Sertifi by Flywire — Agent Reference Guide

Internal Use Only CS Operations April 2026

1. Quick Reference — Roles & Limits
2. Brand-Specific Requirements
3. Internal SOPs by Category
4. How-To Procedures (Macros)
5. Help Center Article Index

1. Quick Reference

User Roles (lowest → highest permission)

RoleCan Do
--------------
UserSign documents only
AdminSend and view own documents
Power AdminView all docs and reports
Super AdminFull access, manages all users
AuditorRead-only, cannot send or edit

Credit card access is separate — requires Security Group membership granted by Super Admin.

Super Admin Limits by Brand

BrandMax Super AdminsSSONotes
------------------------------------
Marriott5 (standard 3)YesVia MGS link. Transitions team pre-approved.
Hilton Franchise3YesCorporate Americas = GAM Request required.
Hilton HAFS0 SA / 14 AdminsYesNo property-level Super Admins.
Hyatt3Yes3 portals per property: Spirit / Sign / HR.
HEI HotelsN/AVariesRoute ALL tickets to support@heihotels.com.

2. Brand-Specific Requirements

Marriott SOPs

Support Specialist Basics > Access Requests: Portal Admin or Security Group > Request from a User, Admin, or Power Admin

Locate the most recently active Super Admin. If none active within the last 60 days, also check the Salesforce account for active contacts.

Hilton WW, Marriott (if no Super Admins), and Kimpton requests have their own processes. See the relevant brand SOP.

Once the Super Admin is looped in, provide directions for adding the user. Example: 'Dear Super Admin, [Name of Admin] has requested portal access. For security, please add them by going to Administration → Create New Admin.'

If the Super Admin replies with an error, you may complete the action on their behalf.

Support Specialist Basics > Access Requests: Portal Admin or Security Group > Request from the Super Admin

They already have access to complete the request. Provide directions for adding the employee to Security Groups or to the portal.

For Marriott or Hyatt additions, check the new person's EID/Global ID to make sure it is not connected to an old email.

Verify the Super Admin's profile is active.

Support Specialist Basics > Adding a New Admin > Adding a New Admin
As a general rule, we ask Super Admins to add new users for portal security. However, Marriott and a few other brands require Support to add Super Admins directly.

NOTE: If this request is not coming from a ServiceNow ticket through Marriott, an approved contact, or a Super Admin, review the Access Requests SOP first.

Navigate to Administration → Create Admins.

Enter the email and select Search.

For Marriott, Hyatt, or other SSO logins, an EID field will populate. Enter the EID provided by the client.

You may also add the user to a Security Group, but as a general rule (unless specified in the ServiceNow ticket) let Super Admins handle that.

Select "Create account for user." The user will receive an activation email.

If you get an error that the person is already an Admi

Support Specialist Basics > Profile Statuses: Active, Pending, Disabled, 0 > Pending
The person never activated their profile. No password has been assigned. Pending is most common for SSO users (Marriott, Hyatt, Loews, Hilton, Sonesta) or API senders who do not need to log in to Sertifi directly. Do not direct a Pending user to reset their password without first manually activating them.

Brand Portal Access & Administrative Requests > Initial Verification (Pre-Check) > Initial Verification (Pre-Check)
Before granting or modifying access for any brand, complete all of the following steps in Salesforce:

Account Status: Search for an active account. If the property is not found by name, search using the billing address, phone number, or MARSHA/Hotel Code.

Feature Verification: If specific permissions are requested, check Active Packages to confirm the property has purchased those features (e.g., eSign vs. ePay).

Parent Account: Always check the Parent Account field to determine whether a property is Corporate/Managed or Franchise.

Brand Portal Access & Administrative Requests > Brand-Specific Requirements > Marriott
SSO Requirement: All users must log in via Marriott EID at www.sertifi.com/MarriottInternational_SSO.

Super Admin limits: Up to 5 Super Admins (standard is 3). Requests via the MGS Super Admin Request link.

Openings & Transitions Team — pre-authorized contacts (no additional approval needed):

Chrissy Cheng (Christina.Cheng@marriott.com) — Senior Manager, Transitions - Project Management

Leslie Reichert (Leslie.Reichert@marriott.com) — Manager, Transitions - Project Management

Peter Mazza (peter.mazza@marriott.com) — Manager, Transitions - Project Management

Transitions tickets arrive from transitions@marriott.com and are pre-approved. Process Super Admin updates directly. Subject line format: Hotel Transitions Support Request - [Property Name] ([MARSHA])

Support Marriott > MGS Requests — New Portal Entry > MGS Requests — New Portal Entry
When an MGS request comes in to add a Super Admin and the MARSHA is not yet associated with a Sertifi portal:

Check the Marriott Report — Portal List tab for the MARSHA code. If the portal exists, add the Super Admin per standard Marriott SOPs.

Check the New Property tab. If the portal exists there, add the Super Admin per standard Marriott SOPs.

If the portal does not appear on either tab, check Salesforce Records for the MARSHA code as a last resort.

If no portal exists, complete a full row in the New Property tab. Required fields:

Marsha code (col A) | Date Added (col B)

Total Rooms (col C) — from Property Management Group sheet, col G

PMG (col D) — from PMG sheet, col W (Current Manager: Account Name)

Property Name (col E) | Marriott URL (col H) — www.marriott.com

Support Marriott > MGS Requests — New Portal Entry > Non-Entry Items — Route to Sales
These location types are NOT covered by Marriott Corporate and must go to Sales:

Vistana Four Points FLEXStudioResMGM Ritz-Carlton Yacht Collection

Marriott Residences — must purchase eAuth, eSign, and/or ePay separately

MVW (Marriott Vacations Worldwide) — separate rules apply

Support Marriott > MGS Requests — New Portal Entry > Dual-Branded Locations
Some locations have two brands at the same address with two MARSHA codes. You may add two MARSHA codes on the same row in the New Property tab. Confirm with the requestor if you think you are seeing a dual-branded location.

Support Marriott > Handling Bonvoy Account Lockouts > Handling Bonvoy Account Lockouts
⚠ Sertifi Support must NEVER copy or loop in Marriott internal support, Marriott CEC, or Marriott Super Admins into a Zendesk ticket. Internal Marriott contacts must not be exposed or added.

This SOP applies when the requester mentions: locked out of Bonvoy, cannot access Bonvoy account, needs a link to verify identity for Bonvoy, or references Bonvoy credentials or loyalty login issues. If no active Sertifi file is involved, this is not a Sertifi issue.

What Support CAN do: explain our role, provide the Marriott Bonvoy support contact, reassure the requester, and close the ticket once routed.

What Support CANNOT do: unlock Bonvoy accounts, verify Bonvoy identities, send login links, act on behalf of Marriott Corporate, or CC Marriott internal teams.

Approved response:

Hello {

Support Marriott > Marriott Login Errors > Marriott Login Errors
Covers the error: "An error has occurred attempting to login externally."

Profile deactivated due to inactivity: search email in Master Tools. If deactivated, a Reactivate button appears — reactivate and alert the Admin.

Admin logging in with an EID not associated with their account: ask for the EID they are using. If not in our system, the Admin sees the same error as a deactivated account. Update the profile for Super Admins, or loop in their Super Admins for approval if not a Super Admin.

EID not in our system at all: search returns no results. If the requester is a Super Admin, update the EID directly. Otherwise, loop in their Super Admins for approval.

Support Marriott > Marriott Service Now — No Portal > Marriott Service Now — No Portal
Verify across four locations before creating the portal:

Salesforce: search the MARSHA. Nothing populates.

Property Lookup (Admin Tools): search MARSHA. No portal populates.

Marriott Report — New Property tab: Ctrl+F the MARSHA. No result.

Marriott Report — Portal List tab: Ctrl+F the MARSHA. No result.

NOTE: If a portal already appears in the Marriott reports, add the client to the existing portal.

To fill in the New Property row: add MARSHA code, date, PMG, location name, and Total Rooms from the Property Management Group sheet; then add Marriott URL, address, phone, and Super Admin details from the Service Now ticket.

Client response template:

Hello, It looks like this is a newer hotel that doesn't yet have a Sertifi portal. Once the portal is built, typically with

Support Marriott > Marriott ServiceNow — Setting Up E-Confirmations > Sertifi Portal Side

Navigate to Home → Administration → Account Settings.

Search for "Enable eConfirmations Integration," confirm it is checked, and click Save.

Navigate to Account Settings → Integrations → eConfirmations. Enable if not already on.

Locate the Property ID and add it to the macro.

Add the new Super Admin to the email notification list and click Save.

Support Marriott > Marriott ServiceNow — Setting Up E-Confirmations > Salesforce Side

Search for the relevant portal in Salesforce.

In the Sertifi Portals section, use the dropdown arrow next to the portal name and select Edit.

Ensure "Travel Authorizations Enabled" is checked. Correct the billing address if an error appears.

Fill in the CRM system information (select "Unknown" if needed) and click Save.

Close the Service Now support ticket once all steps are complete.

Support SOP: Chargebacks > Non-Stripe Chargebacks > Non-Stripe Chargebacks
Submit a CS case in Sertifi Salesforce using the correct case type.

Non-Marriott: Use macro Payment::Fraud::Chargeback – NOT MARRIOTT

Marriott: Use macro Payment::Fraud::Chargeback – Marriott

⚠ Always select the Chargebacks case type under the Salesforce account when submitting. This ensures automatic routing to the correct team.

Payment-Specific Support SOPs > CVV > CVV
CVV (Card Verification Value) helps verify the person making the payment physically has the card. We do not store CVV — PCI compliance rules prohibit it after the transaction is processed.

CVV Responsibility (Non-Marriott): In most cases, the PMS or POS provider controls whether CVV is required, not the payment gateway. Submit or request removal of the requirement through the appropriate system.

For Marriott Properties: The property must submit a ServiceNow ticket through Marriott's internal support portal to request removal of the CVV requirement for the relevant transaction type.

CVV failures occur when CVV is missing/incorrect, merchant configuration does not allow CVV bypass for tokenized/recurring transactions, or issuer rules block transactions without CVV. Declines are usually is

Support Search Tools > Property Search for Existing Site Name or API Code > Property Search for Existing Site Name or API Code
Search using the API code or any part of the portal URL name. Results show Site Name, URL, and Enabled/Disabled status. Particularly useful for Marriott when the Salesforce account is not yet completed.

Support SOP: ServiceNow Super Admin Requests (Marriott) > Support SOP: ServiceNow Super Admin Requests (Marriott)
Links referenced in this process: Team Intake Link Marriott Report New PropertyNew Property Sales ReportProperty Report Residential Property Location (Residences by Marriott International).

Support SOP: ServiceNow Super Admin Requests (Marriott) > Step 1: Initial Request Intake > Step 1: Initial Request Intake
Review the request for all required fields. Confirm the requester included: email address, MARSHA code, and any other MARSHA codes mentioned.

If anything is missing: search ServiceNow for the requester's name and pull missing details from their profile or previous tickets.

Support SOP: ServiceNow Super Admin Requests (Marriott) > Step 2: Ticket Consolidation > Step 2: Ticket Consolidation
Search for other open or pending tickets from the same requester. If duplicates or related requests exist, merge them into the current request and close or update older tickets to prevent multiple active cases.

Support SOP: ServiceNow Super Admin Requests (Marriott) > Step 3: Marriott Domain Verification (Critical Step) > Step 3: Marriott Domain Verification (Critical Step)
Confirm the request includes a live Marriott domain website. Must be an active sub-domain for the property (check www.Marriott.com/MARSHA).

⚠ If the domain is not live, stop processing. Notify the requester that other teams will not proceed without a live domain.

Support SOP: ServiceNow Super Admin Requests (Marriott) > Step 4: Property Information Validation > Step 4: Property Information Validation
Collect and verify:

Total room count — ensure it is provided and accurate.

Property Management Group — confirm the management company name is included.

Property Type — determine whether it is a standard Marriott property or an apartment-style/residential property.

⚠ Residences are NOT covered under the Marriott MSA. They need to purchase eAuth, eSign, and/or ePay separately. A sales lead must be created. Check Salesforce for an existing prospect record — if one exists, route to the account owner. If none exists, assign to Michelle Young.

Support SOP: ServiceNow Super Admin Requests (Marriott) > Step 5: Submit to Downstream Teams > Step 5: Submit to Downstream Teams
Once all required data is validated:

Input property data into the designated form for the next team (Marriott Report New Property).

Complete the new property sales report for data entry.

If applicable (residential property), submit the lead via email using the residential property location link.

Example email for residential properties:

Contact: Salesforce account owner (or if no Salesforce record, send to Michele Young). Subject: (Location name) Looking Into e-Authorize. Body: This location is requesting e-Authorization access. They reached out through Zendesk and this property is not covered under the Marriott brand. Requester: [Name] | [email address]

Support SOP: ServiceNow Super Admin Requests (Marriott) > Final Review Before Pending the Ticket > Final Review Before Pending the Ticket

Confirm all required fields are present.

New Property: Add properties to the sheet with Super Admin Email/EID.

Confirm the domain is live.

Ensure no duplicate tickets remain open.

Verify correct routing (standard vs. residential).

Ensure all forms and reports have been submitted.

Island Browser HAR Files > Island Browser HAR Files
Anyone needing to capture Marriott HAR files in an Island browser situation will need to get the local property to have this level of access. To get access for the escalation, reach out to:

john.larsen@marriott.com

enterprisebrowserteam@marriott.com

Request access to get HAR files so the issue can be escalated.

External Contact Lists > Marriott O&T Transitions > Marriott O&T Transitions
The following are likely not listed as Super Admins but may contact us with requests. Address their issues to the best of your ability:

Peter Mazza — peter.mazza@marriott.com

Deena (uses the O&T email for submission)

Leslie (uses the O&T email for submission)

Additionally, report requests may come from:

Christina Cheng — christina.cheng@marriott.com

NOTE: A Support SOP on Christina's tickets is coming soon.

Hilton SOPs

Brand Portal Access & Administrative Requests > Brand-Specific Requirements > Hilton
SSO Requirement: All users must log in via SSO using their Hilton User ID at www.sertifi.com/Hilton.

Super Admin limits:

Maximum of 3 Super Admins per property (Franchise).

Franchise Properties: Property-level Super Admins are permitted.

Corporate (Hilton Worldwide — North America, South America, Bora Bora, Tahiti): Property-level Super Admins are NOT permitted. A GAM Request is required.

International Corporate (outside the Americas, Bora Bora, and Tahiti): Property-level Super Admins are permitted.

HAFS Properties: No property-level Super Admins, but up to 14 Admins. See the Hilton HAFS Setup guide.

Hilton Support Troubleshooting > Hilton Support Troubleshooting
⚠ Hilton will not grant Sertifi access to their orgs for troubleshooting unless they specifically authorize it. If access IS granted to an HM or HF org, we are NOT to make any changes without their permission — access is for investigative purposes only.

Hilton Support Troubleshooting > HM and HF Org Issues > HM and HF Org Issues
Never make changes within an HM or HF org. Identify the issue, document the steps needed, and provide them to delphifdcadmin@hilton.com. They are responsible for making any required adjustments.

Steps to provide to delphifdcadmin (do not action yourself):

Target the correct location that submitted the request.

Check for any recent changes to the property name or identifier since the issue began.

If changes are found, update custom settings so the property identifier matches the PMS code exactly.

After Hilton makes the adjustments: click into a booking for the affected location, then click on e-sign to confirm resolution.

Hilton Support Troubleshooting > Hilton Volume Contracts HM/HF > Hilton Volume Contracts HM/HF
Error: "Sertifi integration is either misconfigured or your account is not enabled" for volume contracts.

Add the property to the Hilton Properties — Ready for Sertifi Setup spreadsheet with the note: "the prop is already connected in FDC — volume contracts need to be connected."

Antoinette reviews this list every Monday with Hilton. Claudia's team sets up the custom settings by end of that week.

Inform the customer that you are reaching out to Hilton Corporate to resolve this.

Hilton Support Troubleshooting > Hilton/Aimbridge > Hilton/Aimbridge
Org access for all Aimbridge accounts must be requested via Paige. If a Hilton property has Alia Swaid or Jenn Clark listed as the corporate admin, do not contact them directly. Send an email request with the Zendesk communication, SF link, Portal link, and customer contact to Paige via Outlook, CC your manager.

Salesforce Support Tickets (Start Here) > Pre-Ticket: Hilton Consideration (as of October 15, 2025) > Pre-Ticket: Hilton Consideration (as of October 15, 2025)
For HF or HM Orgs: loop in delphifdcadmin@hilton.com only and let them handle it. Do not ask for access. If you know the fix, advise when looping in. NF Hilton: you may ask for access and attempt to assist, but they may want to handle in-house.

Salesforce Support Tickets (Start Here) > Delphi Volume Contracts > Delphi Volume Contracts
Error: "Sertifi integration is either misconfigured or your account is not enabled" for volume contracts.

Obtain Org ID/Access (unless Hilton — see Hilton SOP).

Create an Implementation Case to Enable Delphi Volume Contracts.

Let the customer know you have redirected to internal teams who will be assisting.

Support SOP: Hilton Salesforce Permissions > Support SOP: Hilton Salesforce Permissions
Ticket example: "When trying to send contracts through Sertifi E-Sign we keep getting an error message saying we do not have permissions. Can you please help?"

Support SOP: Hilton Salesforce Permissions > Recommended Macro > Recommended Macro
Use macro: Support Internal::Redirect for Hilton SF Permissions.

Support SOP: Hilton Salesforce Permissions > Steps > Steps

If possible, proactively look up both the location and the client involved.

If they have Real Time Updates enabled, use the Org ID to search via the Subscribers tab in Salesforce to bring up their organization and verify the current package version they are running.

Check Packages & Licensing. Depending on the version of SEM (Sales and Events Management), issues can occur if they recently updated the Sertifi E-Sign for Salesforce package.

This error is often related to a package version mismatch. Ensure the client is on the current supported package version before escalating further.

