User Management
Manage who can access the billing platform and what they can do. Each person in your organisation who needs platform access gets their own user account with an email address and a set of permissions that match their role.
Overview
Section titled “Overview”User management covers:
- Creating and editing user accounts
- Setting permissions through user groups and individual controls
- Configuring security settings like two-factor authentication
- Monitoring user activity and sign-in history
- Helping users who can’t sign in (see Account Access Assistance)
Creating Users
Section titled “Creating Users”Go to Settings > Users > Add New to create a user account.
What you need:
- The person’s full name
- Their email address
- Go to Settings > Users > Add New.
- Enter the user’s Name (their full name as shown throughout the platform).
- Enter their Email Address. This is used to sign in, receive password resets, access recovery emails and system notifications. Each user needs a unique email address.
- Save the record.
- Assign the user to one or more User Groups to grant permissions.
- Use the Send Access Email action to email the user their sign-in details and a password reset link.
The user can then sign in and set their own password.
User Details
Section titled “User Details”Each user record has several sections of information.
Basic Details
Section titled “Basic Details”- Name - the user’s full name, shown wherever the platform identifies them.
- Email Address - the user’s email, used to sign in and receive notifications. Must be unique across all users.
Account Details
Section titled “Account Details”- User Status - flags such as Account Manager or Commission Holder that describe the user’s role.
- Allow Access - controls what type of access the user has. The Login flag lets them sign in to the platform. Other flags control customer access scope, email reports and API access (read/write).
- Privilege Level - sets the user’s overall privilege ranking within the platform.
- Expert Level - controls access to advanced features. Higher levels unlock more powerful (and potentially risky) capabilities. See Expert Mode for details.
- Grant Permissions - the user groups this user belongs to. Select one or more groups to apply their permission sets.
Department Details
Section titled “Department Details”- Departments - which departments the user belongs to. This controls which tickets and TODOs the user is responsible for, and which appear by default in their left-menu action list. All users can still view data from any department.
User Fields
Section titled “User Fields”The fields below make up a user record, including its permission flags.
User Details
Section titled “User Details”This section stores the basic user information including their name, login credentials, and email address. These details are used for authentication and communication within the system.
| Field | Description |
|---|---|
| Name | Full name of the user |
| Login | Username for logging into the system |
| Email Address | Primary email address for the user |
Account Details
Section titled “Account Details”Account Details contain essential information about the user's access rights, status, privilege levels, and group memberships. These settings determine what the user can access and modify within the platform.
| Field | Description |
|---|---|
| User Status | Current status of the user account |
| Allow Access | Access permissions for the user |
| Privilege Level | Privilege level for access control |
| Expert Level | Expert level for advanced features access |
| Grant Permissions | User groups that provide additional permissions (multiple can be selected) |
Department Details
Section titled “Department Details”This section manages the user's department affiliations within the organisation, determining which departments they belong to and have access to.
| Field | Description |
|---|---|
| Departments | Departments the user belongs to (multiple can be selected) |
Commission Details
Section titled “Commission Details”Commission tracking information including targets for different charge types, commission profiles, and payment records. This section is critical for sales staff and commission-based roles.
| Field | Description |
|---|---|
| Commission Reference Date | Reference date for commission calculations |
| Commission Annual Target | Total annual commission target amount |
| Commission Annual Target (One-Off Charges) | Annual commission target for one-off charges |
| Commission Annual Target (Recurring Charges) | Annual commission target for recurring charges |
| Commission Annual Target (Call Charges) | Annual commission target for call charges |
| One-Off Commission Profile | Commission profile for one-off charges |
| Recurring Commission Profile | Commission profile for recurring charges |
| Call Commission Profile | Commission profile for call charges |
| Commission Paid | Total commission paid to this user |
Additional Permissions
Section titled “Additional Permissions”Detailed control over specific system functionality the user can access, including billing, reports, customer management, and various operational areas. Each permission can be granted at different access levels.
| Field | Description |
|---|---|
| Billing | Permission level for billing functions |
| Reports | Permission level for reports access |
| Customers | Permission level for customer management |
| Direct Debits | Permission level for direct debit management |
| Numbers | Permission level for number management |
| Features | Permission level for feature management |
| Invoices | Permission level for invoice management |
| Payments | Permission level for payment management |
| Transactions | Permission level for transaction management |
| Correspondence | Permission level for correspondence management |
| Notes | Permission level for notes management |
| Tariffs | Permission level for tariff management |
| Discount Plans | Permission level for discount plan management |
| Users | Permission level for user management |
| Call Overrides | Permission level for call override management |
| Generated CDRs | Permission level for generated CDR management |
| Parameters | Permission level for system parameter management |
| Bulk Import Files | Permission level for bulk import file management |
| Image Files | Permission level for image file management |
| Carrier Transactions | Permission level for carrier transaction management |
| Fixed Fee Tariffs | Permission level for fixed fee tariff management |
| Sent Emails | Permission level for sent email management |
| Payment Cards | Permission level for payment card management |
| Payment Card Payments | Permission level for payment card payments management |
| Payment Card Runs | Permission level for payment card run management |
| Direct Debit Payments | Permission level for direct debit payments management |
| Direct Debit Runs | Permission level for direct debit run management |
| Tickets | Permission level for ticket management |
| Customer Contacts | Permission level for customer contact management |
| Feature Discount Schemes | Permission level for feature discount scheme management |
| Email Addresses | Permission level for email address management |
| Customer Activity | Permission level for customer activity viewing |
| User Activity | Permission level for user activity viewing |
| Ignore Traffic Numbers | Permission level for ignore traffic number management |
| Ignore Traffic Chargebands | Permission level for ignore traffic chargeband management |
| Xero Tasks | Permission level for Xero task management |
| Expected Payments | Permission level for expected payment management |
| Billing Tasks | Permission level for billing task management |
| Disaster Recovery Files | Permission level for disaster recovery file management |
| TODOs | Permission level for TODO management |
| Services | Permission level for service management |
Additional Settings Permissions
Section titled “Additional Settings Permissions”Permissions for managing system configuration and settings, including tariffs, customer statuses, and other system parameters. These permissions are typically granted to administrators.
