ScotiaConnect User Management: Role-Based Access Control for Canadian Commercial Clients
ScotiaConnect User Management puts the Super User at your organisation in full control of who can do what inside the portal — per account, per product, per dollar threshold. Five role templates, unlimited delegated users, dual-control approval and a seven-year audit trail aligned to OSFI record-keeping guidance.
This is how a $1.4 trillion Canadian Schedule I bank expects access control to behave. No shared passwords. No generic admin accounts. Every action traced to an authenticated human backed by a ScotiaConnect Token.
Open ScotiaConnect Security OverviewThe Super User Role
The cornerstone of ScotiaConnect access governance.
What a Super User Can Do
- Provision users — add, modify and revoke delegated users across any account in scope.
- Assign role templates — Initiator, Approver, Auditor, Admin, Read-Only, or a custom role.
- Configure dual-control — set per-product dollar thresholds above which a second approver is required.
- Manage tokens — provision, suspend, reset or replace mobile, hardware and SMS fallback tokens.
- Review audit logs — query the seven-year log of every action taken in the portal.
Your Super User is designated during onboarding, named on the ScotiaConnect client agreement and verified by your Scotiabank Relationship Manager. Scotiabank recommends a minimum of two Super Users for business continuity — if the primary is unavailable, the secondary can still unlock a token or provision a new user. A Super User change requires a signed form countersigned by a Company Officer.
Day-to-day, the Super User operates from a dedicated User Management dashboard showing all active users, pending invitations, expired tokens and recent permission changes. Bulk actions support organisations with 50+ delegated users: import a CSV to provision a new cost centre's entire team, or suspend all access for a specific role during an audit freeze.
Role Templates and Permission Matrix
Five templates cover the segregation-of-duties patterns required by internal audit.
| Role | Initiate | Approve | Release | Reports |
|---|---|---|---|---|
| Super User (Admin) | Yes | Yes | Yes | Full access |
| Initiator | Yes | No | No | Own transactions only |
| Approver | No | Yes | Yes | Approved transactions |
| Auditor | No | No | No | Full read + audit log |
| Read-Only | No | No | No | Balance and activity |
The templates are starting points. Per-account scoping lets the Super User allow a user to initiate EFT on the operating account while only viewing the trust account. Per-product scoping restricts a user to wires under CAD $100K, with anything larger routed to a senior approver. Custom permissions combine any subset of the 47 granular capabilities defined in the access model.
Dual-Control Thresholds
The initiator cannot be the approver. Period.
Dual control enforces that transactions above a configurable dollar threshold require a second authorised user to approve before release. Separate thresholds apply per product: wires, EFT batches, bill payments, internal transfers, FX conversions. The initiator is blocked from being the approver, and the approver sees the full transaction detail with a one-click divergence flag if anything looks unusual.
Scotiabank recommends dual-control on every payment over CAD $25,000, and triple-control on payments over CAD $1,000,000 (initiator plus two approvers). Many clients configure an additional release step — a Treasurer or CFO signs off on the approved batch before the funds actually move. This staging prevents the common fraud pattern where a compromised approver releases to a fraudulent beneficiary.
Audit Log and Seven-Year Retention
Every action in ScotiaConnect is logged: login, logout, password change, token reset, permission change, transaction initiation, approval, release, rejection, report run, export, download. Each entry captures the user, timestamp, IP address, device fingerprint, session ID, action, target entity, before/after values and outcome. The log is immutable — no user, not even the Super User, can alter a historical entry.
Retention is seven years in alignment with OSFI record-keeping guidance and the FINTRAC requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. Log queries are scoped to an authenticated Auditor or Super User and exported as CSV or signed PDF for external audit evidence.
Token Provisioning and Management
Every ScotiaConnect user receives a second-factor token provisioned by the Super User. Three forms are supported: the ScotiaConnect Token mobile app on iOS 16+ and Android 12+ (preferred), a hardware OTP fob for environments that prohibit personal devices, and SMS fallback for emergency access. The Super User manages the full lifecycle — issue, suspend, reset, replace — from the User Management console.
Tokens enforce time-based one-time passwords on every login and on every payment release. A locked-out user can be unlocked by the Super User in under 60 seconds; compare that with the traditional process at a non-ScotiaConnect institution which typically requires a branch visit and signature verification.