External Contact Lists > Hilton IT Crew / GAM Team > Hilton IT Crew / GAM Team
Address these email requests to the best of your ability:

anu.yechuri@hilton.com

Himani.Himani.contractor@hilton.com

jeenu.george@accenture.com

naval.agarwal@accenture.com

Rafia.usman@accenture.com

Ruchika.Pandey.contractor@hilton.com

serin.paul@accenture.com

shashwat.dongre@accenture.com

tanuj.f.kumar@accenture.com

Hyatt SOPs

Support Specialist Basics > EID Swap/Change > EID Swap/Change
There are four scenarios for EID/Global ID issues:

New EID + new email: Add them fresh. Use Macro: Not Super → Add New Employee.

Old EID + new email (most common): Look up the EID and edit the Admin account. Change the Role Type and append "_OLD" to the EID to free it up, then re-add the Admin with the updated email and original EID.

New EID + old email: Simply edit the EID field on the existing profile.

Old EID + old email: Search both the old EID and old email. Mark profiles as "_OLD" where needed, then have the Super Admins add the new profile.

Required information to begin support:

The correct email address connected to the current EID

The current EID

Support Hyatt > Hyatt New Users SOP > Hyatt New Users SOP
Only the following Hyatt contacts are approved requesters:

maurice.williams1@hyatt.com cody.stanley@hyatt.com Lucas.baykal@hyatt.com

Items to look for in the email: new user email, Enterprise ID, email of a person to mirror accounts from, Access Level, and Security Group(s).

Go to apps.sertifi.net/tools and select the first option.

Click "Direct Link" to download the user spreadsheet.

For a "Mirror" request: look up the profile of the mirror account. Copy all portals that are not "User" or "Disabled" into the downloaded spreadsheet. Delete all other information. Update the Email, Role, and EID based on the request.

Upload the newly saved Excel sheet via Master Tools.

Select "Create User Accounts only" to avoid overwhelming the new Admin with activation emails.

*NOTE

Support Hyatt > Hyatt Franchise IP Restriction Rollout (2026) > Hyatt Franchise IP Restriction Rollout (2026)
Brandon Naylor (brandon.naylor@hyatt.com) leads this rollout from Hyatt's side. Support does not enable IP restrictions.

Ticket handling: Confirm Hyatt Franchise. Check date against the schedule. Identify IP restriction symptoms. Inform the client that Hyatt is actively enabling IP restrictions for their wave. Loop in Brandon Naylor and Audrey Marquez Lisil (audrey.marquezlisil@hyatt.com) when needed.

⚠ Do not attempt to bypass or disable IP restrictions.

Rollout schedule:

Feb 17: Early Adopters

Mar 3 (Wave 1): A–C companies (Aimbridge ~55, Avasa ~18, Concord ~13, Crescent ~11)

Mar 17 (Wave 2): D–G companies (Davidson ~6, Driftwood ~4)

Mar 24 (Wave 3): H–L companies (HEI ~7, HHM ~6, Highgate ~11, Intermountain ~7, Kolter ~9, LBA ~6, LodgeWorks ~7)

Apr 14 (Wave 4): M–O

Support Hyatt > Hyatt Embedded Forms IP > Hyatt Embedded Forms IP
IP address for Hyatt Embedded Form (GuidedAPI): 18.224.154.167. This IP should be added to every Hyatt portal.

CS1: Payments Basics > Payment Rules > Payment Rules
In the Gateways & Rules section, Super Admins can configure rules by payment type, event dates, amounts, and more. Some brands have required rules (e.g., Hyatt: all ACH within 5 days of event date). If a rule is blocking the gateway, explain what it does and adjust accordingly unless it is a branded portal with a specific procedure.

Common Gateway Errors > Gateway Contact Reference > Gateway Contact Reference
GatewaySupport Contact
------
Elavonsccs@elavon.com │ Elavon website
Shift4No active support email currently. Phone or chat using the Merchant ID.
MerchantLinkBeing phased out. Direct most clients to Payments team for a new MID.
Stripesupport@stripe.com
FreedomPaytechsupport@freedompay.com
CardConnectContact Support page on CardConnect website
3Csupport@3csoftware.com
Check Commercerequests@checkcommerce.com
US Bank (ACH)Hyatt portals only. Updates directed to Cindy Alexander at Hyatt.
BraintreeClients open their own ticket and loop in the Support member.

Sertifi Support SOP: Handling Hyatt Tickets Requesting Envision Access > Step 2: Verify Their Sertifi Portal Type > Step 2: Verify Their Sertifi Portal Type
Check whether the property already has:

eSignature only, or

eSignature + Payments

Either portal type is acceptable. A property may have both eSignature and eAuth, but the email to Hyatt only needs to mention eSignature, because Envision integration is based on eSign.

Sertifi Support SOP: Handling Hyatt Tickets Requesting Envision Access > Step 3: Check Whether the Location Has Envision > Step 3: Check Whether the Location Has Envision

Open the property's Sertifi Portals Webpush list.

Select the eSignature portal.

Look for the email and password info under ENABLING ENVISION INTEGRATION.

This confirms whether Envision exists for the hotel.

Sertifi Support SOP: Handling Hyatt Tickets Requesting Envision Access > Step 5: Verification of Completion > Step 5: Verification of Completion
Once the process is completed, the Hyatt team will follow up. Double-check the portal once they reply with confirmation. In some cases they may also send training materials, which can then be provided to the ticket requester at the location.

External Contact Lists > Hyatt Do Not Email & Reachout List > Hyatt Do Not Email & Reachout List
The following three individuals may contact us for requests. Address their issues to the best of your ability:

Cody Stanley

Lucas Baykal

Maurice Williams

The following are Corporate Super Admins and should NOT be contacted for standard Super Admin tasks:

accountsreceivableslcpc@hyatt.com anna.miller@hyatt.com amy.loden@hyatt.com

amy.yoo@hyatt.com andrija.kaludjerovic@hyatt.com asher.choo@hyatt.com

Audrey.Franklin@hyatt.com audrey.marquezlisil@hyatt.com audrey.young@hyatt.com

Brandon.Naylor@hyatt.com brittany.mcteague@hyatt.com caroline.steele@hyatt.com

cassie.flack@hyatt.com cherie.davis@hyatt.com chris.ortiz@hyatt.com

clint.morrow@hyatt.com cody.stanley@hyatt.com david.jeffery@hyatt.com

dixon.chan@hyatt.com erin.tytell@hyatt.com j

3. Internal SOPs by Category

PIR & System Outages

Zendesk Admin Setup > How to Change Messaging for PIRs or System-Down Events > How to Change Messaging for PIRs or System-Down Events
Use this process when a major system event requires changing the auto-reply sent to all new Zendesk tickets.

Open Zendesk in your browser.

Click the Admin icon (gear/wheel) on the left-hand side.

Select Go to Admin Center.

In Admin Center, click Objects and Rules to expand the options.

Under Objects and Rules, click Triggers, then select System Triggers.

Locate the trigger named "Notify requester and ccs of received request" and click to open it.

Scroll down to the Email Body section and update the text as required.

Default messaging template:

Hello {{ticket.requester.name}},

Thank you for contacting Sertifi Support!

For real-time updates on system status, please check our Status Page: status.sertifi.com

We appreciate your patience and understanding. Our team

CS Operations Issue Tracking & DSD Process > CS Operations Issue Tracking & DSD Process
We no longer receive automatic PIR numbers. CS Operations is responsible for identifying patterns, logging DSDs, and tracking client impact. If we see it happening more than once, we log it.

This applies to:

Bugs

Downtime or latency

Missing emails (e.g., PIN failures)

Gateway refresh patterns

Integration errors

Repeated system behavior

Support FIRE + DSD SOP > FIRE Process — Required Steps > Step 3: Mass Update + Tag Tickets (All Hands)
Once the DSD is created, everyone stops normal work and:

Scans tickets by hovering over subjects.

Identifies matching tickets and selects all related ones.

In Zendesk (bulk edit):

Click Edit at the bottom of the screen.

Do not change anything except: DSD Jira field → add the DSD number.

Apply the correct macro:

Known Issue (no status page yet)

Known Issue + Status Page (if live)

This will: send client communication, assign the ticket (Tim via macro/tag), and place the ticket on On Hold.

Zendesk Ticket Completion + DSD Escalation SOP > Part 1: Required Zendesk Fields Before Pending a Ticket > Salesforce Account ID
Must link to the correct account. Lookup order:

If ID already exists, copy into Salesforce search.

Search using portal URL (format: www.portalname.com only).

Search by property code (MARSHA / SPIRIT / INN). Verify brand to avoid duplicates.

Search by hotel name.

If not found, enter: na

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Step 4: Urgency Level
LevelMeaning
------
1Cosmetic or minor issue; workaround exists.
2Minor functionality unavailable; low-impact workaround available.
3Major functionality unavailable; workaround exists.
4Major functionality unavailable; no workaround.
5PIR level: data loss, corruption, or critical outage.

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Step 7: Link Back to Zendesk

Confirm DSD ticket number populated.

Set Zendesk Case Link = DSD.

If classification changes later (ESIG / PAY / OTG), update Case Link to DEV. If PIR, update to PIR.

Zendesk Support Role Responsibilities > Ticket Intake > Ticket Intake
Agents are responsible for actively monitoring their assigned Zendesk views and queues during scheduled shifts.

Responsibilities include:

Review newly assigned tickets for urgency and client impact.

Identify the product area involved (Payments, eForms, Integrations, Portal access, etc.).

Apply correct tags, forms, and fields required for reporting.

Verify ticket type (support request, bug, or system issue).

Prioritize tickets based on:

Client impact

System outages or payment failures

High-volume client accounts

SLA response expectations

Zendesk Support Role Responsibilities > Internal Collaboration and Escalations > Internal Collaboration and Escalations
Escalate to Product or Engineering when:

A confirmed system bug is identified.

Platform functionality is not behaving as designed.

A system outage or platform error occurs.

A technical limitation prevents resolution.

Required escalation details:

Steps to reproduce the issue

Client impact and urgency

Screenshots, logs, or error messages

Account identifiers or transaction examples

Bugs and platform issues should be documented in Jira through a DSD ticket when applicable.

Brand Portal Access & Administrative Requests > Brand-Specific Requirements > Hyatt
SSO Requirement: Users must log in using their Hyatt Global ID (GID) via the "Log in with Enterprise ID" button.

Portal structure: eAuth portal ends in HYATT-SPIRIT (Hotel Code) eSign/ePay portal is the Hotel Name HR portal ends in [Hotel Name] HR.

Admin Reciprocity: Loop in active Super Admins or Power Admins from other Hyatt portals at the same property (matched by billing address) when access tickets come in.

Non-Corporate Approval: Verify the requestor belongs to the property by confirming with an existing Super Admin or Power Admin.

Brand Portal Access & Administrative Requests > Admin Limits by Brand — Quick Reference > Admin Limits by Brand — Quick Reference
BrandMax Super AdminsSSO RequiredSpecial Notes
------------
Marriott5YesRequests via MGS link. Transitions team tickets are pre-approved.
Hilton (Franchise)3YesCorporate/Americas properties require GAM request.
Hilton HAFS14 (no property SA)YesNo property-level Super Admins. See HAFS Setup guide.
Hyatt3YesSplit portals (Spirit / Sign / HR). Loop in admins across portals.
HEI HotelsN/A — route to HEIVariesAll requests go to support@heihotels.com. Do not process internally.
Other Brands3VariesVerify all details in Salesforce before proceeding.

Support Hyatt > Hyatt & Envision DAP > Hyatt & Envision DAP
Envision DAP is a PMS-style integration used with Hyatt Sales portals only. Sales portals use the full hotel name in the URL (e.g., www.sertifi.com/alilamareabeachresort). eAuth portals use the Spirit code. To confirm a portal is the Sales portal, pull the End of Day Pay Report — only the Sales portal shows dollar amounts.

Key facts: Next Gen only. Users must be Power Admins. Most Envision users never log in to Sertifi directly.

Before reviewing errors, confirm: Is the email present in Master Tools? Is the profile Active/Pending and Power Admin or higher? Is the profile connected to the Sales portal?

Common error: "{email} is not allowed to make changes to this folder" — user is in the portal but is only an Admin, not a Power Admin. Advise the Super Admin to update their access.

Salesforce Support Tickets (Start Here) > Salesforce Expired License > Salesforce Expired License

Confirm the client has a paid contract. Get the Org ID.

In Salesforce, change the view type to Licenses, then set the menu to "All."

Search the Org ID. Locate any licenses showing "Expired."

NOTE: Hospitality clients will have 2 licenses. Update both if both are expired.

Click the hyperlinked License Number → Modify License → set to "Does not Expire" and "Active" → Save.

Test an eSign button in a booking or ask the client to test.

SAML / Okta / SSO Certificate Updates > Updating the Security Certificate in Okta > Updating the Security Certificate in Okta

Navigate to Security → Identity Providers. Search for the specific partner.

Click Actions → Configure Identity Provider.

Go to SAML Protocol Settings to confirm expiry.

Scroll up, click Edit, and update the certificate under "IdP Signature Certificate."

Locate the correct certificate file from the folder the client sent (current one, not last year's).

Update the Identity Provider and complete 2FA after the update.

Verify certificate status. Have the location update on their end. Confirm everything is working.

PART C: PAYMENT SUPPORT

Common Gateway Errors > Common Gateway Errors
Error / IssueGatewayKnown Solution
---------
"This transaction requires voice authentication. Call the card issuer."Elavon │ Shift4 v2 Direct Post & FPSThis is a reply from the MID/Processor level. Let the hotel know the client must contact their bank. Sertifi cannot resolve this.
Repeated CVV IssuesFreedomPayIf AMEX only: MID may not be enabled for this card type. Investigate via Datadog, submit a DSD, ask them to confirm MID setup with Finance. If MID change confirmed, submit IMP case.
Expired TokenShift4 v2 Direct PostToken has not been used in a while. Check if a new Shift4 v2 Direct Post token can be regenerated. If not, gather MID details and contact Shift4.
Processing error for all transactions Preconfigured Stripe │

Portal Administration > Creating Temporary Passwords > Creating Temporary Passwords
⚠ Do not create temporary passwords for SSO users. Their credentials are managed by their identity provider.

Use only when: user is not receiving password reset emails, reset links are expired/failing, user is locked out, or account is non-SSO and actively managed in Sertifi.

Open Master Tools, locate the user, and confirm their status is Active. If Pending, Disabled, or 0, activate them first. Check the last login time against the ticket timestamp.

In Master Tools, select "Create a password reset link for a user." Enter the email, generate the reset link, create a password meeting security requirements, and test in an incognito window.

Send via Gmail Confidential Mode: click the lock icon with a clock → enable expiration → enable passcode protection → send with SMS passcode

Account Settings | Super Admin — Full Settings Reference > Sending Features > Auto expire signer uploads
Determines how long a file upload is available. Signed document retention is currently set to 1 year.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 1 > Auto expire unsigned documents
Determines how long it takes for an unsigned document to expire if no expiration was set when the file was sent.

Sertifi Support SOP: Link Expiration > Overview > Overview
This SOP covers the error users see when a secure link has expired or reached its maximum number of clicks.

Sertifi Support SOP: Link Expiration > Settings Involved > Settings Involved

Secure URL Max Clicks: A link can be used a set number of times. The default is 5 clicks.

Request New Link Page: If a link expires or reaches its max clicks, the user is sent to a page to request a new link.

Sertifi Support SOP: Link Expiration > Rules for the Request New Link Page > Rules for the Request New Link Page

The user will be logged out before they can access this page.

After 10 minutes, the page will automatically redirect to a "session timed out" page.

After clicking the "Request New Link" button, there is a 30-second wait before it can be clicked again.

If a new link is generated, any old links for the same request will be disabled.

All link generation actions are logged as events in the Room Activity.

Sertifi Support SOP: Handling Hyatt Tickets Requesting Envision Access > Step 4: Send the Secure Encrypted Email > Step 4: Send the Secure Encrypted Email
⚠ Must be encrypted using Virtru (Gmail). Do NOT use Gmail's built-in "Confidential Mode." Only one property per email.

Send to:

Primary: servicedesk@hyatt.com

CC (all three): CHICO-Hyatt.Service.Desk.Sales@hyatt.com CHICO-Envision.System.Support@hyatt.com Ossy.Lopez@hyatt.com

Email template:

Subject: Enable Envision/Sertifi integration for - Hotel Name (SPIRIT CODE)

Hyatt Service Desk,

Please enable the Envision/Sertifi integration for Hotel Name (SPIRIT CODE).

The API Code: [enter API Code from eSign or eSign/Payment portal]

This portal is eSignature ONLY. / This portal is eSignatures and Payments. [Select the sentence that applies — delete the other.]

Please forward Hyatt training materials to: [add names and email addresses of all prope

eForms vs. Document Library > eForms Workflow — Admin View > eForms Workflow — Admin View
Steps to send an eForm:

Navigate to the "Create New" menu and select "Send Authorization eForm."

Complete the required fields to create a File Room: Folder Name and 1st Participant email. Expiration, Email Invite Message, and other roles are optional.

Locate the eForms dropdown and select the form to send.

Review the form and prefill as needed.

Select "Send Now."

Step-by-Step Guide: Updating the Security Certificate in Okta > Step-by-Step Guide: Updating the Security Certificate in Okta

Navigate to the Security section.

Select Identity Providers.

Use the search bar to find the specific partner.

Click on Actions → Configure Identity Provider.

Go to SAML Protocol Settings. To confirm the certificate is expiring: clients receive notifications about expiration, and you can verify the expiry date here.

Scroll back up and click Edit to update the Certificate under "IdP Signature Certificate."

Locate the certificate folder sent by the client (extract it if needed).

Identify the correct certificate file — ensure you select the current file, not one from a previous year.

Go back to Okta and update the Identity Provider.

Use 2FA (Two-Factor Authentication) after the update.

Verify the certifi

CS1 Training: Reading Salesforce > Reading the Salesforce Account > Top Detail Bar

Account Owner: the Sales person.

Parent Account: if the property is part of a group, the corporate or parent account is linked.

Type: Customer (active products) Prospect (not yet contracted) Former (had a Sertifi service and canceled/didn't renew).

Unique Property Code: can be brand-specific and duplicated. Confirm the location makes sense for the property code. Marriott: MARSHA code Hyatt: SPIRIT code Hilton: INN code.

NOTE: Support does not edit overall accounts in Salesforce unless directed. The only edits we make are to portal details via the dropdown carrot next to the portal link.