| Field | Description |
|---|---|
| Standard Features | Permission level for standard feature management |
| Feature Types | Permission level for feature type management |
| Transaction Types | Permission level for transaction type management |
| Service Charge Intervals | Permission level for service charge interval management |
| Call Types | Permission level for call type management |
| Carrier Call Types | Permission level for carrier call type management |
| Call Types AKA | Permission level for call type AKA management |
| Chargeband Discrepancies | Permission level for chargeband discrepancy management |
| Customer Statuses | Permission level for customer status management |
| Number Statuses | Permission level for number status management |
| Feature Statuses | Permission level for feature status management |
| Payment Types | Permission level for payment type management |
| Number Types | Permission level for number type management |
| Customer Groups | Permission level for customer group management |
| User Groups | Permission level for user group management |
| Departments | Permission level for department management |
| Note Types | Permission level for note type management |
| Ticket Types | Permission level for ticket type management |
| Ticket Statuses | Permission level for ticket status management |
| Ticket Priorities | Permission level for ticket priority management |
| Ticket Activity Types | Permission level for ticket activity type management |
| Ticket Suppliers | Permission level for ticket supplier management |
| Ticket Responses | Permission level for ticket response management |
| Commission Profiles | Permission level for commission profile management |
| Carrier Transaction Types | Permission level for carrier transaction type management |
| VAT Rates | Permission level for VAT rate management |
| Customer Products | Permission level for customer product management |
| Correspondence Types | Permission level for correspondence type management |
| User Activity Reasons | Permission level for user activity reason management |
| Call Type Custom Groups | Permission level for call type custom group management |
| Locations | Permission level for location management |
| Ignore Traffic Number Types | Permission level for ignore traffic number type management |
| Ignore Traffic Chargeband Types | Permission level for ignore traffic chargeband type management |
| User Activity Types | Permission level for user activity type management |
| Invoice Usage Report Customer Profiles | Permission level for invoice usage report customer profile management |
| MyAccount Customer Profiles | Permission level for MyAccount customer profile management |
| MyAccount Numbers | Permission level for MyAccount number management |
| MyAccount Campaigns | Permission level for MyAccount campaign management |
| Xero Task Types | Permission level for Xero task type management |
| Expected Payment Types | Permission level for expected payment type management |
| Customer Classes | Permission level for customer class management |
| Carriers | Permission level for carrier management |
| Billing Task Types | Permission level for billing task type management |
| Stored Files Provider Types | Permission level for stored files provider type management |
| Stored Files Providers | Permission level for stored files provider management |
| Auto Topup Profiles | Permission level for Auto Topup profile management |
| TODO Statuses | Permission level for TODO status management |
| TODO Activity Types | Permission level for TODO activity type management |
| TODO Repeat Rules | Permission level for TODO repeat rule management |
| TODO Action Taken/Next Steps | Permission level for TODO action/suggestion management (Action Taken and Next Steps) |
| TODO Types | Permission level for managing TODO Types (categories) |
| Service Statuses | Permission level for service status management |
| Service Types | Permission level for service type management |
Additional Billing Permissions
Section titled “Additional Billing Permissions”Specialised permissions for billing operations, including billing run management, call processing, and direct debit handling. These permissions control access to billing-specific functionality.
| Field | Description |
|---|---|
| Billing Run | Permission level for billing run operations |
| Processing | Permission level for billing processing operations |
| Direct Debits | Permission level for direct debit operations |
| Calls | Permission level for call-related billing operations |
| Billing Runs | Permission level for billing run management |
| Billing Cycles | Permission level for billing cycle management |
| CDR Files | Permission level for CDR file management |
| Deleted Calls | Permission level for deleted call management |
Additional Data Protection Permissions
Section titled “Additional Data Protection Permissions”Permissions related to data protection responsibilities and access to sensitive information. These permissions ensure compliance with data protection regulations.
| Field | Description |
|---|---|
| Data Protection Responsibilities | |
| User Activity | |
| Customer Activity | |
| Data Protection Access |
Security Settings
Section titled “Security Settings”Two-Factor Authentication
Section titled “Two-Factor Authentication”Users can enable two-factor authentication (2FA) using a TOTP authenticator app. Once enabled, they need both their password and a code from their app to sign in.
