Overview
Accountants and bookkeepers handle sensitive data every day and sometimes you only want certain users to be able to view/edit/delete certain aspects of that data. User permissions can be used to restrict access to specific clients, groups, and tools as well as the ability to view/modify, or delete.
This section also outlines what happens when you invite an external 3rd party to AccountKit, say a client or a bookkeeper, to use the tools within and how their access permissions work.
i
|
To make the new user permissions available in AccountKit you will need to be using the new user interface (The legacy UI will be disabled). You will also need to be on the latest AccountKit pricing structure at the Practice Tier, please see our website for details about our current pricing. |
User Management
List View
The user management list view is the page that allows you to see a summary of all your users and provides a high-level overview of the access levels for each user.
Area |
Details |
|
---|---|---|
1
|
Create New User | Click this icon to create a new user or a Guest in AccountKit. |
2 |
Views | Refer to the View Details section in Shared Elements. |
3 |
List Headers |
|
4
|
Xero Practice Manager Logo | Where this icon is showing, it's letting you know that this user is mapped to a user in XPM. |
5
|
Access Level |
Here is where you can see the access level a user has been given:
|
6
|
Client Permissions |
Client access level determines the amount of access a user has full, view or edit rights to client details. (The client details page for each client within AccoutnKit).
|
7
|
Status |
denotes the user is Active, Denotes the User is Not Active. Click to Disable, Archive or Unblock the user. Unblock is used when a user has locked themselves out by inputting the wrong password too many times. |
8
|
Multifactor Authentication Status |
Now that MFA is always turned on in AccountKit this icon is simply used for resetting a user's MFA/2FA. This can be useful if a user loses access to their 2fa software or device. |
Users
Area |
Details |
|
---|---|---|
1 |
Employee Details |
|
2
|
User Roles |
User roles are available to identify different team members.
Employee is the base role in AccountKit and gives access to the system to edit, modify and work on the various tools and systems included in your subscription. Employees can also see all data for clients, including TFN's, contact information, relationships and notes unless restricted via Restricted Client Access. An employee can not see the "Your Financials" dashboard.
Manager has all the same privileges as an employee user, however we use the manager level to designate whether a staff member displays as a manager in certain areas of the software.
Partner has the same privileges as managers and employees, however they are able to view the content in the "Your Financials" dashboard.
Practice Admin is the highest base role in AccountKit. A Practice Admin can also see the "Your Financials" dashboard. |
3
|
Profile Picture | Add the user's profile picture which will be displayed when they're logged in and across shared screens such as the Workflow tool. |
4
|
Time Zone | This enables correct date stamping of any work completed within AccountKit. |
5
|
Reports To | Identify who the user reports to (Optional) |
6
|
AccountKit Champion | The AccountKit Champion toggle allows you to identify a user(s) internally as the go-to for your AccountKit needs. This also helps us identify who best to reach out to for updates and support. |
7
|
Practice Settings |
Selecting the following options on a user will provide that user with more granular controls over the system. We recommend allocating at least 1 user in the practice as a Super Admin.
Champion is the role designated by the practice for the person who knows the ins and outs of AccountKit and handles the liaison and engagement with AccountKit training, support and account teams. This role is designated by the medal icon.
Practice Administrator is provided to those with ultimate control over the software for the practice. There are 2 designations for these roles. Practice Admin (Green) and Super Admin (Purple)
User Management is designated by the name badge icon and signifies that this user has user permission access. This can be clicked in a user profile to switch it on. As Super Admin's have access to all areas of the software, they will always have the name badge icon allocated if they have been allocated this role.
|
8
|
User Management |
This toggle allows the user to access the User Management Page with the ability to - Add, edit, and block users as well as reset other user's 2FA. |
9
|
Restricted Access Groups | From here you can select whether a user has access to a restricted access group. See Restricted Client Access in Practice Settings for more info. |
10
|
Client Access Level |
Client access level determines the amount of access a user has to the client details area within AccountKit.
|
11
|
Shared Tool Bar | Refer to the Shared Tool Bar for more information. |
12
|
Send Invite/Save/Cancel | This will email the user their sign-in details, save any updates or cancel the current action. |
Practice Settings - Restricted Access Groups
As part of the upgrades to user permissions in AccountKit, there is now the ability to restrict access to certain clients or groups. To create a restricted access group you will need to head to your practice settings. You can read more in Practice Settings under Restricted Client Access.
i
|
The ability to restrict users from seeing a client's details can be toggled at the individual user level (refer to item 10 in the above section). This toggle provides the following options; to see all or nothing in regards to client details. Where the user can access client details you can tailor this further with the following levels: "View ONLY", "edit" or "full access" (allows for deletion). |
Use Cases
Scenario 1 - Partner entities
In this example, we are going to look at when a Partner of an accounting firm wants to restrict their client group from the rest of the practice so only they can access the records from within AccountKit.
- Group Name - This section identifies the client group and the purpose of the restricted access group.
- Description - This can provide further context to the purpose of the restricted access group.