Sertifi Permissions & Roles — Flywire > Permissions by Feature Area > Folder Maintenance
All agent and manager roles can view, edit, delete, archive, and duplicate folders, as well as expire signature documents. Auditors can view folders but cannot make changes.

Sertifi Permissions & Roles — Flywire > Sensitive & Specialized Roles > Sensitive & Specialized Roles
RoleWhat It AllowsAssign ToGuidance
------------
Unmask - PIIView unmasked personal data on signed docsPrivacy/compliance officerAssign only to those with documented need.
Unmask - TransactionsView full card numbers and expiration datesFinance/treasury team memberStrict PCI DSS requirement — limit tightly.
Charge CardCharge/clone a card on fileFinance staff with authorizationLog and audit all uses; never assign broadly.
Finance AgentInitiate payment refundsFinance operationsPair with Finance Manager for approval workflow.
Finance ManagerApprove refund requestsFinance leadershipRequired counterpart for Finance Agent role.

*NOTE: Refund roles (Finance Agent / Finance Manager) are still

Escalation Procedures

Zendesk Front-End → Escalations Workflow > Front-End Team SOP > When to Escalate
Escalate a ticket when:

Troubleshooting has been completed and the issue cannot be resolved at the front-end level.

The problem involves a bug, complex integration, or deep-dive payment issue.

The next step requires JIRA or DSD creation, Portal review, or Salesforce case linkage.

Zendesk Front-End → Escalations Workflow > Front-End Team SOP > Before Escalating
Every escalation must include the full package:

Required InfoDescription
------
Portal LinkInclude the direct portal URL for the affected account or transaction.
JIRA Ticket / DSDLink to the DSD (if already created).
Salesforce LinkLink to the related case for account context and communication history.
Internal NotesSummarize troubleshooting done, results, and next-step rationale. Include screenshots or logs if applicable.

The goal: Escalations should never need to ask "What's the issue?" or "Where's the data?" — everything should be visible and actionable.

Zendesk Front-End → Escalations Workflow > Front-End Team SOP > How to Escalate

Add tag: escalations_team Move Group to: Escalations TeamClear Assignee (for round-robin) Submit ticket as Open.

Once submitted, the automation sequence runs automatically: sends a public auto-reply confirming escalation; posts an internal note; removes the escalations_team tag; adds the standard escalation tag.

Zendesk then routes the ticket to the Escalations queue. The round-robin trigger assigns it to the next available agent (Alejandro → Flore → Jaida → repeat).

Zendesk Front-End → Escalations Workflow > Front-End Team SOP > After Escalating

Do not manually assign or reply to the ticket after escalation.

Monitor for Escalations updates or Jira links in internal notes.

Follow up if no internal activity within 48 hours.

Ticket Assignment & Coverage

Support Hourly Ticket Assignment > Support Hourly Ticket Assignment
Frequency: Top of every hour.

Goal: Ensure all tickets are owned and workload is balanced.

Support Hourly Ticket Assignment > Step 1: Review Coverage > Step 1: Review Coverage

Check the calendar for absences before assigning.

Do not leave tickets assigned to anyone who is out. Reassign those tickets immediately.

Known schedules:

Tricia: Out Wed/Fri

Nakima: Out Tues/Wed

Backups:

If Tim is out → Lisette assigns.

If both are out → Management finds alternatives.

Lisette covers for Tim at 12:45 ET for lunch.

Support Hourly Ticket Assignment > Step 2: Assign New Tickets > Step 2: Assign New Tickets

Go to: New & Unassigned

Count total tickets and divide evenly across available staff.

Adjust for absences.

Give fewer tickets to agents in training. Example: 40 tickets, 4 agents (1 in training) → give 11 tickets to 3 agents, remainder to the trainee.

Support Hourly Ticket Assignment > Step 3: Maintain Ownership (Hourly) > Step 3: Maintain Ownership (Hourly)
At the top of each hour:

Assign new tickets.

Reassign tickets from absent team members.

Confirm no tickets are unassigned or idle.

Support Hourly Ticket Assignment > Core Rules > Core Rules

No unassigned tickets.

No tickets assigned to absent team members.

Workload must stay balanced.

Reassign absences immediately.

Weekend/Holiday Coverage Instructions > Weekend/Holiday Coverage Instructions
Weekend staff follow the same hourly assignment process as weekdays, with additional routing responsibility when tickets fall outside their skill level.

Goal: Keep tickets owned, routed correctly, and tracked for upskilling, while actively building skills so weekend staff can eventually handle escalations.

Weekend/Holiday Coverage Instructions > Step 1: Work What You Understand > Step 1: Work What You Understand
If you fully understand a ticket, work it. If you do not:

Do not leave it unassigned.

Do not guess.

Route it immediately.

Ownership is more important than perfection.

Weekend/Holiday Coverage Instructions > Step 2: Identify Escalations > Step 2: Identify Escalations
Escalations = tickets requiring deep technical troubleshooting. Route to Escalations if the ticket involves:

Errors or bugs

Salesforce issues

Payment failures

Integrations (Delphi, Opera, Infor)

Any non-basic portal behavior

Anything requiring logs or engineering review

Never hold escalation tickets in the weekend queue.

Weekend/Holiday Coverage Instructions > Step 3: Route Support Learning Tickets > Step 3: Route Support Learning Tickets
If it is NOT an escalation but you still do not understand it:

Assign to Support.

Track it as a learning opportunity.

These tickets should later be reviewed with Alejandro, Flore, or Jaida. This is part of the upskilling path toward eventual escalation coverage. Do not sit on tickets you are unsure about. Route first, learn after.

Weekend/Holiday Coverage Instructions > Step 4: Track What You Don't Understand > Step 4: Track What You Don't Understand
Keep a running list of tickets you routed because you did not understand them. This list is used for:

Training topics

Skill growth

Future independence

Identifying knowledge gaps

This is expected and part of the development plan.

Weekend/Holiday Coverage Instructions > Escalation Ticket Assignment (Every 2 Hours) > Escalation Ticket Assignment (Every 2 Hours)

Open the Escalations queue. Identify all unassigned tickets.

Open each ticket. Confirm if it belongs to Support or Escalations.

Assign Support-related tickets to the agent on shift. On weekends, assign to the designated weekend agent.

Mass assign remaining escalation tickets to Flore and Jaida.

NOTE: Complete this process every 2 hours to ensure SLA targets are met.

Support FIRE + DSD SOP > FIRE Process — Required Steps > Step 1: Identify + Alert
If you see a pattern (multiple tickets with the same issue, same error across clients, repeated failures or missing emails):

Call it out immediately in the CS Operations Slack channel. Do not wait for confirmation.

If it is the weekend or there is no response, alert a manager directly:

Julie: 386-307-2077

Alejandro: 561-504-0661

Support FIRE + DSD SOP > FIRE Process — Required Steps > Resolution Process
The assigned communicator (Alejandro, manager, or weekend on-call) will confirm when the incident is resolved. Once confirmed:

Search the DSD number in Zendesk.

Select all related tickets.

Use bulk edit (same process as above).

Apply the Resolved macro. This sends final communication and clears the incident.

DSD & Follow-Up

**
Sertifi Support SOPs INTERNAL USE ONLY

Sertifi Support

Standard Operating Procedures

CS Operations | Internal Reference

Covers: Core SOPs Zendesk AdminEscalationsDSD ProcessTicket Completion Support Basics

Source: Confluence export | Cleaned April 2026

Zendesk Admin Setup > Action Required: 1-Week-Old DSD Follow-Ups > Action Required: 1-Week-Old DSD Follow-Ups
DSD tickets up to one week old must be escalated if they have not been followed up on.

Use the tag needs_attention to flag tickets requiring engineering attention.

Aim to complete this review on Mondays before others review the ticket queue.

If engineers are not being responsive, tag the ticket and escalate appropriately.

Zendesk Front-End → Escalations Workflow > Escalations Team SOP > Upon Assignment

Review Portal, Jira, and Salesforce links for context.

Verify the internal note includes troubleshooting details and results.

Begin deep-dive work: reproduce or confirm the issue; review system logs or payment traces; create or update the Jira/DSD if not already linked.

Add an internal note acknowledging ownership: "Received — under review."

Zendesk Front-End → Escalations Workflow > Escalations Team SOP > Resolution & Closeout
When resolved:

Add a final internal summary including: root cause, fix or workaround, and Jira/DSD references.

If customer confirmation is needed, set ticket to Pending.

If fully resolved, close the ticket or reassign back to Front-End for follow-up.

CS Operations Issue Tracking & DSD Process > Identify the Pattern > Identify the Pattern
If you notice multiple tickets with the same issue, repeated refreshes or resets, the same error across different clients, or system emails not sending — validate it. If it is real and repeatable, create the DSD. Do not wait to see if Engineering already knows.

CS Operations Issue Tracking & DSD Process > Create the DSD > Create the DSD
The first CS Operations team member who confirms the issue:

Creates the DSD.

Sets urgency and impact.

Posts the DSD link in the main channel.

Even if Engineering is aware, we still create a DSD for tracking and accountability. If you can prove it, log it.

CS Operations Issue Tracking & DSD Process > Attach All Impacted Tickets > Attach All Impacted Tickets

Add the DSD to every related Zendesk ticket.

Share examples in the main channel.

Watch for additional matches in your queue.

This allows us to measure client impact accurately and report volume clearly.

CS Operations Issue Tracking & DSD Process > Pattern Patrol > Pattern Patrol
We work tickets bottom up, but we are also responsible for spotting trends. While assigning tickets, refreshing gateways, working escalations, or reviewing the new queue — look for repetition. Ownership is shared; this cannot rely on one person.

CS Operations Issue Tracking & DSD Process > Resolution > Resolution
Sometimes Engineering fixes one issue but not another. That is exactly why we log issues separately as individual DSDs. Each distinct problem needs its own DSD so we can:

Track what was actually fixed.

Confirm which behavior was resolved.

Avoid leaving tickets sitting on hold unnecessarily.

At the end of the day, once a confirmed fix is in place:

Verify the issue is truly resolved.

Confirm which DSDs are closed.

Send resolution communications in batches where appropriate.

Clear related tickets from hold.

NOTE: Clear logging leads to clean resolution. Do not wait for a formal incident label. Do not assume someone else logged it. Log proven patterns immediately.

Support FIRE + DSD SOP > Support FIRE + DSD SOP
The FIRE process applies when a pattern is identified that affects multiple clients simultaneously.

Support FIRE + DSD SOP > FIRE Process — Required Steps > Step 2: Create the DSD

Create the DSD as soon as the pattern is confirmed.

Set urgency to 4 or 5 to trigger PagerDuty and alert SRE.

Identify and include the first reported ticket. This establishes the start of impact.

Share the DSD link in the main channel. Manager will escalate to other teams as needed.

Support FIRE + DSD SOP > FIRE Process — Required Steps > Why This Matters
We do this to track how many clients are affected, when impact starts, and whether impact is increasing or slowing. By tagging every ticket with the DSD, we can search and report accurately. If we go from 10 tickets to 100, that changes priority immediately. Once the incident is under control, return to normal ticket work.

Zendesk Ticket Completion + DSD Escalation SOP > Zendesk Ticket Completion + DSD Escalation SOP
Purpose: Ensure every Zendesk ticket is properly documented before escalation, and that DSD issues contain reproducible technical detail.

Zendesk Ticket Completion + DSD Escalation SOP > Part 1: Required Zendesk Fields Before Pending a Ticket > Assignee

Your name must be assigned. Use "Take It" if no macro assigns you.

Unassigned tickets delay responses when clients reply.

Zendesk Ticket Completion + DSD Escalation SOP > Part 1: Required Zendesk Fields Before Pending a Ticket > Sertifi Portal URL

Use the portal where the issue occurs.

If multiple portals are affected, select one listed in Salesforce.

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Part 2: Creating a DSD Issue
Escalate only after confirming the issue cannot be resolved in Support.

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Step 1: Create Issue
Zendesk → Jira section → Create Issue. Select:

Project: Dev Service Desk (DSD)

Issue Type: Service Request

Reporter: Yourself

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Step 2: Summary
Write a short, human-readable title. At the end include: Account link and Zendesk ticket link.

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Step 3: Description Requirements
Description must allow engineering to reproduce the issue. Include:

Exact steps taken

Expected result vs. actual result

Affected client(s) or product

URLs involved

Screenshots or recordings

Error messages

Relevant logs or event notifications

Replication links

Any workaround attempted

Goal: Engineering should not need to ask follow-up questions.

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Step 5: Impact Level
LevelMeaning
------
1Internal only or single client.
2Extremely small subset.
3Small subset.
4Large client group or major accounts.
5All users affected.

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Step 6: Additional Fields

Desired Resolution Time: select appropriately.

Product: choose the affected system.

Labels: add relevant tags. Use needs_attention for escalation review.

Customer Domain: requester email OR portal URL.

Attach files and verify upload succeeded in Jira.

Click Create.

Zendesk Ticket Completion + DSD Escalation SOP > Part 2: Creating a DSD Issue > Final Rule
A good DSD ticket is: reproducible, specific, documented, linked correctly, and categorized accurately. If engineering has to ask what happened, the ticket is incomplete.

Support Tips for DSD Creation > Support Tips for DSD Creation
Goal: Create DSD tickets that Engineering can act on immediately without hunting through Zendesk. Keep tickets short, structured, and technical.

Support Tips for DSD Creation > Required Summary Format > Required Summary Format
Write the title as: Feature name – what is broken

Example: NG Login – Unable to reach login screen

The summary must include:

What is broken

What was already tested

Current behavior

Expected behavior

Engineering should understand the issue without reading the Zendesk thread.

Support Tips for DSD Creation > Environment Details (Required) > Environment Details (Required)

Portal experience: NG / Classic / AdminChoice

API or Customer portal

Mobile or Desktop

Product area: eSig / Pay / Salesforce / etc.

Use case (e.g., In-Person Signing)

Support Tips for DSD Creation > Evidence > Evidence
Attach visuals whenever possible:

Screenshots

Screen recording

Console logs

Timestamps of issue

Screenshots alone are not enough. Always describe the exact steps taken before the failure.

Support Tips for DSD Creation > Expected vs. Actual Behavior > Expected vs. Actual Behavior
Clearly state:

Expected: what should happen

Actual: what actually happened

Avoid vague statements like "it doesn't work."

Support Tips for DSD Creation > Customer Artifacts (If Available) > Customer Artifacts (If Available)

.har file (Direct Login)

SAML trace

Error message screenshots

Troubleshooting video

Jam session recording

Artifacts accelerate log tracing and reproduction.

Support Specialist Product Basics > Security Review Tickets > Create a DSD: Security Review

Select the "Security Review" option when creating the DSD.

Label it appropriately (e.g., "Security Review | Report of illegal/fraudulent charge by payee").

In the body, include: client email, a note about any undownloaded attachment, and the full client message.

Set Impact to Low, Urgency to Medium, and Desired Resolution Time to Medium (3 days).

Let your supervisor or manager know so they can monitor the Jira ticket.

NOTE: If the client does not reply with requested details, or tries again to get you to open a link or download an attachment, put the ticket on hold until the Security Review is complete.

Data Management Policies > Data Removal Request from User > Data Removal Request from User
Steps when a user requests their data be removed:

Search the email the ticket came from.

Identify any possible portals. If there are more than 3, move to step 3.

Send Macro: "Data Removal Request From User." If 3 or fewer portals are associated and the Super/file owner approves, mark all of the user's profiles to "Disabled" status.

If the user has more than 3 portals, upon Super/File Owner approval, submit a DSD for a "Deactivate" script to be run.

NOTE: Deactivate and Disable do the same thing. The difference: Deactivate applies to ALL portals associated with a given email, while Disable is done per hotel instance.

Answering Questions Effectively A Checklist > Answering Questions Effectively A Checklist
In Support it is important to understand the question being asked so that we can not only answer it, but anticipate the next possible questions and address those as well.

Understanding the Context: Did you take the time to understand the context of the customer's question? If their question had multiple points, address each one separately. Have you reviewed any relevant history from previous interactions? Did you fully answer the customer's main question? If additional information is needed, did you request it?

Clarity and Conciseness: Is your response clear and concise? Avoid overly technical jargon or ambiguous language. Use simple, easy-to-understand language.

Personalization: Address the customer by their name. Use a friendly and professional tone.

Follow-Up Information: If

Hilton Support Troubleshooting > Hilton SF Troubleshooting > Hilton SF Troubleshooting

Hilton property reports a Salesforce error.

Determine if SF Org access is needed or if it is a known configuration error.

If access is needed: escalate to your manager to check if the property is HM/HF.

Yes (HM/HF): Loop in claudia.mackay@hilton.com and request Org Access. Access is granted for 3 days only.

No: Request access from the contact and corporate HQ.

Submit a DSD for resolution instructions. Note that Hilton will want to make the changes themselves.

Add the DSD to the Development Case Link in Zendesk and place the ticket on Hold.

Wait for instructions from the SF Engineering team to deliver back to Hilton.

Payment-Specific Support SOPs > Same-Day Partial Refunds > Same-Day Partial Refunds
When a same-day partial refund is processed, the system first voids the original payment. If the follow-up capture fails, this results in a full refund or void. Locations can opt out of same-day refunds to prevent this — configurable in the portal's payment gateway rules.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 1 > Signer editable fields
Determines which fields in a document the signer can edit when signing.

All Fields Editable

Empty Fields Editable

No Fields Editable

Bulk Send & Bulk Download Requests > Bulk Download > Bulk Download
If you receive a Bulk Download request:

Submit via CS Create Case — Bulk Send (same process as above).

Subject Line must contain the word "download" to ensure proper Success team follow-up: BULK DOWNLOAD Requested.

Provide any details the client gave (timeframe, etc.).

Add the Ticket, client email, and portal URL.

Insert the CS Case URL in the Zendesk ticket using "Success" as the Type.

Integration & Opera SOPs

Zendesk Support Role Responsibilities > Zendesk Support Role Responsibilities
Purpose: Ensure consistent, efficient, and high-quality client support through proper Zendesk ticket management, clear communication, and accurate troubleshooting. This SOP defines responsibilities for CS Operations agents when handling support tickets in Zendesk.

Zendesk Support Role Responsibilities > First Response > First Response
The first response sets the tone for the support experience. Agents should provide a clear acknowledgment that:

Confirms the request was received.