When a user enables 2FA, the platform generates backup codes. These are single-use codes that work if the user loses access to their authenticator app. Advise users to store backup codes somewhere safe and separate from their device.
If a user loses both their authenticator and backup codes, an administrator can help through the Account Access Assistance workflow.
Session Timeout
Section titled “Session Timeout”Sessions expire after a period of inactivity. This protects accounts on shared or unattended computers.
API Tokens
Section titled “API Tokens”Users with API access can generate authentication tokens for system integrations. Tokens inherit the user’s permissions, so the integration can only do what the user is allowed to do.
Permissions
Section titled “Permissions”The platform uses a layered permissions system. User groups provide the base permissions, and individual settings can extend or restrict access further.
User Groups
Section titled “User Groups”User groups are reusable permission templates. Each group defines a set of permissions that apply to all its members. A user can belong to multiple groups, and their effective permissions are the combination of all their groups’ settings.
Groups are defined by your system administrator and typically match job roles. Common examples include groups for billing staff, customer support, account managers and administrators. Go to Settings > User Groups to view and manage them.
Permission Categories
Section titled “Permission Categories”Permissions are organised into four main areas:
Standard Permissions - control access to everyday platform features like customers, numbers, features, invoices, reports and support tickets. Each area has its own permission level.
Settings Permissions - control who can change system configuration such as tariffs, customer statuses, invoice templates and other platform settings. These are typically limited to administrators.
Billing Permissions - control access to billing operations including billing runs, call processing, direct debits and billing cycle management.
Data Protection Permissions - control access to sensitive operations like viewing user activity logs, customer activity data and account recovery tools. These require the highest privilege levels.
How Permissions Work
Section titled “How Permissions Work”Each permission area can be set to different access levels. The exact levels vary by area, but the general pattern is:
- No access - the user can’t see or use this feature.
- Read access - the user can view records but not change them.
- Full access - the user can view, create and edit records.
Some areas have additional levels for specific operations like running reports or executing processes.
Managing Users
Section titled “Managing Users”Editing Users
Section titled “Editing Users”- Go to Settings > Users.
- Find the user through the list or search.
- Click their name to open their record.
- Make your changes and save.
Changes to permissions take effect the next time the user loads a page.
Deactivating Users
Section titled “Deactivating Users”When someone leaves your organisation or no longer needs access, deactivate their account rather than deleting it. To do this, edit the user and remove the Login flag from their Allow Access field. This:
- Stops them signing in immediately
- Preserves their full audit history
- Keeps data integrity for records they created or modified
- Allows reactivation if they return
Password Management
Section titled “Password Management”Administrators can help users with password issues in two ways:
- Send Access Email - sends the user an email with their sign-in details and a password reset link. Use this for forgotten passwords or when setting up a new user. Available from the Actions menu on the user’s record.
- Send Recovery Code Email - generates a single-use recovery code that lets the user reset their password or remove their 2FA device. See Account Access Assistance for the full workflow.
Activity Monitoring
Section titled “Activity Monitoring”The platform tracks user activity for security and compliance. Administrators with Data Protection permissions can review:
- Sign-in history - when each user signed in, from which IP address and location.
- Failed attempts - unsuccessful sign-in attempts, including the reason (wrong password, account without Login access, etc.).
- Record changes - what each user viewed, created or modified, with before-and-after values.
- Security events - 2FA changes, password resets, backup code usage and access email sends.
Use these logs to investigate security concerns, verify compliance requirements or understand how the platform is being used.
Best Practices
Section titled “Best Practices”Apply Least-Privilege Access
Section titled “Apply Least-Privilege Access”Give each user only the permissions they need for their role. Start with a user group that matches their job function and only add individual permissions where genuinely needed. It’s easier to grant extra access later than to clean up overly broad permissions after the fact.
Review Access Regularly
Section titled “Review Access Regularly”Set a regular schedule (quarterly works well for most teams) to review who has access and whether their permissions still match their role. People change jobs, take on new responsibilities or leave the organisation. Prompt reviews prevent access from drifting out of line with actual needs.
Enforce Strong Authentication
Section titled “Enforce Strong Authentication”Require two-factor authentication for all users, especially those with access to billing, financial data or system settings. 2FA significantly reduces the risk of compromised passwords leading to unauthorised access. Make sure users store their backup codes securely.
Deactivate Leavers Promptly
Section titled “Deactivate Leavers Promptly”When someone leaves your organisation, remove their Login access straight away. Don’t wait for an IT review cycle. The longer a disused account stays active, the greater the risk. Removing Login access is instant and reversible, so there’s no downside to acting quickly.
Use the Platform’s Tracking Tools
Section titled “Use the Platform’s Tracking Tools”Record the reason for changes using the Update Reason dropdown and Update Details field when editing user records. This creates a clear audit trail showing not just what changed, but why. This is invaluable for compliance reviews and investigating security concerns.
Need fine-grained access control so your team only sees what they should? see how SAFE Billing Platform handles multi-user permissions