Overview
Accountants and bookkeepers handle sensitive data every day and sometimes you only want certain users to be able to view/edit/delete certain aspects of that data. User permissions can be used to restrict access to specific clients, groups, and tools as well as the ability to view/modify, or delete.
This section also outlines what happens when you invite an external 3rd party to AccountKit, say a client or a bookkeeper, to use the tools within and how their access permissions work.
i
|
To make the new user permissions available in AccountKit you will need to be using the new user interface (The legacy UI will be disabled). You will also need to be on the latest AccountKit pricing structure at the Practice Tier, please see our website for details about our current pricing. |
User Management
List View
The user management list view is the page that allows you to see a summary of all your users and provides a high-level overview of the access levels for each user.
Area |
Details |
|
---|---|---|
1
|
Create New User | Click this icon to create a new user. |
2 |
Views | Refer to the View Details section in Shared Elements. |
3 |
List Headers |
|
4
|
Xero Practice Manager Logo | Where this icon is showing, it's letting you know that this user is mapped to a user in XPM. |
5
|
Access Level |
Here is where you can see the access level a user has been given:
|
6
|
Client Permissions |
Client access level determines the amount of access a user has full, view or edit rights to client details. (The client details page for each client within AccoutnKit).
|
7
|
Status |
denotes the user is Active, Denotes the User is Not Active. Click to Disable, Archive or Unblock the user. Unblock is used when a user has locked themselves out by inputting the wrong password too many times. |
8
|
Multifactor Authentication Status |
Now that MFA is always turned on in AccountKit this icon is simply used for resetting a user's MFA/2FA. This can be useful if a user loses access to their 2fa software or device. |
Users
Area |
Details |
|
---|---|---|
1 |
Employee Details |
|
2
|
User Roles |
User roles are available to identify different team members.
The most relevant of these statuses' are for partners who want to see the "Your Financials" on the dashboard. |
3
|
Profile Picture | Add the user's profile picture which will be displayed when they're logged in and across shared screens such as the Workflow tool. |
4
|
Time Zone | This enables correct date stamping of any work completed within AccountKit. |
5
|
Reports To | Identify who the user reports to (Optional) |
6
|
AccountKit Champion | The AccountKit Champion toggle allows you to identify a user(s) internally as the go-to for your AccountKit needs. This also helps us identify who best to reach out to for updates and support. |
7
|
Practice Settings |
This setting allows you to select whether a user is a "Practice Admin" or a "Super Admin".
|
8
|
User Management |
This toggle allows the user to access the User Management Page with the ability to - Add, edit, and block users as well as reset other user's 2FA. |
9
|
Restricted Access Groups | From here you can select whether a user has access to a restricted access group. See Restricted Client Access in Practice Settings for more info. |
10
|
Client Access Level |
Client access level determines the amount of access a user has to the client details area within AccountKit.
|
11
|
Shared Tool Bar | Refer to the Shared Tool Bar for more information. |
12
|
Send Invite/Save/Cancel | This will email the user their sign-in details, save any updates or cancel the current action. |
Practice Settings - Restricted Access Groups
As part of the upgrades to user permissions in AccountKit, there is now the ability to restrict access to certain clients or groups. To create a restricted access group you will need to head to your practice settings. You can read more in Practice Settings under Restricted Client Access.
i
|
The ability to restrict users from seeing a client's details can be toggled at the individual user level (refer to item 10 in the above section). This toggle provides the following options; to see all or nothing in regards to client details. Where the user can access client details you can tailor this further with the following levels: "View ONLY", "edit" or "full access" (allows for deletion). |
Use Cases
Scenario 1 - Partner entities
In this example, we are going to look at when a Partner of an accounting firm wants to restrict their client group from the rest of the practice so only they can access the records from within AccountKit.
- Group Name - This section identifies the client group and the purpose of the restricted access group.
- Description - This can provide further context to the purpose of the restricted access group.
-
Restricted Clients - Here I can select the client group(s) or the individual client(s) I want to restrict.
- IMPORTANT! - If you are attempting to apply restrictions to the client map tool you will need to select a client group for this to take effect. The client map is unique in that it is based on the client group, rather than individual clients.
-
Restricted Tools - At this point, you can detail which tools you want to restrict.
- In this case, I want to restrict all tools for anyone outside this group within AccountKit which is why I have turned on the toggle option
- If you don't toggle all tools you can select the various tools you want to lock down.
-
Access Level - Further to selecting the tools you can then provide various levels of access to those users within the group: Full, edit and view only. See table under Users.
- In this instance, we are selecting full access to ensure I can perform all the necessary updates to client details and schedules.
-
Users assigned to this group - At this point, you can identify the users you want to add to the group.
- Because Ben is the partner, he is the only member of the restricted group.
- IMPORTANT! - You can add users at this point or when you are managing restricted client groups from within the user management page. The functionality is the same.
Scenario 2 - Partner entities with admin team access
This example can work side-by-side with the example detailed in Scenario 1 and adds an extra layer to the partner's permissions.
This scenario is useful where the Partner already has locked down their client group for themselves but still needs say the admin team to record correspondence against their entities using the correspondence register.
- Group Name - This section identifies the client group and the purpose of the restricted access group.
- Description - This can provide further context to the purpose of the restricted access group.
-
Restricted Clients - Here I can select the client group(s) or the individual client(s) I want to restrict.
- IMPORTANT! - If you are attempting to apply restrictions to the client map tool you will need to select a client group for this to take effect. The client map is unique in that it is based on the client group, rather than individual clients.
-
Restricted Tools - At this point, you can detail which tools you want to restrict.
- In this case, I have isolated the correspondence register as the tool being restricted to those outside the group. However, those within the group, will be able to access the correspondence register.
-
Access Level - Further to selecting the tools you can then provide various levels of access to those users within the group: Full, edit and view only. See table under Users.
- In this instance, we are selecting full access to ensure I can perform all the necessary updates to the correspondence register.
-
Users assigned to this group - At this point, you can identify the users you want to add to the group.
- Matt Taylor in this instance is part of the admin team, which is why he is a part of the restricted group.
- IMPORTANT! - You can add users at this point or when you are managing restricted client groups from within the user management page. The functionality is the same.
Related Links
Restricted Access Groups | How to set up restricted access groups to restrict client/tool access within AccountKit. |
User Management | Legacy user settings and user role classification can be found here. |
Comments
0 comments
Please sign in to leave a comment.