role | API Key | Can access the store app | Can create & manage users in store |
0 | Vendor manager |
|
|
|
1 | Vendor |
|
|
|
Access to all stock locations or some
Access can be granted to all stock locations or to a specific list.
Order Management Center (OMC) Access
OMC access details are provided in the following table.
Order M#anagement Center Roles
Green = Full access (write) Blue = limited access (read only) Red = No access
Rank | Backoffice roles | API Key | Analytics | BI suite | Orders | Stock | Buffers | Items | Stock locations | Orchestration
| Workflows | Delivery
| Users | Configuration |
0 | Client Admin |
|
|
|
|
|
|
|
|
|
|
|
|
|
1 | Client Headquarters |
|
|
|
|
|
|
|
|
|
|
|
|
|
3 | Client Retail Director |
|
|
|
|
|
|
|
|
|
|
|
|
|
4 | Client Customer Services |
|
|
|
|
|
|
|
|
|
|
|
|
|
5 | Client Customer Services Configuration Manager |
|
|
|
|
|
|
|
|
|
|
|
|
|
6 | Client Configuration Manager |
|
|
|
|
|
|
|
|
|
|
|
|
|
7 | Client Viewer |
|
|
|
|
|
|
|
|
|
|
|
|
|
8 | Client Viewer Limited |
|
|
|
|
|
|
|
|
|
|
|
|
|
9 | Client Customer Service Analytics |
|
|
|
|
|
|
|
|
|
|
|
|
|
10 | Client Analytics Viewer |
|
|
|
|
|
|
|
|
|
|
|
|
|
Access to all sales channels or some
Access can be granted to all sales channels (default) or limited to a list of sales channels.
Impact of Sales Channel Limitations:
Orders Page: Only displays orders from accessible sales channels.
Analytics: Only displays data for accessible sales channels.
Stock Page: Only shows stock queries for accessible sales channels.
API Access
API Roles
Rank | Backoffice roles | API Key | All public routes in the API Portal |
0 | API User |
|
|
API access is divided into two common use cases:
External Systems: Interact with OneStock through API.
Recommendation: Create a user with basic authentication.
Human Users: Interact with OneStock through API.
Recommendation: Assign both Order Management Center access and API access. Authentication can be either basic or SSO.
Security
Users can be configured with:
Basic Authentication: User passwords stored in OneStock.
Backoffice will have to enter a second factor authetication that’s sent to their email.
Single Sign-On (SSO): A more secure option allowing authentication policies to be managed through an external dedicated Identity Provider. Learn more about SSO here.
Accessing API as an SSO User
If you are a user with both access to the Order Management Center and API, and you authetication is setup to SSO, you can easily communicate with OneStock through API thanks to a token. You will just have to pass the token in your API calls in the token field.
Generating a API token
Generate a token from your information page in the OMC.
The token is displayed only once; store it securely.
Ensure the user has both OMC access and API access for this feature to be accessible.
Disable users
Easily disable or enable a user’s access to OneStock as needed.
This feature is ideal when working with external integrators who require access only at specific times. You can disable their user account and re-enable it when they need access again.
Important: Disabling a user revokes all access to OneStock, including the OMC, SA, and API. The user will be logged out immediately upon disabling.
Multi Factor Authentication (MFA) for Backoffice users
To strengthen login security, Backoffice users logging in with basic authentication are required to complete a second-factor authentication, ensuring it’s truly the authorized user accessing the system. This second factor, a unique code sent to the user’s registered email, must be entered in the login prompt to proceed.
MFA can be deactivated on a per-user basis directly from the Backoffice. However, we recommend minimizing deactivations, as users are more vulnerable to unauthorized access without MFA protection.
For users on Single Sign-On (SSO), MFA prompts do not apply since login security is managed entirely by your Identity Provider (IdP). If you wish to enable MFA for SSO users, please contact your IdP directly.
Good to know
Email Requirement: A user must have an email as their login to be granted rights to access the OMC. If a Store App user lacks an email login, a new user must be created.
Multi-Site User Modification: In a multi-site scenario, if you want to modify the list of sales channels or stock locations for a user with access to multiple sites, you need to be logged into the specific site you want to modify. For example, to make changes for Site Fashion Market, you must be in Fashion Market in the OMC. You cannot make this modification from another site, even if you have access to both sites.