-
Restricted Clients - Here I can select the client group(s) or the individual client(s) I want to restrict.
- IMPORTANT! - If you are attempting to apply restrictions to the client map tool you will need to select a client group for this to take effect. The client map is unique in that it is based on the client group, rather than individual clients.
-
Restricted Tools - At this point, you can detail which tools you want to restrict.
- In this case, I want to restrict all tools for anyone outside this group within AccountKit which is why I have turned on the toggle option
- If you don't toggle all tools you can select the various tools you want to lock down.
-
Access Level - Further to selecting the tools you can then provide various levels of access to those users within the group: Full, edit and view only. See table under Users.
- In this instance, we are selecting full access to ensure I can perform all the necessary updates to client details and schedules.
-
Users assigned to this group - At this point, you can identify the users you want to add to the group.
- Because Ben is the partner, he is the only member of the restricted group.
- IMPORTANT! - You can add users at this point or when you are managing restricted client groups from within the user management page. The functionality is the same.
Scenario 2 - Partner entities with admin team access
This example can work side-by-side with the example detailed in Scenario 1 and adds an extra layer to the partner's permissions.
This scenario is useful where the Partner already has locked down their client group for themselves but still needs say the admin team to record correspondence against their entities using the correspondence register.
- Group Name - This section identifies the client group and the purpose of the restricted access group.
- Description - This can provide further context to the purpose of the restricted access group.
-
Restricted Clients - Here I can select the client group(s) or the individual client(s) I want to restrict.
- IMPORTANT! - If you are attempting to apply restrictions to the client map tool you will need to select a client group for this to take effect. The client map is unique in that it is based on the client group, rather than individual clients.
-
Restricted Tools - At this point, you can detail which tools you want to restrict.
- In this case, I have isolated the correspondence register as the tool being restricted to those outside the group. However, those within the group, will be able to access the correspondence register.
-
Access Level - Further to selecting the tools you can then provide various levels of access to those users within the group: Full, edit and view only. See table under Users.
- In this instance, we are selecting full access to ensure I can perform all the necessary updates to the correspondence register.
-
Users assigned to this group - At this point, you can identify the users you want to add to the group.
- Matt Taylor in this instance is part of the admin team, which is why he is a part of the restricted group.
- IMPORTANT! - You can add users at this point or when you are managing restricted client groups from within the user management page. The functionality is the same.
Guest Access
Sometimes you may want to provide a user with limited access to just a certain tool(s) or clients/client groups in the software. For these instances, you can use Guest Access. Guests are charged at a reduced fee to a regular user, and should only be used for very limited access circumstances. Examples: External consultant/bookkeeper, offshore team member, an affiliate to a client or even a client themselves if you would like them to review their own information.
Adding a Guest
- From the User Management page in AccountKit, select the '+' icon at the top of the screen as you would normally to add an employee.
- A drop down option to 'Add new guest' will appear. Click this option.
- The following screen will appear allowing you to add in the various details for your Guest. Note that you cannot add an already existing user as a Guest. If you wish to switch an employee to a Guest, please reach out to AccountKit support for assistance.
- In order for a Guest to receive access to any information in AccountKit, they will need to be designated the tools and clients that they need to see. Without this information allocated to them, they will see nothing when logging in.
- From the Guest Permissions area, select the tool or multiple tools that the Guest will have access to and the relevant level of access they will have within that tool.
- Full - Allows the user to view, edit & delete information for this tool (only for the client(s) they have been provided access to).
- Modify - Allows the user to view & edit schedules and information, however they cannot delete information or records (only for the client(s) they have been provided access to).
- View only - The user can only view information in the system that they have access to on a read only basis. (only for the client(s) they have been provided access to).
- Then select the Client Groups or individual entities that they will be able to view. In the below example, this Guest will have access to the Equipment Finance and Inter-entity Loan tools for the Bull Family Group and the RJ & AJ Bull Family Group Only.
Important things to know about Guest access
- Unless at least 1 tool and 1 client are both allocated to a Guest, they will not be able to see any information in AccountKit.
- A Guest cannot be allocated to any tools in the software that are considered 'Practice Access Systems' such as areas like the Correspondence Register, Document Management System, and Workflow. Below is a list of tools that a Guest can be assigned to.
Account Reconciler
Amortisation Scheduler
Client Maps
Compounding Calculator
Division 7a Tool
Equipment Finance
Extra Loan Repayments
Flexible Loan Calculator
Franking Account Register
Fuel Tax Credit Caclulator
Important Items Register
Inter-entity Loan
Loan Calculators
Professional Development Register
Retirement Calculator
Simple Loan Calculator
- If you wish to move an employee to a Guest, you will need to contact AccountKit support as the email will already be designated certain permissions. We will need to make a change to their profile in order to switch them from one security profile to another.
Related Links
Restricted Access Groups | How to set up restricted access groups to restrict client/tool access within AccountKit. |
User Management | Legacy user settings and user role classification can be found here. |
Comments
0 comments
Please sign in to leave a comment.