Demonstrates understanding of the issue.

Requests any missing information required to troubleshoot.

First replies should be professional and concise, avoid unnecessary technical jargon, and provide immediate next steps when possible. Common missing information to request:

Transaction IDs

Screenshots or error messages

Property or account identifiers

Steps the client took before encountering the issue

Zendesk Support Role Responsibilities > Troubleshooting > Troubleshooting
Agents should attempt to fully troubleshoot issues before escalating. Troubleshooting should include reviewing:

Ticket history and prior client communications

Internal documentation (Confluence SOPs and Help Center articles)

Similar past tickets or known issues

System logs or transaction activity when available

Agents should attempt to reproduce the issue when possible. Common troubleshooting actions:

Reviewing payment transaction statuses

Checking integration configurations

Confirming user roles or permission settings

Identifying gateway or token errors

Validating account setup

Zendesk Support Role Responsibilities > Customer Communication > Customer Communication
Clients should never be left without updates on active issues. Agents are responsible for:

Providing progress updates on tickets awaiting resolution.

Setting clear expectations for timelines when investigation is ongoing.

Explaining issues in language clients can understand.

When an issue requires engineering review, inform the client that the issue has been escalated, and provide updates when new information becomes available.

Support Specialist Basics > Troubleshooting Can't View Credit Card > Troubleshooting Can't View Credit Card
This process explains the troubleshooting steps to take when an Admin already in the Security Group cannot see the credit card for a specific file.

First, check if the requester is a Super Admin. If not, locate the active Super Admin(s) and CC them into the ticket for visibility.

Step 1: Verify the Admin is in the correct Security Group for viewing credit information (usually "Can View Unmasked CC"). Navigate to: Security Settings → Can View Unmasked CC → Edit Members.

Step 2: Verify that SkyFlow is enabled. If SkyFlow is not enabled, none of the credit card forms will be tokenized for viewing. Navigate to: Integrations → SkyFlow. Note the token length for later.

Step 3: Verify the Payment Gateway is set up correctly. Navigate to: Administration → Account Settings → Payment Setti

Support Specialist Basics > Security Groups | Unmask CC, Clone, Refund > Creating Security Group: Can View Unmasked CC

Navigate to Administration → Account Settings → Security Settings.

Select "Add Group" and name it "Can View Unmasked CC."

Select the pencil icon next to the group name.

Verify the following settings are set to "Allow": Can View Payment Information Can View eConfirmations Payment Information Can View eConfirmations.

Save.

Support Specialist Basics > Access Requests: Portal Admin or Security Group > Request from an Internal Team (Sales, CS, etc.)

Follow proper steps as with any access request.

Check for Super Admins in the portal and in Salesforce (both the account and the parent account).

If neither the portal nor Salesforce has an account that can provide access, call the hotel and verify the requester's position.

Support Specialist Basics > Profile Statuses: Active, Pending, Disabled, 0 > 0 Status
Less common. Occurs when an activation request times out for an otherwise active user, typically for Delphi or API users. When a 0-status user tries to log in, the screen appears to "blink" and refresh without error. You must activate this user via the portal's Master Tools before they can do anything, including a password reset.

Support Specialist Product Basics > eSignature (eSign) > eSignature (eSign)
Sertifi's eSignature product allows hotels to send contracts for signature without requiring card details or payments. Data Tags are used to configure documents to require signatures, initials, uploads, etc.

Required settings for eSign to work:

Sending Page Defaults: Configure signer levels, auto CC recipients, and enable "Show Signature Documents" and "Show Reference Documents." Navigate to: Administration → Account Settings → Sending Page Defaults.

Delphi/Salesforce/Amadeus integration: eSign is the product required for these platforms. Check if in use via: Administration → Account Settings → Real Time Updates.

Support Specialist Product Basics > eConfirmations > eConfirmations
eConfirmations allow travel agencies and companies to send virtual credit cards electronically into the portal report. They come from business travelers, travel agencies, virtual card providers, and other travel management companies.

Required settings:

Navigate to Administration → Account Settings → Integrations → eConfirmations.

Enable eConfirmations and copy the Property ID to send to the client for ConfermaPay (use the ConfermaPay macro).

Enable all External Providers.

Select "YES" for Send Email Notifications and enter at least one Super Admin email so they receive alerts for new eConfirmations.

Navigate to Account Settings → Account Settings and scroll to the bottom. Check the box for Super Admins to see the eConfirmations report.

Verify the Unmasking Security Group

Support Specialist Product Basics > Security Review Tickets > Next Move — The Reply
Request additional information: confirmation of the email used, date of the charge, card last 4, charge amount, and bank statement details. Do not click or download any attached links. Ask for a screenshot pasted directly into the email thread instead.

Data Management Policies > Support Data Access and Modification Requirements > Support Data Access and Modification Requirements
This section outlines procedures for denying access to personal information, responding to data subject inquiries, and handling access or modification requests.

Data Management Policies > Support Data Access and Modification Requirements > Denying Access to Personal Information

Access is controlled by security settings that only Sertifi Master Access and the account Super Admin can adjust. Sertifi does not provide access to anyone requesting personal information directly.

Verify the requester's identity by checking the list of Admins and their role/access level. If they do not have appropriate access, loop in the Super Admin.

Redirect the requester to the Super Admin or file owner by providing their contact information or looping them into the email.

Access to credit card CVV is always denied as we do not store that information.

Data Management Policies > Support Data Access and Modification Requirements > Responding to Data Subject Inquiries, Complaints, or Disputes

Redirect data subjects to the account and Super Admin for assistance.

The Support Team responds within a median window of 1.8 hours for first response and 0.6 hours for full resolution during business hours.

If the customer needs more information, escalate to the Success Team.

Tag chargeback/dispute emails in Zendesk and submit a monthly report to the Success Team.

Data Management Policies > Support Data Deletion Policy > Support Data Deletion Policy
Upon receiving a data deletion request:

Account Disabling: Immediately disable the user account to prevent further processing of personal information.

Informing the Hotel/Customer: Notify the hotel/customer that a data deletion request was received and the account has been disabled. Ask if they want contract documents removed.

Processing Data Deletion: If the hotel/customer requests document removal, Engineering deletes the documents on an individual basis after Security Team approval.

Retention of Certain Data: Audit trails, payment receipts, and tokens are retained per legal requirements under GDPR and other regulations.

Brand Portal Access & Administrative Requests > Brand-Specific Requirements > HEI Hotels & Resorts
HEI manages properties across many brands. Always verify the management group in Salesforce before proceeding.

⚠ Any ticket from an @heihotels.com email address, or any request referencing Lori Gear (HEI's corporate contact), must be routed to support@heihotels.com. Do not process internally. Failure to follow this routing may result in Lori Gear modifying or disabling the user's access without notice.

Support Sonesta > Key Rules > Key Rules

Sertifi should NEVER give access to any users to unmask, clone, or refund. Forward all such requests to helpdesk@sonesta.com.

CC auth forms are standard and we are asked not to make changes. If there is pushback, copy Kate Cortez (kcortez@sonesta.com).

For training materials, direct hotels to "Sonesta's Compass Training."

Once a portal is set up, notify Kate Cortez and she will inform the hotel.

All properties are on SSO. Users refer to it as their "Okta login."

Other Brand SOPs > Red Roof Ticket SOP > Red Roof Ticket SOP
Red Roof locations are identified by a location number that also serves as their email address (e.g., i1290@redroof.com).

Navigate to Administration → View Admins → View All Admins.

Find the location identifier and click View Files.

Locate the file and troubleshoot as normal.

NOTE: Red Roof locations use an API. Their system creates and sends credit card authorizations automatically. They contact us mainly for blank file rooms or credit card capture issues.

Other Brand SOPs > HEI Properties > HEI Properties
Tickets from @heihotels.com or referencing Lori Gear must be routed to support@heihotels.com. Do not process internally.

Reply template: Thank you for reaching out to Sertifi Support. It appears your location is an HEI-based property, so this request should be directed to support@heihotels.com. They will be able to grant you access. Have a great day!

PART B: INTEGRATION GUIDES

Salesforce Support Tickets (Start Here) > Salesforce Support Tickets (Start Here)
Covers all Salesforce-based software including Delphi (FDC), Amadeus, and others.

Salesforce Support Tickets (Start Here) > Before Anything Else: Check Real Time Updates > Before Anything Else: Check Real Time Updates
When a Salesforce ticket comes in, first ensure Real Time Updates (RTU) in the connected portal are working. Also confirm the Admin is listed correctly in the portal they are trying to access.

Salesforce Support Tickets (Start Here) > Requesting Org Access > Requesting Org Access
Some hotel brands do not allow access — check SF Corporate Contacts first. Package Versions can be viewed without asking the client by searching the Org Name or Org ID.

Short Org Access request template:

Thanks for the details. In order to troubleshoot, we need access to your Salesforce instance and: (1) Salesforce Organization ID, (2) Salesforce Org Name, (3) access granted to Sertifi for at least 7 days, (4) the Booking or Opportunity link where this occurred.

Salesforce Support Tickets (Start Here) > Packages > Packages
Clients need to be on at least Version 2024.1119 of Sertifi E-Sign for Salesforce.com. We are now in 2025.XXXX packages. Check the "SF Blog" for newest links, also available in the "Direct Links to Newest packages" macro.

NOTE: The SEM (Sales and Events Management) package is separate from the standard Sertifi package. Both must be updated if both are present.

Salesforce Support Tickets (Start Here) > Most Common Issues > Issue 1: Custom Settings Missing or API Code Does Not Match
The property needs its Custom Setting checked. The API code must match the Sertifi portal. You can often clone another Custom Setting and change the API code for the portal needed.

Salesforce Support Tickets (Start Here) > Most Common Issues > Issue 2: Permission Errors
Appears as "XXX does not have permissions," "Insufficient Access," "No Edit Access," or "No Create Access." See the Permission Sets, Apex Classes & Object Settings guide.

Salesforce Support Tickets (Start Here) > Most Common Issues > Issue 3: Adding a Document to the Org
Create a new Documents Folder and add the document. Pre-test any document for tags and portal usage before adding.

Salesforce Support Tickets (Start Here) > Most Common Issues > Other Issues
IssueFix
------
Access to other Admin's BookingsUser needs Power Admin access in the portal.
API Error with IP Restrictions mentionedCheck portal Security Settings and add the new IP(s).
Can't upload file (PDF/Tag Error)Check file for tagging issues.
Notes and Attachments not connecting to bookingCheck Profile Permissions on the RTU failure notice email.
Invalid Character Error (usually: %)Client entered a percentage into a money field. They must correct before re-sending.
File too bigClient must reduce file size below 6MB.
Can only add email from contact listThis is enabled in Custom Settings for the location.
Duplicate entry from Contact List Client has the same email as multiple contacts. They must remove extras.

Salesforce Support Tickets (Start Here) > Locating a User's Permission Set > Locating a User's Permission Set

Get Org access and log in.

Select Setup from the upper right corner.

Search for or select Manage Users → Users.

Search for the user's name with the error and click their profile type (hyperlinked).

From the Profile, select the relevant section based on the error type: Object Settings, APEX Classes, or VisualForce Pages.

Salesforce Support Tickets (Start Here) > Logging Into a Salesforce Org > Logging Into a Salesforce Org

Confirm Org access is granted and you have the Org ID and Org Name.

In Salesforce, change your view to "Subscribers."

Enter the Org ID or Org Name in the search bar. Refresh if you see a stall screen.

Click the Production Org name (not Sandbox in most cases).

If access is granted, a Login button appears. Click Login.

Salesforce Support Tickets (Start Here) > Delphi Transaction Type Selector (Payment vs. Authorization) > Delphi Transaction Type Selector (Payment vs. Authorization)
The setting that controls whether the Payment vs. Authorization selector appears in Delphi is ShowPaymentVerificationOption.

NOTE: The tooltip text on this setting does not accurately describe its behavior. It enables the Payment vs. Authorization selector during transaction creation.

Support process (post-implementation properties only):

Confirm the client is missing the Payment vs. Authorization option and ask when it last worked.

Confirm the request is post-implementation and review any recent changes.

Locate ShowPaymentVerificationOption in Delphi, set to Enabled, and save. Have the user refresh or sign out and back in.

If the request occurs during active implementation or impacts overall workflow design, create an Implementation case instead.

Opera Resources for Support > Opera Types and Integration Types > Opera Types and Integration Types
Opera Types: V5 on-prem V5 hosted Opera Cloud

Integration Types: OWS (all Opera types) | OHIP (Opera Cloud only)

Opera Resources for Support > Opera Settings Overview > Opera Settings Overview
Navigate to: Administration → Account Settings → Integrations → Opera.

Property Global Settings (set by Oracle; confirm with Support Engineers before changing):

Destination Type ID — usually PMS

Origin Entity ID — usually KIOSK

Department Code — code like AUTH or SERTIFI to route notifications (Cloud uses SERTI due to character limits)

Folio Window Number — static (e.g., 2) or dynamic (0 = first available). Recommend windows 2–8; window 1 is typically reserved for the guest's payment method.

Web Service URL — external accessible URL, e.g., https://opera.sertifi.net:444. Do not include /ows_ws_51/Reservation.aspx.

Card Types — must match Opera's configuration exactly.

Property Settings: Hotel Code, Hotel Chain Code, Username, Password, Domain, Endpoint URL (same as Web S

Opera Resources for Support > Updating Opera Credentials > Updating Opera Credentials

Verify the request and obtain appropriate approvals.

Confirm their Opera setup: OWS only, Cloud, or OHIP?

Confirm which fields the credentials are for. Cloud UN/PW are usually the same in both sets but sometimes unique.

Enter Username and Password in each field needing update and click Save.

Once the green "Saved" message appears, click "Validate Credentials."

Green banner = success. Red banner = error — follow up with the client.

Opera Resources for Support > Opera OWS 401: Unauthorized Error > Opera OWS 401: Unauthorized Error
Causes: failed data transfers, missing/incomplete records, and authorization failures. To confirm it is OWS, check the endpoint. Username format: @I+Domain/Hotel Code.

Common fix: update the endpoint to point to the base URL rather than a specific service path. After updating, confirm the result in the file room.

Opera Resources for Support > Opera OHIP Error: PAN > Opera OHIP Error: PAN
Error: "OHIP API request failed: 400 Bad Request — pan must not be null / pan must be between 8 and 19 digits."

Common fix: Set Gateway Token to "No."

Opera Resources for Support > TCA Failure in Opera for OHIP > TCA Failure in Opera for OHIP
Cause: property may be on OPI On-Prem. Migration to OPI Cloud should resolve it.

Steps to provide to the client:

Go to Opera Cloud Administration → Enterprise → Opera Controls → Credit Cards.

If the Gateway Token setting is "Yes", change it to "No."

Opera Resources for Support > How to Pull XML Logs from Datadog > How to Pull XML Logs from Datadog
Used most often for Opera when Oracle review is needed. Support can see back 15 days only.

In Datadog, go to Logs → Search & Analytics. Set date range to 15 days immediately.

Open the Sertifi File Opera Status Report to get the Confirmation Number.

Search by Confirmation Number in Datadog to pull only Opera XML logs.

If no Confirmation Number is available: search by client email (confirm it is an Opera API log by checking for the KIOSK code and Destination ID), or search by File/Folder Name and filter for logs labeled "XML."

Provide Oracle with both the Request and the Response for the most recent coupling. Copy the full content of each log (use Show More if available). Separate the Response from the Request clearly.

Next steps: ask the client to loop in Oracle, put the ticket

SAML / Okta / SSO Certificate Updates > Updating an Existing Certificate > Updating an Existing Certificate

Request the new certificate via reply in Zendesk. Template: "Hello {Name}, Can you please provide the updated Certification in a reply to this email? If your team has the Metadata available we can use that also. Please note, our Engineering team will provide a date and ask for the best time to complete, as we don't want to affect your day-to-day operations."

Once received, create an OTS ticket. Subject: "Update Cert for {Portal Name} {Cert type (OKTA/SAML/SSO)}". Description: Portal URL, Zendesk ticket link. Attach the certificate or Metadata.

Monitor the OTS ticket for the completion date from Engineering.

Once you have the date, ask the client for the best time of day, then relay that to the OTS ticket.

SAML / Okta / SSO Certificate Updates > SSO Tickets for New Integrations > SSO Tickets for New Integrations

Check if the portal has an SSO contract in Salesforce under Active Packages.

If yes: submit a case to Implementation for setup.

If no: send an Outlook request to Sales to contract the SSO add-on.

If Sales adds the contract, they send the case to Implementation and Collette assigns it.

Payments | Bank Change Requests & MID Changes > Bank Change Requests > Sertifi Pay (SPay) Clients

Confirm the requester's role. If not a Super Admin or corporate Salesforce contact, stop and loop in a Super Admin for approval.

Call the person who made the request to verify. Confirm their name, email, position, and the change request type.

Email Payments@sertifi.com with: hotel name, Salesforce link, portal link, Zendesk ticket, requester details, and a note about attachments in the ticket.

Send the Redirect::Internal::Payments/Stripe Banking Change macro to the client.

⚠ Never add a client's updated banking details in any written format. If a client tries to provide details over the phone, direct them to share those details with the Payments team directly.

Payments | Bank Change Requests & MID Changes > Bank Change Requests > eSign or eAuth Only (No Payments)
The client would need to contract with Sertifi Pay. Direct this request to the Sales person listed in the Salesforce Account Owner field.

Payments | Bank Change Requests & MID Changes > MID Changes > MID Changes
When a customer requests a MID change, gather these qualifying questions:

What company are you changing to?

Are you changing your bank account information? (Updated with the processor.)

Are you changing the processor? If changing to FreedomPay or Merchant Link, submit an IMP case. Elavon and Shift4 go through Shift4 directly.

Are you changing the gateway? If so, gather: Merchant ID, Vault Site ID, Password.

Is this a completely new MID setup? If yes, submit an IMP case.

Once clarified, submit a case to the Implementation team.

Support SOP: Chargebacks > Stripe Chargebacks > Stripe Chargebacks
Email sertifipayments@flywire.com. Include: Stripe payment link(s) for the transaction, Stripe Account ID, Salesforce link for the location, and a clear description of the issue.

Stripe Support > Stripe Refund Questions > Stripe Refund Questions

Request the file information (easiest: signer's email address).

Verify in the file room that a Refund was processed.

Enable the "Sertifi Pay Batch Settlement Report": Home → Reports → Report Management Page → Sertifi Pay Batch Settlement Report → Subscribe.

If the refund is on the report, share the report link with the client. Note that refunds can take 5–10 business days (longer for AMEX).

If the client needs further help, send the Zendesk ticket, file URL, and Sertifi Pay Batch Settlement Report URL to your manager for deeper investigation in Stripe.

Shift4 Support > Troubleshooting Shift4 > Troubleshooting Shift4
Always refer the customer to Shift4 first. Currently no active Shift4 support email — contact via phone or chat using the Merchant ID. The Ecomm setup in Shift4 is the relevant one for Sertifi integration, not the in-person machine setup.

Shift4 Support > Entering the New Auth Token > Entering the New Auth Token
⚠ The token can only be used ONCE. Follow these steps carefully.

Navigate to Administration → Account Settings → Payment Settings → Gateways & Rules.

Locate the old Shift4 V2 Direct Post integration and uncheck the CC checkbox.

Click Add Gateway → select Shift4 FPS → click Add.

Click on Shift4 FPS to open the settings.

Enter the provided Auth Token in the first box. Set Maximum Validation Failures to 3.

Enable Pay under Enabled Workflow. Enable Clone and Refund unless stated otherwise. Enable Authorize if the location uses eAuth.

Click "Update Access Token." A green Success message confirms it worked.

⚠ If an error occurs, you must request a new token from Shift4. The provided token cannot be reused even after a failed attempt.

FreedomPay | Escalation & VAR Sheets > What Is a VAR Sheet? > What Is a VAR Sheet?
A VAR (Value-Added Reseller) sheet contains key business information for payment processing, including which specific credit cards are allowed to process.

Payment Gateway Reach-Outs > Making Contact — Key Information to Include > Making Contact — Key Information to Include

Account information (e.g., the ID in Gateway Settings)

Location's full address and business telephone

Transaction Type: Payment / Refund / Clone / Authorization

Card Type (or ACH) | Transaction date, amount, and card last 4

It is acceptable to copy and paste the Admin Receipt details from Classic or Next Gen. When drafting your outreach: greet the support team, introduce the CC'd contact, explain you are reaching out on behalf of a mutual client, define the issue clearly, and state what you expect them to investigate.

Payment Gateway Reach-Outs > Reading Gateway Responses > Reading Gateway Responses
Gateway teams often respond assuming they are talking to the hotel. Review responses to identify what Sertifi Support can answer directly. If the response asks for information you can provide (Store ID, Terminal ID, issue description, affected card types), respond directly without waiting for the client. Put the ticket back On Hold after responding.

If no reply from the gateway within 2–3 days, follow up in the ticket and put back On Hold.

Support Search Tools > Master Tools — Lookup User's Accounts > Master Tools — Lookup User's Accounts
Enter the user's email or ID with no extra spaces. After pulling the profile, check:

Active, Pending, or 0 status? A 0 status means the profile was never activated — activate via the portal's Master Tools before any action including a password reset.

Role Type? Can they complete the request or does it require higher access?

If an Admin is in multiple portals, check Salesforce to determine which portal maps to which use case.

Portal Administration > Portal Emails: Places to Update > Portal Emails: Places to Update

Blind CC: Adds any listed email to all files sent out, invisible to other participants. Applies to all sends (all-or-nothing).

Sending Page Defaults: Assign automatic signers or CC recipients. "Hide" = not visible to Admins during send. "Show" = visible with option to remove.

Payment Receipts: For team members who need payment alerts but are not in the portal. Administration → Account Settings → Payment Settings → Payment Form & Receipt Settings.

eConfirmations Emails: Administration → Account Settings → Integrations → eConfirmations.

Portal Administration > Cancellation Requests > Cancellation Requests

Send Macro Redirect::Internal::Retention. This solves the ticket.

Send an email in Outlook to Retention@sertifi.com, CC manager. Include: customer contact info, ticket link, Sertifi portal link, Salesforce link. Paste the cancellation request into the subject line.

Retention follows up with the customer within 7 days, then updates and closes the case.

If the ticket re-opens: locate the Salesforce case, ping the assigned person or Peter for status, update the customer, place on hold, then update and solve.

Additional Support SOPs > Security Groups — Quick Settings Reference > Security Groups — Quick Settings Reference
Group TypeRequired Settings (set to Allow)
------
Can View Unmasked CCCan View Payment Information │ Can View eConfirmations Payment Information │ Can View eConfirmations
Clones & RefundsCan Clone Payments │ Can Refund Payments │ Maximum Payment Clone Amount
Accounting (combined)All settings from both groups above. Maximum Refund Over Original Amount is optional (most hotels leave at zero).

Additional Support SOPs > CS Support Cases from Internal Teams > CS Support Cases from Internal Teams
When a CS Support ticket arrives via Salesforce (subject: "CS — Support Case"):

Copy the Contact Email from the description and paste it into the Requester field in Zendesk.

If the person is not yet a Zendesk user, select Add and enter their email and name.

Review the description. If there are no details, use: "Hello {name}, We received your request from our colleague {name}. Can you provide the details relating to your question or concern so we can best assist you?"

If details are provided, investigate and respond as with any standard ticket. All brand SOPs and access request processes still apply.

Additional Support SOPs > Document IDs — Two Types > Document IDs — Two Types
API Document ID: visible in the URL string of the file room after the = sign. Used by API clients (e.g., Delphi eContracts). This is the ID shown on the File Certificate and is searchable in Master Tools.

Form Document ID: shown on the bottom of signed forms, made up of the date and time of the signature. Also searchable in Master Tools. Will appear alongside the API Document ID on the Certificate once the new Certificate version is available.

When a client asks why the two IDs differ: the Certificate ID is for API-integrated partners; the form ID shows the date/time of signature. Use Macro: File::Doc IDs Explained.

Additional Support SOPs > Invoice Lookup for Clients > Invoice Lookup for Clients

Look up the account in Salesforce and scroll down to SaaSOptics Invoices.

If the invoice number matches, click the number hyperlink.

Alternatively, search Salesforce for the Invoice ID directly if provided.

Click the Invoice number hyperlink, then click the e-invoice link to test it opens, then share it with the client.

— End of Part 2 —

Sertifi Support CS OperationsInternal Use Only Cleaned April 2026

Support Implementation Cases > Support Implementation Cases
When Support requires assistance from the Implementation team for a customer, follow these steps to create a case.

Step 1: Define the reason for requesting Implementation team assistance.

Step 2: Obtain all necessary information and ask all qualifying questions before creating the case.

Step 3: Log in to Salesforce and locate the account.

Step 4: Navigate to the Cases section.

Step 5: Select New to create a new case.

Step 6: Select the appropriate team — CS Implementation Project Request — and click Next.

Step 7: Fill out ONLY the Subject and Description with all details provided by the customer. Include customer contact information and the Zendesk ticket for reference. Then save.

That is all Support handles. This creates a case in a queue that the Implementation team

PDF/Word Tagging — Adobe Acrobat Guide > PDF/Word Tagging — Adobe Acrobat Guide
The video and guide can be sent to customers for assistance with tagging documents. Reference: Adobe Acrobat Guide for Sertifi Classic (2023).

Open Your Document in Adobe Acrobat: Start by opening the document that needs to be prepared for signature.

Review the Document Setup: Before adding any data fields, ensure the document is fully set up and ready for tagging.

Adding Sertifi Data Fields: Add the appropriate certified data fields needed to collect required information from signers. Use the "Sertifi Data Fields Quick Reference Guide" to choose the correct tags.

Handle Required Fields: Sertifi data fields automatically become required fields. Use them only if necessary.

Delete Autogenerated Fields (if applicable): In Adobe Acrobat's PDF Editor, remove any autogenerated fie

PDF/Word Tagging — Adobe Acrobat Guide > Common Document Tips & PDF Errors > Textbox Configuration
Ensure all textboxes are set to auto-size to allow clients to enter information easily. Common issues include fields for email addresses or names not expanding properly.

Sertifi Support SOP: Blocked Domains for Embedded Forms > Process > Process

Check the ticket against the blocked domain list.

If the domain is blocked, inform the client with a clear explanation and offer alternatives (e.g., using a different domain or sharing the form via a direct link).

Suggested response:

"Thank you for reaching out. The domain you're attempting to use is currently on our blocked list due to security protocols. We recommend using a different domain or sharing the form via a direct link."

NOTE: The full blocked domain list is a security reference list of disposable/temporary email domains and is maintained separately. It is not reproduced here as it runs to thousands of entries and is subject to change. Reference the source document or the portal's embedded form settings for the current list.

Support SOP: Opera Profile Creation & Escalation to Oracle > Support SOP: Opera Profile Creation & Escalation to Oracle
Use case: when new or unexplained error codes appear in Opera that cannot be resolved through standard troubleshooting, or when the client is requesting additional data or clarification that requires deeper analysis.

Support SOP: Opera Profile Creation & Escalation to Oracle > Oracle Account Setup (First Time Only) > Oracle Account Setup (First Time Only)

Go to https://iccp.custhelp.com/app/home and click Create Account.

Provide your Flywire email address.

Create a secure password using 1Password.

Enter your position, phone number, and office address.

You will receive an activation email. Click the link to activate and log in.

After logging in, go to Profile Settings. Under Add Account, enter: Account Number: 16030732 | Account Name: Sertifi Inc.

Click Validate, then Submit. An admin will be notified to approve your profile. After approval, you will be able to submit and escalate tickets.

Support SOP: Opera Profile Creation & Escalation to Oracle > How to Create an Opera Ticket > How to Create an Opera Ticket

Go to https://iccp.custhelp.com/app/home.

Click Create a Sertifi Request.

Select the appropriate account.

Choose either OHIP or Cloud.

If selecting Cloud, proceed to choose Cloud Ops Hotel App Engineer.

Set the appropriate severity level.

Add a clear summary/subject.

Provide a detailed description of the issue or request.

Support SOP: DAP / Envision Payment Push Error > Support SOP: DAP / Envision Payment Push Error
Use this SOP when a client reports a payment update error on their end but the folder room in Sertifi shows as Paid.

For Zendesk tickets where the folder room shows as Paid but the client is reporting an error, check the connected portal (linked to the integration) by navigating to Real Time Updates, then selecting Web Service Push.

Click "View the web service push queue."

Check for the errors in question. These can be repushed back into the client's system.

After repushing, advise the client and ask if they received the updated status.

Steps for Investigating TCA Entries and Hotel Engine Tickets > Steps for Investigating TCA Entries and Hotel Engine Tickets

Reply to Hotel Engine stating you will look into it.

In Master Tools, look into each line item using the TCA lookup tool (EConfirmationsTransactionLookup.aspx). Look for unmasked entries.

Look up the portal and TCA. Get the Super Admins — or in some cases the Power Admins (check timestamps).

Check email notices for TCAs.

Check for Opera integration.

Use the new macro aligned with "The Basics" and "Edit TCA Emails" as applicable.

Support SOP: Infor Response 404 Error > Support SOP: Infor Response 404 Error
Error: Response status code does not indicate success: 400 (Bad Request).

Support SOP: Infor Response 404 Error > Fix > Fix

Check if "Use VI for Visa?" is checked. If it is not enabled, enable it.

Repush the transaction.

Confirm the repush was successful by checking the error and the updated status.

Bulk Send & Bulk Download Requests > Bulk Send > Bulk Send
Support sends all Bulk Send requests to the Success team via a case until further notice.

Select "Bulk Download" as the case type (there is no Bulk Send option; use Bulk Download and note in the subject).

Subject Line: BULK SEND request (use all caps to distinguish from a Bulk Download).

In the description: copy what the client said, or summarize that they are inquiring about Bulk Send. Include date/time if provided and any attached Excel sheets. Copy the Zendesk ticket URL, requester's email, and portal URL into the description.

Search for the account in the Account Name field.

On the next step, search the client's email in the Contact field. Search Salesforce in advance for a contact email ra

Searching for a File Room with Payment/Auth > Step 2: Request and Search Additional Information > Step 2: Request and Search Additional Information
Ask the client for any additional information: confirmation number, file name, card last 4, or a copy of their invoice/receipt. Confirmation numbers and file names may not have been entered into the portal, but the card last 4 can be used in reports.

Searching for a File Room with Payment/Auth > Step 4: Locate the Room via the Admin's Profile > Step 4: Locate the Room via the Admin's Profile
Go to the View Admin list and find the sender's email. If they are still active, select "View Files" next to their profile. Knowing the file name from the information provided, locate and confirm the file room, then provide the link and form to the client.

NOTE: This is not a comprehensive list of all search methods — it is intended to help when the standard approach does not work. If you need assistance locating a room, reach out in the Support Squad channel.

CS1 Training: Reading Salesforce > How to Look Up an Account in Salesforce > A. Using the Portal URL (Preferred Method)
Only the www.sertifi.com/portalURL is searchable. Do not include https:// or any file room path info — these will cause a search error. Copy and paste the base portal URL into the Salesforce search bar. This is helpful when multiple brands share the same property code or when the brand is unclear.

CS1 Training: Reading Salesforce > How to Look Up an Account in Salesforce > B. Using an Address
Copy the physical address from the email signature and paste it into the Salesforce search bar. Useful when multiple brands share the same property code.

CS1 Training: Reading Salesforce > How to Look Up an Account in Salesforce > C. Using a Hotel Name or Group Name
Search by hotel name or management company name. If searching a group or PMG, open the parent account and use the related accounts or children list to find the correct portal. Works well when the portal name does not match the hotel name exactly.

CS1 Training: Reading Salesforce > How to Look Up an Account in Salesforce > D. Using an Email Address
The least effective method but a good last resort. Enter their email in the search bar and view any accounts that populate. Best used only after other methods have failed.

CS1 Training: Reading Salesforce > Identifying Products > A. Customer Success Section
Check this section first. Shows which products are active, onboarding status, implementation specialist, and notes for delayed launches, corporate approvals, or special handling instructions. "Combined Portals" indicates eSign and eAuth are in one portal. Product statuses may include: Active, Not Live, or Former.

CS1 Training: Reading Salesforce > Identifying Products > B. Customer Metrics
Focus on Product Breakdown. Ignore Total MMR unless billing is relevant. A quantity of 1 typically means the product is active. Confirms if ACH or additional products are included.

CS1 Training: Reading Salesforce > Identifying Products > C. Assets
Located on the right side of the account. Annual Quantity Formula confirms contracted products. Matches what appears in Customer Metrics.

CS1 Training: Reading Salesforce > Identifying Products > D. Portal List
Lists all active portals. To view portal-specific notes: use the dropdown next to the portal, select Edit. Portal notes often include accounting instructions, special configurations, and NG or TCA flags.

CS1 Training: Reading Salesforce > Cases and Activity > Cases and Activity
Activity: shows email communication from internal teams. Helpful if a client references another team member.

Cases: used by multiple teams. Can show recent cancellations, MID changes, or previous requests that impact current work. Reviewing cases can prevent duplicate work and speed up responses.

External Contact Lists > Top Golf > Top Golf
The following emails are likely not listed as Super Admins, but may contact us with requests. Address their issues to the best of your ability:

Babita Gurnani — babita.gurnani@us.gt.com (primary contact for Top Golf requests since Amanda Rhodes departed)

Jason Magsalin — Jason.Magsalin@topgolf.com — Main Salesforce tech contact

Danielle Copelli — Danielle.Copelli@topgolf.com — Sr. Project Manager

Rachele Vincent — Rachele.Vincent@topgolf.com — Director, Sales Business Operations

Prateek Sitholay — Prateek.Sitholay@topgolf.com — Senior Director, Sales Systems Salesforce

External Contact Lists > PCI Proxy / Datatrans > PCI Proxy / Datatrans
Sertifi is a customer of PCI Proxy / Datatrans, not the other way around. You may occasionally receive a ticket from them. Their email will not be listed as an Admin in the system and they have no records in Salesforce.

These emails may look like phishing — they often include a PDF mentioning security or "event follow up/impact." You may forward these tickets to our Security team to check if they have been made aware. PCI Proxy may also send them directly to Nick D.

Handling process:

Identification: Recognize that Sertifi is their customer. The email will not be in the system and there are no Salesforce records for this entity.

Customer Relationship: We are their customer, not the other way around.

Email Characteristics: May appear to be phishing. Often includes a PDF mentio

Sertifi Permissions & Roles — Flywire > Escalation & Support > Escalation & Support

Permission behavior questions: Check Jira for known platform issues before escalating to Product.

Role not behaving as expected: Escalate to Tier 2 / Engineering with specifics on the affected user and permission.

Refund role configuration: Confirm with CS team lead before advising client.

Unmask role requests: Confirm client has a documented compliance need; loop in your manager if uncertain.

— End of Part 3 —

Sertifi Support CS OperationsInternal Use Only Cleaned April 2026

Account & Access SOPs

Zendesk Support Role Responsibilities > Documentation and Product Feedback > Documentation and Product Feedback
Agents should flag:

Recurring client issues

Missing or outdated SOP documentation

Product features causing confusion or workflow disruption

Share these observations with the team lead or manager so documentation or product improvements can be addressed.

Zendesk Support Role Responsibilities > Quality Expectations > Quality Expectations
Key expectations include:

Timely first responses and updates

Accurate troubleshooting and investigation

Clear and respectful communication with clients

Proper documentation of ticket activity in Zendesk

Support quality is evaluated through ticket handling accuracy, client satisfaction feedback, SLA response performance, and internal documentation practices.

Support Specialist Basics > Access Requests: Portal Admin or Security Group > Access Requests: Portal Admin or Security Group
This process covers how to handle requests for portal access (Admin+ access) or access to a Security Group.

Support Specialist Basics > Profile Statuses: Active, Pending, Disabled, 0 > Disabled
Most commonly used for Data Removal requests for end users/signers who have never been an Admin. If an Admin is disabled, their files will be inaccessible to all users including Masters. To restore access, change their status back to User.

Support Specialist Basics > Profile Statuses: Active, Pending, Disabled, 0 > Resend Activation Email

Navigate to Administration → Resend Activation Link.

Enter the Admin's email and search.

Click Resend Email.

NOTE: This does NOT activate the user. They must still access the email and complete the activation process themselves.

Support Specialist Product Basics > Security Review Tickets > First Steps

Check the ticket requester's email in Master Tools (User lookup) and Sendgrid/Postmark.

Navigate to Account Settings and Ctrl+F "server" to identify whether the portal uses Sendgrid (99%) or Postmark.

Data Management Policies > GDPR / DPA Procedures > GDPR / DPA Procedures
If a customer requests DPA or GDPR documents, direct them to the Sertifi Secure Data Room (powered by SafeBase) first.

Locate the documents in the DPA section.

Click "Get Access" and fill out the work email form on behalf of the customer.

Once submitted, update the customer in Zendesk: "I requested the DPA document and submitted to have the document credentials securely sent to your inbox. Let us know if you need further assistance or do not gain access."

If a customer requests an account-specific DPA with terms, email Chris Hostert (chostert@sertifi.com — CFO) and CC your manager with full context of what the customer is requesting.

Support Sonesta > Support Sonesta
⚠ There are no Super Admins at the property level for Sonesta. CC helpdesk@sonesta.com on ALL replies to Sonesta end users.

Support Sonesta > Mass User Updates > Mass User Updates
Sonesta HelpDesk sends a spreadsheet to support@sertifi.com with subject: "Sonesta Admins/multiple portals" for these scenarios:

One user to many portals (more than 20): use the Sonesta Excel template.

Many users to one portal (more than 20): use the Sonesta Excel template.

Super Admin access to all portals (e.g., new Help Desk colleague): use email template format below.

Email template for full-portal access:

Colleague Name: [Name] | Email Address: [email]

Mirror the locations of: [Name] ([email])

Role: Super Admin | Security group: None

Support Sonesta > Sonesta Corporate Admins > Sonesta Corporate Admins
The following Sonesta Help Desk staff should be added as Super Admins to every portal:

kcortez@sonesta.com dboczenowski@sonesta.com Alexandra.Soscia@sonesta.com

Chris.Roberts@sonesta.com Steve.Marischen@sonesta.com Mike.VanHekken@sonesta.com

Devon.Howard@sonesta.com Parker.Nevil@sonesta.com Dylan.Brock@sonesta.com

Jonathan.Ham@sonesta.com Jared.Norman@sonesta.com Nikolas.Dorhoutmees@sonesta.com

Nate.Wells@sonesta.com Parker.Atkins@sonesta.com Martin.Alvarado@sonesta.com

Gary.Macias@sonesta.com Ben.Hicks@sonesta.com Nathaniel.Sanchez@sonesta.com

Glynn.hathaway@sonesta.com jgoldsmith@sonesta.com Marianne.caste@sonesta.com

Jacqui.jones@sonesta.com | Mitchell.ray@sonesta.com

SAML / Okta / SSO Certificate Updates > Okta Tickets: What to Do > Okta Tickets: What to Do
Users submit tickets via their Okta login, which route back to us.

Always read the section under "[Okta site] System help request" for the user's direct details.

Always copy the user's "Provided Address" to the Requester field in Zendesk so they receive our replies, not an Okta address.

Search the user in Master Tools and respond to the ticket ask as normal.

All standard SOPs for Admin access levels and approvals still apply — Okta tickets do not bypass approval requirements.

Support Search Tools > Sendgrid / Postmark > Sendgrid / Postmark
To determine which server a portal uses: Account Settings → Account Settings → Ctrl+F "Mail Server." Most clients (99%) are on Sendgrid.

Use Sendgrid/Postmark to investigate why an email was not received, locate dropped/bounced/blocked emails, or locate a file room by name when the signer email is unknown.

Portal Administration > Language Settings > Language Settings
Enable localization: Administration → Account Settings → Account Settings → Enable Localization. Once enabled, a default language can be selected and users can set their own via User Profile.

NOTE: After enabling localization, the user must log out and back in to see changes.

Sending Page Defaults → Language: "Show" displays the language dropdown during the file send step. "Hide" uses the default language automatically for all sends.

NOTE: Profile Language Configuration is currently best used in Classic. Next Gen does not yet fully support other languages on Dashboard menus.

Additional Support SOPs > PDF Errors — Troubleshooting > PDF Errors — Troubleshooting
Common errors that may be resolved by adjusting PDF Engine or Text Tag Processor settings: internal server error, failure to regenerate, document failing during upload, text not showing or displaying incorrectly, Invalid Data Tag, font concerns, tags not showing, header missing on Word docs.

To access PDF Settings: Administration → Account Settings → Account Settings → search for PDF Engine.

Note current settings (screenshot to internal note in Zendesk).

Download the document and test it in the portal or your test portal.

Update the PDF Engine and Text Tag Processor to the opposite of what they are and test.

If successful, done. If not, try variations.

Final test: ensure PDF Conversion Engine, PDF Text Tag Processor, and PDF Engine all match.

If nothing works, submit a D

Account Settings Super Admin — Full Settings Reference > Account Settings Super Admin — Full Settings Reference
This section is an ongoing translation of portal settings so agents can confirm they are set up correctly or as the client has requested. Navigate to Administration → Account Settings.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > After a document is signed, send email notifications to
Determines who receives an email alert when all files have been signed by all signers. Typically set to "All."

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Email new users to access site after documents are signed
Invites signers to create an account and access the portal after they have signed.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Send notification email for USER who is CC'd
Sends an email notification when a third party with the role type of User is added as a CC recipient on a file room. Example: the person signing a form adds their accounting email so that contact receives the signed form.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Automatically email additional signers when docs are ready for them
Sends the system push to issue invite emails when one signer level completes their signatures, so the next level can sign. Example: the First Signer has signed, and the system automatically invites the Second Signer.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Send return receipt notification to sender when signer accesses document
Sends an email to the file owner when a signer opens (not signs) the document. This is often misunderstood — it is NOT sent when Sertifi delivers the email to the signer. It is triggered when the signer actually opens and accesses the document.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Change reply-to address for invite emails
Changes the email address that populates when a client replies to a file invitation. For example: Yeimi sent the file, but if the client hits Reply it goes to the Frontdesk group email instead of Yeimi's personal address.

Account Settings | Super Admin — Full Settings Reference > Sending Features > Enable senders to upload Reference Documents
Part of eSign. Allows documents that require no signature (from the "Reference Documents" list in the Document Library) to be included in sends.

Account Settings | Super Admin — Full Settings Reference > Sending Features > File Password Settings
Controls whether a password is required to access the file room.

Account Settings | Super Admin — Full Settings Reference > Sending Features > Time Zone
Should match the client's time zone so their portal displays sent/signed timestamps correctly.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 1 > Reassign Signer Mode
Allows the signer to assign their signatures to someone else, effectively inviting them to the room or document.

Disable: Removes this ability entirely.

Per Document: When a signer reassigns a document, all their documents in that room are reassigned.

Per Room: When a signer reassigns a document, only that specific signature request for that document is reassigned.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 1 > Add extra page with signature line for users who choose "Print, Sign, and Fax"
Adds a cover page for those who want to print, sign, and fax.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 1 > Decline Signature Mode
Gives signers the ability to decline signing.

Disable: A signer cannot decline a signature request.

One Document: When a signer declines, only the acted-upon document is declined.

All Documents: When a signer declines, all remaining unsigned documents for that signer are declined.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 1 > Enable senders to remove decline status
Allows the file sender to remove a declined status and resend to the signer.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 1 > Require login to view signed documents
Requires file signers to create an account and log in to the portal in order to view their signed documents.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 2 > Allow Mouse Signature

Enabled: Allows the client to use their mouse to sign.

Disabled: Does not allow mouse signing.

Keyboard: Sets Keyboard as the default signing method.

Mouse: Sets Mouse as the default.

Auto Detect: Detects between keyboard, mouse, or mobile and allows the client to sign how they choose.

Force Default: Forces either Keyboard or Mouse signing depending on which is selected.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 2 > Display printable version link
Allows the signer to see a "Printable Version" option in the right menu when signing.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 2 > Hide/Unhide Document Library
Controls whether the Document Library is visible to signers. If enabled with an upload requirement, rather than showing in the file conversations, the upload will appear on the folder itself like a signed document.

"Delivery Receipt" Emails > What Is It? > What Is It?
This is an email Sertifi sends to the File Owner alerting them that their client has opened the email for signature and accessed the document. Many clients misunderstand this email — it is NOT sent when Sertifi delivers the email to the client. It is triggered when the signer actually opens the email and accesses the document.

"Delivery Receipt" Emails > How to Verify > How to Verify
If a client says they should have received a delivery receipt:

Search for the file signer's email in the portal. If the file room shows 0 under the Open column, the client has not yet opened the email to view the room.

You can also check the File Activity to see whether the document was accessed, which also confirms the email was opened.

"Delivery Receipt" Emails > Where Is the Setting? > Where Is the Setting?
The setting for this email alert is in Account → Account Settings. The checkbox is labeled "Send return receipt notification to sender when signer accesses document." Enable it and click "Save Account Settings."

Support SOP: Troubleshooting Email Notifications > Support SOP: Troubleshooting Email Notifications
Purpose: Outline the steps to investigate and resolve cases where recipients do not receive expected email notifications in Sertifi.

Support SOP: Troubleshooting Email Notifications > Step 1: Initial Verification — Folder Room Review > Step 1: Initial Verification — Folder Room Review
Before checking system settings, confirm the folder and signer configuration is correct.

Go to the folder in question and double-check the following within Levels and Folder Activity:

Signer levels — ensure correct routing order.

Folder owner — verify the correct owner is assigned.

Duplicate entries — check if a signer or CC appears more than once.

Deleted or removed items — missing roles can interrupt notifications.

If any inconsistencies are found, correct them before proceeding.

Support SOP: Troubleshooting Email Notifications > Step 2: Check SendGrid Email Logs > Step 2: Check SendGrid Email Logs
Determine whether the email was ever triggered by the system.

Search for logs containing the subject line format: "[File Name] has been signed at [Location]"

If no logs exist, this confirms the email was never sent by Sertifi.

Document your findings to update the requester.

NOTE: In some cases emails can be dropped, bounced, or blocked even if they were sent.

Support SOP: Troubleshooting Email Notifications > Step 4: Validate Account Settings > Step 4: Validate Account Settings

Go to Account Settings.

Locate the two notification options listed above.

If either is unchecked, enable them and save.

Document the state of the settings before and after the adjustment.

Support SOP: Troubleshooting Email Notifications > Step 5: Perform a Controlled Test > Step 5: Perform a Controlled Test

Create a test folder.

Add a signer and a CC recipient.

Complete the signing workflow.

Verify that the CC receives the final email.

A successful test confirms the issue was caused by disabled notification settings.

Support SOP: Troubleshooting Email Notifications > Step 6: Summary > Step 6: Summary

Missing CC emails often result from disabled notification settings, not delivery failures.

Always check folder configuration, SendGrid logs, and account settings.

Adding oneself as a CC does not override disabled CC notification settings.

A test after enabling settings is required to confirm resolution.

Organization Management Master Tools > Organization Management Master Tools
The Organization Management function of Master Tools allows creation of singular or multi-account "Orgs" to apply specific login settings. This is where SSO logins are set up and where you can add a portal for a 90-day password change requirement.

Organization Management | Master Tools > Accessing Organization Management > Accessing Organization Management
When logged in to apps.sertifi.net/tools, select "Organization Management" from the list of options. You will see all currently set up Orgs. At the bottom is "Add Organization."

Organization Management | Master Tools > Add/Edit Organization Fields > Add/Edit Organization Fields

Org ID: Populates automatically once the Organization is saved.

Organization Name: Typically the name of the Parent Account or Brand (e.g., Loews SSO).

UI Setting: Select which Sertifi UI will display — Next Gen, Classic, or Set at Account Level.

Merge Documents and Consolidated Signing > Option 2: Merge (Not Recommended) > Option 2: Merge (Not Recommended)

All uploaded PDFs are permanently merged into one PDF before signing.

Once any signer completes signing, no additional documents can be added. The room becomes locked.

Reference documents may be inaccessible if Landing Page is disabled.

Do not recommend. Exists only for legacy use cases.

Sertifi Permissions & Roles — Flywire > Permissions by Feature Area > Document Library

View: Agreements Agent, HR Agent, HR Manager, Agreements Manager, Administrator

Manage (add/edit/remove): Agreements Manager, HR Manager, Administrator

Sertifi Permissions & Roles — Flywire > Permissions by Feature Area > Viewing Folders

My Items (own folders only): Agreements Agent, HR Agent

All Items (entire portal): Agreements Manager, HR Manager, Auditor

Sertifi Permissions & Roles — Flywire > Permissions by Feature Area > Reporting
Report access (view and run): Agreements Manager, HR Manager, Auditor, Administrator.

Payment SOPs

Support Specialist Basics > Security Groups Unmask CC, Clone, Refund > Security Groups Unmask CC, Clone, Refund
This document provides details for when a Super Admin requests how to add someone to Security Groups and the settings required for a Security Group to function correctly.

Support Specialist Basics > Security Groups | Unmask CC, Clone, Refund > Adding Someone to a Group

Navigate to Administration → Account Settings → Security Settings.

Click the silhouette icon next to the name of the Security Group.

Click Add Member.

Enter the email address of the account to add.

Once complete, the user must log out and back in for changes to take effect.

If added to the Unmasking Group: a blue credit card icon will appear on the File Maintenance page.

If added to a Clone/Refunds Group: Refund and Clone buttons will appear.

Support Specialist Basics > Security Groups | Unmask CC, Clone, Refund > Creating Security Group: Clones & Refunds

Navigate to Administration → Account Settings → Security Settings.

Select "Add Group" and name it "Clones & Refunds."

Select the pencil icon next to the group name.

Verify the following required settings are set to "Allow": Can Clone Payments Can Refund Payments Maximum Payment Clone Amount.

Optional setting: Maximum that can be refunded over original amount.

Save.

Support Specialist Basics > Security Groups | Unmask CC, Clone, Refund > Creating an "Accounting" Group
Some hotels want a third group that allows Admins to unmask, clone, and process refunds. Follow all the steps above, but configure the group with the required settings from both groups above combined. The Maximum Refund Over Original Amount setting enables refunding more than the client originally paid; most hotels leave this at zero.

Support Specialist Product Basics > eAuthorizations (eAuth) > eAuthorizations (eAuth)
Sertifi's eAuthorize solution allows a hotel to send a form or Authorization request to a client in order to gather credit card details ahead of a stay. The hotel can then unmask those details at a later date to charge the card.

Required settings for eAuth to work:

Payment Settings must be enabled: Administration → Account Settings → Payment Settings.

Payment Gateway must be configured with at least one option selected (CC). ACH cannot be used to pre-authorize. Navigate to: Administration → Account Settings → Payment Settings → Gateways and Rules.

Document Library must be set to "Show" so the CC Auth form is available as a sending option: Administration → Account Settings → Sending Page Default → Show Document Library.

Security Group "Can View Unmasked CC" is required for any

Other Brand SOPs > Kimpton Hotels Access or Security Group Requests > Kimpton Hotels Access or Security Group Requests
Kimpton uses Cherwell for approving portal or Security Group access requests.

For Security Group access: Hi {name}, Please create a Modify User request from the Cherwell Helpdesk portal to enable your Sertifi account to view unmasked credit card numbers. When approved, we will provide access. Cherwell: https://kimptonit.com | Phone: 866-961-1001

For portal access: Hi {name}, Please create a Modify User request from the Cherwell Helpdesk portal to provide portal access. When approved, we will provide access. Cherwell: https://kimptonit.com | Phone: 866-961-1001

Other Brand SOPs > Pyramid Properties — FreedomPay & Merchant Lynx > Pyramid Properties — FreedomPay & Merchant Lynx
Use when a Pyramid property reports FreedomPay payments not working. Gateway: FreedomPay Merchant Provider: Merchant Lynx Management Company: Pyramid Global Hospitality.

Primary Contact: Rick Wenacur rick@merchantlynx.com (917) 817-0440 — Rick can turn Pyramid merchant accounts on or off.

Confirm the property is Pyramid-managed and the gateway is FreedomPay.

Contact Rick Wenacur and ask if the account was disabled or is being reactivated.

If requested: provide Store ID, Terminal ID, and VAR Excel (if available).

Client update language: "Your merchant services provider, Merchant Lynx, confirmed they have Pyramid approval to reactivate your account. We expect it to be ready shortly and will retest once active."

Retest payments, update the ticket, and close the case.

SAML / Okta / SSO Certificate Updates > Okta Sandbox SSO Rebuild Handling > Okta Sandbox SSO Rebuild Handling

Send a case to Implementation including: Portal URL, Environment (sandbox), SSO Provider (Okta), note about sandbox SSO disconnected due to rebuild, and the Zendesk ticket ID.

Customer communication: "The sandbox SSO environment was rebuilt, which disconnected previously configured sandbox portals. Support does not configure SSO. We have sent this to our Implementation team, and they will reach out to confirm once setup is completed."

Keep the Zendesk ticket open until Implementation confirms ownership.

CS1: Payments Basics > Auth vs. Pay MID > Auth vs. Pay MID

Contracts and Assets: No ePay/SPay asset generally means no payments.

Payment Settings: If preconfigured, likely Authorization-only.

Reports: Check whether a Transaction Status or End of Day report shows dollar amounts.

Allowable Payment Methods: ACH selected in the gateway indicates an ePay MID.

CS1: Payments Basics > Payment Gateway Setup > Payment Gateway Setup
To allow payments (not just authorizations), the client must be an ePay or Sertifi Pay (SPay) client. Enabling the gateway alone is not enough — it must have correct credentials and be enabled for the right workflow.

NOTE: The only gateway supporting both ACH and CC in a single setup is Stripe.

CS1: Payments Basics > Old vs. New MIDs > Old vs. New MIDs

If a portal has 2 MIDs for the same payment type with only one live, the other was a previous vendor.

Impact on clones: payments taken on the old MID cannot be cloned through the new one. The hotel must resend the CC Auth under the new MID.

Impact on refunds: using a new MID to refund a payment taken on an old MID triggers an error. The old gateway holds those funds.

Do not remove old MIDs until the account is fully closed — refunds can still process through the old vendor while it remains open.

Payments | Bank Change Requests & MID Changes > Bank Change Requests > ePay Clients
Client must provide updated bank details to their credit card processor directly. Reply: "Hello {name}, It looks like you are an ePayment client. While payments are completed via Sertifi, all deposits are managed by your Processor. We show you are using {Gateway} — please provide your updated banking details directly to them."

Stripe Support > Stripe Future Off-Session Payments > Stripe Future Off-Session Payments
Applies when a payment has been received by the hotel but the Batch Settlement Report does not match. Typically occurs with ACH payments where Stripe pays out before the ACH fully clears.

Pattern: client reports a deposit that does not match the report, the "missing" payment appears to be missing from Sertifi reporting, and the payment is ACH (not a credit card).

To confirm in Stripe: log in, locate the Batch Payout, compare transactions against the SertifiPay Batch Settlement Report. Click the payment → Transfer link → Source transaction to confirm future off-session processing.

Client reply: confirm the payment matches Stripe and can be located in the file room, and that it will post to the report within a business day or two. Put the ticket On Hold with a calendar reminder to check b

Stripe Support > Stripe ACH — Allowed Countries > Stripe ACH — Allowed Countries
Stripe allows ACH bank transfer payments from: US, UK, Japan, Mexico, and European countries. See Stripe's support site for the current listing: Bank transfer payments.

FreedomPay | Escalation & VAR Sheets > Escalation Steps When All Cards Are Failing > Escalation Steps When All Cards Are Failing

Confirm the error in Datadog (CVV failures that seem inconsistent may still appear as CVV — this is normal).

Escalate with the gateway if you have that relationship, providing the error examples.

At the same time, ask the customer to escalate with their internal Finance team to check with their processor.

If the processor confirms a new MID or VAR sheet is needed, submit an IMP case.

Payment Gateway Reach-Outs > Identifying When to Contact a Gateway > Identifying When to Contact a Gateway
First, look up the FPS Session ID in Datadog. In many cases (CVV/AVS/FRAUD), Datadog logs are sufficient. Reach out to the gateway when:

An error like "Invalid Merchant" suggests the MID may be inactive.

The client has successfully processed in the past and is now getting errors.

All card types or one specific card type is failing and you need gateway confirmation on setup.

If unsure, ask in the Support Squad channel.

Payment-Specific Support SOPs > MCC Code > MCC Code
eAuth clients use a shared MID with MCC code 7011 (generic lodging). ePay/SPay clients typically use 7399 (Event Services) for approximately 0.5% savings per transaction over lodging rates.

Important: If the hotel uses the same portal for eAuth and ePay with 7399, they may have problems with virtual cards or corporate cards that restrict MCC codes. The workaround is separate portals for eAuths/Confirmations vs. payments.

⚠ When a client asks to change their MCC Code, loop in payments@sertifi.com for all MCC changes regardless of client type.

Payment-Specific Support SOPs > Arrival/Event Date Payment Rule > Arrival/Event Date Payment Rule
When clients question why payments are allowed within a certain number of days:

Navigate to Gateways & Rules and verify the correct rules are in place.

Check whether the Event Date was sent to confirm if the rule should have triggered.

NG: Open the folder and look at the top text boxes for the event date.

Classic: Open the folder → File Activity → review the event data.

Support Search Tools > Document and File Lookup > Document and File Lookup

Room ID: found in the URL after the = sign. Search in "Room ID Encrypted" to get the full room link.

Document ID: the numeric ID on the bottom of signed forms. Search in the Doc Identifier field.

Payment ID: search using the Payment Identifier field.

Support Search Tools > Portal Searches > Portal Searches

File Name: search using "all months" and "all years" across Active, Archived, and Deleted files.

Date: use the calendar range to limit search to the dates mentioned. Review files on that date.

Payment Amount: use Payment Reports to locate the amount and pull the File Room name.

Portal Administration > Updating a Portal Logo > Updating a Portal Logo
Always confirm the requester is a Super Admin (or loop in one) and review the logo for signs of a rebrand before proceeding.

Navigate to: www.sertifi.com/testsite/Administration/manage_accounts.aspx

Search for the portal name or URL (remove HTTPS://). Spaces are OK in this search.

Select "View This Site."

Select "Choose File" and locate the new logo file.

Click Save and wait up to 15 minutes. Check in an incognito window.

NOTE: If the logo does not populate after 3 attempts and 15 minutes, ask in the Support Squad channel. The logo may need to be resized, or your browser may be cached.

Additional Support SOPs > Next Gen Authorization Flow > Next Gen Authorization Flow
Step 1 — Complete the Form: Fill in all required fields. A green banner prompts advancing. The Credit Card Submission tag appears but remains inactive until the participant advances.

Step 2 — Submit Credit Card Details: After completing the form, participants see only the CC submission screen. If an error occurs here, the form is still complete — hotels no longer require a successful CC submission to retain a signed form.

Step 3 (Optional) — Upload ID: Appears only after CC submission and only if the portal requires it. Accepted formats: JPEG, PNG, PSD, SVG.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Notify owner after each signature when multiple signatures are required
If checked, this emails the file room owner after every individual signature in a multi-signer file room (e.g., multiple 1st signers, or a 1st/2nd/3rd level file room).

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Include signed documents
Controls how signed documents are included in the completion notification email:

Do not include: The only way to access the file is to log in to the portal.

As Attachment: The file is attached as a PDF. If the file is too large for email, it will revert to a link automatically.

As link in message: The signed file is accessible via a link in the notification email.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Notify CC after each signature when multiple signatures are required
If a file room has First, Second, Third, etc. signer levels, this sends an email to any and all CC recipients each time a person signs.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Emails to Carbon Copy when any signature request is sent
Adds automatic additional CC recipients for every signature request. These recipients do not need to be added manually during sending and will be attached to all files.

Account Settings | Super Admin — Full Settings Reference > Notifications & Alerts > Send payment notifications to
Determines who receives payment notifications when a payment is made. Options: Payer Other SignersCCs Owner.

Account Settings | Super Admin — Full Settings Reference > Sending Features > Enable senders to duplicate files
Populates the "Duplicate File" option and allows the File Owner/Sender to send the same file to up to 50 people at once. The system creates a separate file and returns a separate PDF for each person who signs. Limits: if the file contains 1 document, you may duplicate for up to 50 email addresses. If it contains 10 documents, you may duplicate for up to 5 email addresses.

Account Settings | Super Admin — Full Settings Reference > Sending Features > Payment visibility duration
Determines how far in advance payments are visible to payee customers. Example: if a payment is due in 6 months and this setting is 90 days, the paying customer will not see it yet.

Account Settings | Super Admin — Full Settings Reference > Signing Features — Part 2 > Landing Page
Controls the signer experience when clicking the email button to sign or access the file room.

Show: Email invitation links take the signer to the room page.

Skip: Email invitation links take the signer directly to the first available document or payment.

Skip + Redirect: Email invitation links take the signer directly to the first available document or payment. After signature or payment is received, signer is redirected to the Thank You page. This overrides "Display Exit Button" and "Go back to files page when more files to sign" settings.

Support SOP: Troubleshooting Email Notifications > Step 3: Identify Common Root Cause > Step 3: Identify Common Root Cause
In recent cases, CC emails and folder owner notifications were not delivered because two notification settings were disabled. Key settings to review:

Automatically email additional signers when documents are ready for them

Notify CC after each signature when multiple signatures are required

When these settings are unchecked:

CC recipients receive no notifications.

If the file owner adds themselves as a CC, the system still suppresses CC emails.

Support SOP: Troubleshooting Email Notifications > Step 7: Documentation > Step 7: Documentation
Record the following for each case: folder details and owner, SendGrid log findings, notification settings status before and after, and test results. Follow up with the ticket requester.

Updating Reports Adding Sites to Management Group Reporting > Updating Reports Adding Sites to Management Group Reporting
This process covers how to add portals to a Management Properties portal for Admin by Site reports.

Go into the Report Management Page and locate the report that needs locations added.

Click "Add/Remove Site" for that specific report.

The list of locations already added will populate. At the bottom is a search function.

Search for the location to add. The portal must be searched without spaces — the easiest method is to pull the name from the portal URL.

Click "Add" on the site that populates. It will immediately appear in the portal list above the search bar.

NOTE: If the client has multiple "by Site" reports active, click "Update All Rollups" after each location is added. This will populate all added sites to all active reports at once.

Merge Documents and Consolidated Signing > Option 1: Don't Merge (Recommended Default) > Option 1: Don't Merge (Recommended Default)

Each document remains separate.

Signature documents are signed individually.

Reference documents remain independent.

Documents can be added before signing begins.

Use this for standard workflows, when documents must stay independent, or when flexibility is required. This is the safest and most common option — recommend unless the client explicitly requests a single signing experience.

Merge Documents and Consolidated Signing > Option 4: Consolidated Signing (Recommended When Needed) > Option 4: Consolidated Signing (Recommended When Needed)

Signers see one combined signing experience on one screen.

Signature pages are presented as one continuous flow.

Reference documents can be included.

Documents are NOT permanently merged.

After signing completes, each document is saved as its own separate PDF.

Once all required signatures are captured, the room is locked — no additional documents can be added.

Use when the client wants one signing experience for multiple documents, but wants them separated after signing. This is the modern replacement for Merge — recommend instead of Merge whenever a client asks to combine documents.

Support SOP: Custom Sign or Pay Button Error > Steps to Review and Correct an Email Template > Steps to Review and Correct an Email Template

Go to the portal where the issue was reported.

Open the Administration menu.

Navigate to Account Settings.

Select Emails from the menu.

Locate the email template in question. You can identify it by the subject line:

If it was the first email sent to signers, look for Signer Invite or similar.

If it included a payment request and a document, look for Payment Due Invite.

If it was a payment-only request, check the Payment Only email template.

Once you find the correct template, open it and review the HTML content.

Check for invalid or incorrect URLs. Occasionally a template contains a wrong or outdated link that does not belong to the portal.

If you find an issue, report it to the appropriate team for correction. Note: the responsible team may vary depending o

eForms vs. Document Library > eForms — Signer Completion Process > eForms — Signer Completion Process

Signer opens the email and selects "Continue" on the Sertifi screen.

Fills in all relevant details and required fields. Date fields allow the user to select a range.

Selects the Approved Charges.

Checks the Terms and Conditions box and confirms their signature is showing. Cannot advance without completing required terms.

Selects the green arrow to proceed to the CC Submission step.

Once CC is filled in and submitted successfully, the signer can review or download their completed items.

eForms vs. Document Library > Document Library — Signer Completion Process > Document Library — Signer Completion Process

Signer opens the email and selects "Continue" on the Sertifi screen.

Fills in all relevant details. Unlike eForms, required fields are indicated by red boxes and tags. Date fields are manually entered.

Selects Approved Charges (can be made optional or required as needed). If using a Group Form, include each individual covered under the authorization.

Completes the Terms checkbox and confirms their signature is in place before clicking the green arrow to advance.

Completes the Credit Card submission step.

Once submitted successfully, can review or download completed items.

How To Open Email Files Sent via EML > How To Open Email Files Sent via EML
Email threads attached to Zendesk tickets are often downloaded as EML files (Electronic Mail Format), which may not be viewable by default. This guide shows how to open them.

How To | Open Email Files Sent via EML > Step 1: Is the Download Safe? > Step 1: Is the Download Safe?
Before clicking any attachment in Zendesk, verify the sender is trusted.

Safe Download Checklist:

The ticket requester is associated with a Sertifi portal.

They are active, or were recently sent a form.

They refer to an image or visual "attached."

You see the abbreviation "EML" in the attachment name or by hovering over the file.

Do not download if:

The ticket requester is not found in the system.

The requester is acting "on behalf of someone."

This is a suspected fraud or scam.

The ticket requester's account is disabled.

The attachment format is not PDF, Word, or EML.

NOTE: If unsure about the attachment, check in the Support Squad channel first. Do not download files that seem suspicious — the Security Team has tools to safely review such files.

How To | Open Email Files Sent via EML > Step 2: Download the EML > Step 2: Download the EML
Once verified as safe, click the attachment to download it. You will find it in the upper right corner of your browser upon completion.

How To | Open Email Files Sent via EML > Step 3: Converting the Attachment > Step 3: Converting the Attachment

Locate the downloaded EML file on your device.

Hover over the file, right-click, and select "Open With."

Choose Outlook as the application.

This may open a new Outlook window even if you use the Outlook app for email. From here you can see the full email details and determine next steps.

Classic Payment Reconciliation > Classic Payment Reconciliation

Click on Reports in the menu.

Select Payments, then End of Day.

Set your Start Date and End Date range for the report.

Click View Report to generate the report.

Click on the Status drop-down menu and uncheck Error to filter out failed payments.

Optionally, filter by Payment Method if needed.

Always click View Report again after making any changes to refresh the results.

Surcharging Overview > Definition > Definition
A payment surcharge is an additional fee added to a credit card charge to cover the transaction cost. This is different from a convenience fee, which is usually a flat rate. Do not use the terms "surcharge" and "convenience fee" interchangeably — there are legal differences.

Surcharging Overview > Legal Background > Legal Background
Surcharging was previously prohibited by card brands but became permissible following a class action lawsuit in the early 2000s (the Walmart suit), which allowed retailers to pass credit card fees to merchants. The settlement in 2013 allowed retailers to surcharge transactions. The monetary settlement is still in court.

Surcharging is now allowed in most states, except: Connecticut, Maine, Massachusetts, and Puerto Rico. Colorado caps the surcharge rate at 2%, which is often insufficient to cover transaction costs.

Surcharging Overview > How It Works (Charge and Refund Example) > How It Works (Charge and Refund Example)
Initial Charge:

$100 is requested by the Merchant.

$103 is charged to the Payer.

$100 is deposited to the Merchant bank account.

$3 is deposited in Sertifi's bank account. Sertifi then pays the majority of that to the card industry, keeping a small margin for services.

Refund:

When a refund of $50 is requested, Sertifi refunds $51.50 to the Payer.

Sertifi pulls $50 from the Merchant bank account and $1.50 from the Sertifi bank account.

The card industry refunds some of the card fees to Sertifi, ensuring neither Sertifi nor the merchant loses money on refunds.

Surcharging Overview > Customer Savings > Customer Savings
Customers generally reduce their fees by about 75% when surcharging is turned on. ACH is offered as a free option for customers, similar to cash in a card-present transaction.

Searching for a File Room with Payment/Auth > Searching for a File Room with Payment/Auth
This process covers how to locate a file room that is older than a year or two and cannot be found using the usual portal search.

Searching for a File Room with Payment/Auth > Step 1: Search the Signer's Email > Step 1: Search the Signer's Email
Try a portal search with all of the following: all time, all items, all types (active/pending/processed/archived), and the signer's email address (no spaces). If the file does not appear, proceed to Step 2.

Searching for a File Room with Payment/Auth > Step 3: Search Reports > Step 3: Search Reports
Navigate to the Payments: Transaction Status Report. Set the search parameters for the date range in question and search by card last 4. This report includes a "folder owner" column at the far right, which will provide the email address of the Admin who created the room.

Authorizations & AMEX > Authorizations & AMEX
While no authorization ever charges a card for any amount, American Express sometimes applies a small amount to the authorization for verification purposes.

Authorizations & AMEX > AmericanExpress Auth Amount > AmericanExpress Auth Amount

AmericanExpress may process a small verification amount through an authorization.

This is not something the hotel has configured — it will not show in File Activity, receipt details, or Payment Settings.

The amount is always less than $1 (typically $0.01 or $0.10).

Confirm this by reviewing the File Room (which will show no dollar amount for the authorization) and Datadog.

Authorizations & AMEX > Common Client Questions > Common Client Questions
"Do we need to refund the amount?"

No. Since it is merely the verification amount required by AmericanExpress for this transaction, it is only a pending charge and will fall off in a few days.

"My client is seeing a charge on their statement."

Sometimes AmericanExpress requires an authorization amount in order to process. However, it should fall off the account in a few days and will not post.

"Why isn't this listed in the eAuthorization details?"

This is not required by Sertifi and does not apply to all authorizations — it is specific to AmericanExpress transactions as part of their security verification layer. We cannot control when they require the verification amount, but the pending charge will fall off.

**⚠ In the event a client is re

Sertifi Permissions & Roles — Flywire > Role Definitions > Role Definitions
RoleWho It's ForKey Capabilities
---------
Agreements AgentFront-line staff who send and manage agreementsSend agreements, manage folders, view participants
Agreements ManagerTeam lead with elevated control over agreementsAll Agent permissions + manage payment rules, view all items, manage document library
HR AgentHR staff handling employment/onboarding docsSend and manage HR-specific agreements and participant uploads
HR ManagerHR team leadAll HR Agent permissions + view all items, manage document library
AuditorRead-only reviewer for compliance/reportingView folders, reports, documents, participants — no edit or send access
AdministratorSystem-level admin Full access including user management

Sertifi Permissions & Roles — Flywire > Permissions by Feature Area > Sending Agreements
All agent and manager roles can send new agreements. Document types by role:

Signature Documents — all agent/manager roles

Reference Documents — all agent/manager roles

eForms — Agreements Agent, Agreements Manager only

Payment Requests — Agreements Agent, Agreements Manager only

Authorization Requests — Agreements Agent, Agreements Manager only

Participant Uploads — all agent/manager roles

Sertifi Permissions & Roles — Flywire > Permissions by Feature Area > Payment & Authorization Controls
Within a payment request, Agreements Managers have exclusive control over:

Disabling payment rules

Enabling or disabling payment methods

Enabling or disabling surcharging

These settings are NOT available to Agreements Agents, even though agents can send payment requests.

Sertifi Permissions & Roles — Flywire > Role vs. Feature Quick Reference > Role vs. Feature Quick Reference
Feature / PermissionAgr. AgentAgr. ManagerHR AgentHR ManagerAuditorAdmin
---------------------
Send new agreement✓✓✓✓––
Manage document library–✓–✓–✓
View all folders (not just own)–✓–✓✓✓
View & run reports–✓–✓✓✓
Manage payment rules/methods–✓––––
Manage users (Admin)–––––✓
Delete/archive folders✓✓✓✓––
Add eForm / payment requests✓✓––––
View participants✓✓✓✓✓✓

Sertifi Permissions & Roles — Flywire > How to Advise Clients on Role Setup > Recommended Starting Framework

Identify the primary agreement workflow owner — assign Agreements Manager.

Identify day-to-day agreement senders — assign Agreements Agent.

Identify HR-specific workflows (if applicable) — assign HR Agent or HR Manager.

Identify compliance or audit stakeholders — assign Auditor (read-only).

Confirm if payment processing is enabled — if so, identify finance staff for Charge Card / refund roles.

Confirm who needs unmasking access (PII or transactions) — assign only after client confirms a specific, documented need.

Sertifi Permissions & Roles — Flywire > How to Advise Clients on Role Setup > Common Client Scenarios
Scenario A: Client wants a staff member to view folders but not make changes.

Recommend the Auditor role. Explain it gives full view access to folders, documents, participants, and reports, but no ability to send, edit, or delete anything.

Scenario B: Client wants to restrict who can change payment settings.

Explain that payment rule and method controls are limited to Agreements Manager only. Agents can send payment requests but cannot modify the underlying payment configuration.

Scenario C: Client asks who should have the Administrator role.

Advise clients to keep Administrator assignments minimal — typically one or two IT/ops contacts who manage user setup. Administrators can add and remove users across the portal.

**Scenario D: Client wants to enable card-on-file charg

General Agent SOPs

Zendesk Front-End → Escalations Workflow > Purpose > Purpose
To ensure every ticket handed off to the Escalations Team includes the technical context and system links required for immediate deep-dive troubleshooting. This process automates customer acknowledgment, logs the internal note, and keeps Zendesk organized and audit-ready.

Zendesk Front-End → Escalations Workflow > Escalations Team SOP > When a Ticket Lands
Upon receiving an escalated ticket, you will see:

Group: Escalations Team

Tag: escalation

Assignee: Automatically set by round-robin

Internal note: Confirms the customer auto-reply was sent

No immediate customer response is needed — communication has already been handled.

Zendesk Front-End → Escalations Workflow > Escalations Team SOP > Communication Guidelines

Customer Updates: Only post when the issue is confirmed, a fix is underway, or resolution is verified.

Internal Notes: Use for progress, findings, or updates between Escalations and Front-End.

Never re-add the escalations_team tag — it is automatically stripped after the first trigger.

Zendesk Front-End → Escalations Workflow > Escalations Team SOP > Automation Flow Summary
StepSystem ActionResult
---------
1Front-End adds escalations_team tag.Ticket moves to Escalations group.
2Auto-reply trigger fires.Public acknowledgment sent to requester.
3Internal note trigger fires.Logs that acknowledgment was sent.
4Tag cleanup automation.Removes escalations_team; adds escalation.
5Round-robin trigger fires.Assigns ticket to next Escalations agent.

Support Specialist Basics > Profile Statuses: Active, Pending, Disabled, 0 > Active
The person has fully activated their profile, assigned a password, and acknowledged our terms via the Welcome email. This is where a password is assigned, so those who have not activated may have trouble logging directly into the portal.

Support Specialist Basics > Profile Statuses: Active, Pending, Disabled, 0 > Activating Profiles

Look up the Admin and click into their profile.

Scroll to the bottom and select Master Tools for the portal.

Select Activate User.

Enter the email address and select Activate.

Support Specialist Product Basics > Security Review Tickets > Security Review Tickets
If you receive a suspicious ticket or a client sends a link you must download to view, follow this process. Do not click, download, or otherwise open suspicious files or links.

Other Brand SOPs > Firmdale Hotels > Firmdale Hotels
⚠ Firmdale does not want any portal experience changes. All requests must come from Leon Smallbone (LeonSmallbone@firmdale.com). Double-check any request with Julie or Alejandro before proceeding.

Portal experience: portals ending in "reservations" use NextGen (Front Office). Portals ending in "hotel" use Classic (Events).

Shift4 Support > Sites Upgrading to Sertifi Pay Token > Sites Upgrading to Sertifi Pay Token
Sertifi team sends request to installationservices@shift4.com with: notice of upgrade, Site DBA and Address, Shift4 MID or Account #, request for new Sertifi Pay auth token, and contact name/email for token delivery. Ideally the token recipient should be our team.

Organization Management | Master Tools > Adding Accounts > Adding Accounts
Input the account's portal URL into the "Account Primary Domain" box and select "Add Account." Repeat for as many portals as needed.

⚠ Click "Save Organization" between every few accounts if adding multiple portals. The tool has been known to reset without saving.

Merge Documents and Consolidated Signing > Merge Documents and Consolidated Signing
This setting controls how documents are presented during signing and how PDFs are handled after signing. It does not change documents at upload time. There are four options.

Merge Documents and Consolidated Signing > Option 3: Merge Documents With Field Names Modified (Not Recommended) > Option 3: Merge Documents With Field Names Modified (Not Recommended)

Same behavior as Merge.

Field names are modified to prevent data copying between documents.

Do not recommend. Extremely limited use cases only.

PDF/Word Tagging — Adobe Acrobat Guide > Common Document Tips & PDF Errors > File Naming
Use simple, base-level names for PDF files. Avoid special characters or complex naming conventions that may cause upload errors.

PDF/Word Tagging — Adobe Acrobat Guide > Common Document Tips & PDF Errors > Tag Validation

Check for invalid tags, especially underscores throughout the document.

Ensure only one instance of the tag SertifiSStamp_1 is used.

If multiple signatures are required, use SertifiSignature_1, SertifiSignature_2, etc.

PDF/Word Tagging — Adobe Acrobat Guide > Common Document Tips & PDF Errors > JavaScript Elements
Look for dropdowns or other interactive elements that may indicate embedded JavaScript. Sertifi does not support JavaScript — these elements must be removed or replaced.

PDF/Word Tagging — Adobe Acrobat Guide > Common Document Tips & PDF Errors > Unique Field Names
All textboxes and checkboxes must have unique names. Duplicate field names can cause data entry errors or overwrite issues.

PDF/Word Tagging — Adobe Acrobat Guide > Common Document Tips & PDF Errors > Look for Hidden Tags

Tags are sometimes hidden using the same color font as the background (e.g., white text on a white background).

You can sometimes spot them by looking for the red squiggle that appears under misspelled words in most programs.

Search the document using Ctrl+F for: "Sertifi", "[[", "]]", or "SFLD" — all are good search terms for finding incomplete or broken Sertifi tags.

Sertifi Support SOP: Blocked Domains for Embedded Forms > Sertifi Support SOP: Blocked Domains for Embedded Forms
Purpose: Ensure secure and reliable use of Sertifi embedded forms by maintaining a list of domains that are blocked due to security, compliance, or performance concerns.

Support SOP: Custom Sign or Pay Button Error > Support SOP: Custom Sign or Pay Button Error
Error: Invalid URL Request. The client may not have the option to proceed to the next step and is faced with an "Invalid URL" error. This is usually caused by an incorrect or malformed URL in an email template.

Regenerate PDFs for Missing Signatures > Regenerate PDFs for Missing Signatures
Use this process when a completed document appears to be missing a signature.

Click on the three dots next to the document in question within the file or folder room.

Select "Document details" from the menu.

Click "Regenerate PDFs."

Repeat these steps for all documents reported as missing a signature.

Check all documents within the folder room to confirm signatures are now present.

eForms vs. Document Library > eForms vs. Document Library
NOTE: eForms is only available in Next Gen portals. If the portal is in Classic UI, eForms is not an option.

eForms vs. Document Library > Document Library Workflow — Admin View > Document Library Workflow — Admin View
Steps to send a Document Library PDF:

Navigate to the "Create New" menu and select "Send Authorization" (no eForms label).

Complete the required fields: Folder Name and 1st Participant email.

Select the form to send via the document dropdown (note: this says "select document," not eForm).

Once added, prefill the document if needed via the "Prefill" button.

Select "Send Now."

4. How-To Procedures

ACCOUNT

** Account::LockedOut
Hello,

Your account has been temporarily locked due to multiple unsuccessful login attempts within a short period. As a security measure, it will remain locked for 60 minutes.

We apologize for any inconvenience this may cause. If you believe this lockout is in error or need immediate assistance, please contact us.

Thank you for your understanding.

Change Admin Role account:change_admin_role:agent
Changing Admin Levels
Super Admins can alter the role types of other admins, which can expand or restrict their permissions in your Sertifi portal.
To change an admin's level:
Start from the portal home page. Click
Administration
.
Click
View Admins
.
Find the user you'd like to update, and click their email address.
On the admin's profile page, select a new role from the
Role
dropdown menu.
If you need to remove an admin's access from the portal, set their role to
Disabled
.
Click
Update
to finalize the admin's new role type.

Change Password account:change_password:agent
Change Your Password
Navigate to
Administration > My Profile
.
Click Change Password in the Maintain My Account section.
Enter your current password.
Enter your new password. Your password must use at 12 characters and contain one uppercase letter, one lowercase letter, one number, and one special character.
Accepted special characters are @ # $ % & * - ! + = . ? ( )
Enter your new password again in the Confirm Password box.
Click
Save
.

Contact Sso Admin account:contact_sso_admin:agent
Hi {{current_user.first_name}},

For this issue, you'll need to reach out to your organization's SSO administrator.
If you're unsure who that might be, we can see on our end that
[ ]
is listed as a
Super Admin
and has recently accessed the system. They may be able to either assist directly or point you to the appropriate department for support with SSO-related matters.

Please let me know if you need anything else!

SertifiSupport@flywire.com

Create User account:create_user:classic
Create Users and Admins
To create a new user or admin:
Navigate to
Administration > Create Admins
.
Enter the email address of the user you want to make an Admin, and then click
Search
. The Sertifi system locates the user for you.
Tip
If a user is already assigned an admin role, you'll receive the following message: [email address] was found in our system and is already a [user role] for your site.
You can click
Change Role
to update the role for the user.
Click the role you want to assign to the user from the dropdown, and then click
Create account for user
. You can also designate which workflow they should have access to –
Agreements, Authorizations
, or
All
.
For more information about user roles, see
Sertifi Roles
.
Caution
Admin accounts of any level
cannot access credit card information
by default. Admins who need to access credit card information
must
be added to a security group with that permission in order to view unmasked cards.
See more about Security Groups
.

Create User account:create_user:next_gen
Create a new user
Each user of your Sertifi portal requires a user account. You can choose from four role types, which grant certain permissions to the users assigned to that role. Available role types are Admin, Auditor, Power Admin, or Super Admin.
Refer to the Roles guide
for more information about the abilities and permissions of various Roles.
To create a new user:
Click on
Administration
, and then click
Go to Classic Administration
.
Navigate to
Administration > Create Admin
in the Sertifi portal.
Enter the email address you want the user to use when accessing Sertifi.
Select the role you want to assign for that user.
Click
Create Account for User
.
Repeat the process for each user you want to add to the portal.

Deactivated Reactivate account:deactivated_reactivate:agent
Hi {{ticket.requester.first_name}},
It looks like your account has been deactivated. This can happen when a role is set to "User" or when an account is disabled by a Super Admin.
We've reactivated your account. Please try logging in and let us know if you run into any issues.
If your access level also needs to be updated, a Super Admin at your property can adjust your role at
Administration > View Admins
.
SertifiSupport@flywire.com

Deactivate User account:deactivate_user:agent
Deactivating admins and users
In the event that a user no longer requires access to your Sertifi portal, a Super Admin can deactivate their user account to remove their access from the portal. To deactivate a user:
Click
Administration > Create Admins
.
Enter the email address of the user you want to disable, and then click
Search
.
Click
Change Role
. The user info screen opens.
Select
Disabled
in the Role dropdown.
Click
Update
. The user no longer has access to your Sertifi portal.

Disposable Email Blocked account:disposable_email_blocked:agent
Hi {{ticket.requester.name}},

Thank you for reaching out to the Sertifi Support team.

For security, our form blocks disposable/temporary email domains.

Please resubmit using a valid business/corporate email (e.g., your @company.com address). If you believe your normal corporate domain was blocked by mistake, reply with the domain and we’ll take a look.
SertifiSupport@flywire.com

Email Whitelist account:email_whitelist:agent
Hello {{ticket.requester.first_name}},

Thank you for reaching out to Sertifi Support. We can see the portal is properly sending you notifications (please see attached).

[ATTACHED IMAGE]

You will first want to check the SPAM folder for emails from us, and then also add "
services@sertifi.net
" to the address book to ensure all new emails will be received successfully.

If that does not do the trick, your email may need to be set up based on your work computers Network/Firewall/VPN settings. Please check with your IT Team and make sure the Sertifi IP ranges are white listed.

To ensure

Reactivated account:reactivated:agent
Hello {{ticket.requester.first_name}},

Thank you for reaching out to us.

We have successfully reactivated your account! Please try login in and now let us know how it goes.

SertifiSupport@flywire.com

Reactivate User account:reactivate_user:agent
Reactivating admins
If the deactivation setting is enabled on your Sertifi account, your portal will automatically deactivate admins after 90 days of inactivity. If an admin is deactivated, and doesn't reactivate their account in time, you can reactivate them from the View Admins page.
To view and reactivate deactivated admins:
Navigate to
Administration > View Admins
.
Select
Show only deactivated admins
.
Click
View All
. Only deactivated admins appear in the list.
Locate the admin you want to reactivate.
Click the email address to access their Admin Info.
Click
Reactivate
in the Account Status area. The admin is reactivated and can access the portal again.

Super Admin No Super Available account:super_admin_no_super_available:agent
Hi {{ticket.requester.first_name}},
It looks like your portal may not have an active Super Admin available to grant you access. We can help verify your identity and role to get this resolved.
To proceed, please provide:
Your full name and email address
Your property name and portal URL
Your role at the property (e.g., General Manager, Front Desk Manager)
Once verified, we'll get your access updated. Please note this process typically takes 1–2 business days.
SertifiSupport@flywire.com

Update Contact Info account:update_contact_info:agent
Update Contact Information
Navigate to
Administration > My Profile
.
Scroll to the bottom of the page and
Click Edit Personal Info
.
From here, you can edit or update the following information:
First name
- your first name (Required)
Last name
- your last name
Initials
- your initials
Title
- your title
Company
- your company name
Address Info
Language
- the default language for your portal.
Prefill Signature Fields
- select this box if you want to pre-fill signature forms with your information in documents where you are countersigning.
Click
Save
.

View Admins account:view_admins:agent
View Admins
Navigate to
Administration > View Admins
to see a list of all the admins in your portal, including Admins, Super Admins, and Power Admins. To see information for an individual admin, click on their name. From here, you can see:
Name
- the first and last name of the Admin
Email
- the email address of the Admin
Role
- the level of the admin; either Admin, Super, or Power
Last Login
- the date and time of the Admin's most recent login
Workflow
- Next Gen separates workflows between Authorizations and Agreements. Admins can be set to
All
to have access to both workflows.
Click
View All
to see all of the Admins in your portal, or filter by first name, last name, or email address. You can also click a letter to view Admins whose first name starts with the letter you select.

EAUTH

Add Ip Allowlist eauth:add_ip_allowlist:agent
Create an Allowed IP Address List
An Allowed IP Addresses list ensures that
only
certain IP addresses can access your portal.
Warning
The Allowed IP Address list is strictly exclusive; it's a best practice to verify that all of the necessary IP addresses are added, as otherwise some users may not be able to access the portal.
To create your Allowed IP Address List:
Navigate to
Administration > Account Settings > Security Settings
.
Navigate to
Restrict Access to Site by IP Address
.
Enter the description or name for the IP address you want to allow.
Example: United States IP addresses, Confirmed Merchant IPs, etc.
Enter the IP Address in the Allowed IP Address box.
Click the checkmark.
Toggle the
Restrict Access to Site by IP Address
from Off to
On
.
Caution
Do not add
IP addresses starting with 10, 172, or 192, as this could inadvertently block you or other users from accessing the portal.

Export File List eauth:export_file_list:agent
Exporting the File List
You can review and export a list of the following information about the files in your portal:
File name
Owner email address
First Signers' email address(es)
Date and time of the file's creation
Count of how many times the file has been opened
Count of number of partially–signed files
Count of number of fully–signed files
Count of number of payments/authorizations received
You can export this information into an Excel spreadsheet by selecting either
Current
or
All
, and then clicking

File Maintenance eauth:file_maintenance:agent
eAuthorization File Maintenance
You can perform folder maintenance activities as a Sertifi Admin or higher. Folder maintenance activities include:
Review documents awaiting signature and signed documents
Review payments
Manage and edit participants
Perform file maintenance activities
Review file details
To view the Folder Maintenance page, navigate to View Files from the home screen of the Sertifi portal. Navigate to the folder you'd like to update, and then click on the folder name.
Note
If you're a Sertifi User, you can't view file maintenance information. If you're a Sertifi Admin, you can only view your own documents, and if you're a Sertifi Auditor, Power Admin, or Super Admin, you can view your all documents and folders in the portal. For more information on viewing files by user type, see the
guide to Roles
.
Unmasking Card Numbers (Video Guide)

Transaction Failed Avs Cvv eauth:transaction_failed_avs_cvv:agent
Hi {{ticket.requester.first_name}},
The failed transaction appears to be related to an AVS (address verification) or CVV mismatch. This means the billing information submitted did not match what the card issuer has on file.
To resolve this, the cardholder should:
Confirm their billing address and zip code exactly match what their bank has on file.
Re-submit the authorization form with the corrected information.
If failures continue after correcting the billing info, the cardholder's bank may need to be contacted to authorize the transaction.
For more:
Sertifi and AVS
SertifiSupport@flywire.co

View All Files eauth:view_all_files:agent
Viewing All Files
If you're a Power Admin or higher role, you can view all the files within a portal, regardless of file owner. To view all files, navigate to
Home > View All Files
.
From the Al

Sertifi Agent Reference Guide — Internal

Sertifi by Flywire — Agent Reference Guide

Table of Contents

1. Quick Reference

User Roles (lowest → highest permission)

Super Admin Limits by Brand

2. Brand-Specific Requirements

Marriott SOPs

Hilton SOPs

Hyatt SOPs

3. Internal SOPs by Category

PIR & System Outages

Escalation Procedures

Ticket Assignment & Coverage

DSD & Follow-Up

Integration & Opera SOPs

Account & Access SOPs

Payment SOPs

General Agent SOPs

4. How-To Procedures

ACCOUNT

EAUTH

Comments