Skip to content

User Management

Manage who can access the billing platform and what they can do. Each person in your organisation who needs platform access gets their own user account with an email address and a set of permissions that match their role.

User management covers:

  • Creating and editing user accounts
  • Setting permissions through user groups and individual controls
  • Configuring security settings like two-factor authentication
  • Monitoring user activity and sign-in history
  • Helping users who can’t sign in (see Account Access Assistance)

Go to Settings > Users > Add New to create a user account.

What you need:

  • The person’s full name
  • Their email address
  1. Go to Settings > Users > Add New.
  2. Enter the user’s Name (their full name as shown throughout the platform).
  3. Enter their Email Address. This is used to sign in, receive password resets, access recovery emails and system notifications. Each user needs a unique email address.
  4. Save the record.
  5. Assign the user to one or more User Groups to grant permissions.
  6. Use the Send Access Email action to email the user their sign-in details and a password reset link.

The user can then sign in and set their own password.

Each user record has several sections of information.

  • Name - the user’s full name, shown wherever the platform identifies them.
  • Email Address - the user’s email, used to sign in and receive notifications. Must be unique across all users.
  • User Status - flags such as Account Manager or Commission Holder that describe the user’s role.
  • Allow Access - controls what type of access the user has. The Login flag lets them sign in to the platform. Other flags control customer access scope, email reports and API access (read/write).
  • Privilege Level - sets the user’s overall privilege ranking within the platform.
  • Expert Level - controls access to advanced features. Higher levels unlock more powerful (and potentially risky) capabilities. See Expert Mode for details.
  • Grant Permissions - the user groups this user belongs to. Select one or more groups to apply their permission sets.
  • Departments - which departments the user belongs to. This controls which tickets and TODOs the user is responsible for, and which appear by default in their left-menu action list. All users can still view data from any department.

The fields below make up a user record, including its permission flags.

This section stores the basic user information including their name, login credentials, and email address. These details are used for authentication and communication within the system.

FieldDescription
NameFull name of the user
LoginUsername for logging into the system
Email AddressPrimary email address for the user

Account Details contain essential information about the user's access rights, status, privilege levels, and group memberships. These settings determine what the user can access and modify within the platform.

FieldDescription
User StatusCurrent status of the user account
Allow AccessAccess permissions for the user
Privilege LevelPrivilege level for access control
Expert LevelExpert level for advanced features access
Grant PermissionsUser groups that provide additional permissions (multiple can be selected)

This section manages the user's department affiliations within the organisation, determining which departments they belong to and have access to.

FieldDescription
DepartmentsDepartments the user belongs to (multiple can be selected)

Commission tracking information including targets for different charge types, commission profiles, and payment records. This section is critical for sales staff and commission-based roles.

FieldDescription
Commission Reference DateReference date for commission calculations
Commission Annual TargetTotal annual commission target amount
Commission Annual Target (One-Off Charges)Annual commission target for one-off charges
Commission Annual Target (Recurring Charges)Annual commission target for recurring charges
Commission Annual Target (Call Charges)Annual commission target for call charges
One-Off Commission ProfileCommission profile for one-off charges
Recurring Commission ProfileCommission profile for recurring charges
Call Commission ProfileCommission profile for call charges
Commission PaidTotal commission paid to this user

Detailed control over specific system functionality the user can access, including billing, reports, customer management, and various operational areas. Each permission can be granted at different access levels.

FieldDescription
BillingPermission level for billing functions
ReportsPermission level for reports access
CustomersPermission level for customer management
Direct DebitsPermission level for direct debit management
NumbersPermission level for number management
FeaturesPermission level for feature management
InvoicesPermission level for invoice management
PaymentsPermission level for payment management
TransactionsPermission level for transaction management
CorrespondencePermission level for correspondence management
NotesPermission level for notes management
TariffsPermission level for tariff management
Discount PlansPermission level for discount plan management
UsersPermission level for user management
Call OverridesPermission level for call override management
Generated CDRsPermission level for generated CDR management
ParametersPermission level for system parameter management
Bulk Import FilesPermission level for bulk import file management
Image FilesPermission level for image file management
Carrier TransactionsPermission level for carrier transaction management
Fixed Fee TariffsPermission level for fixed fee tariff management
Sent EmailsPermission level for sent email management
Payment CardsPermission level for payment card management
Payment Card PaymentsPermission level for payment card payments management
Payment Card RunsPermission level for payment card run management
Direct Debit PaymentsPermission level for direct debit payments management
Direct Debit RunsPermission level for direct debit run management
TicketsPermission level for ticket management
Customer ContactsPermission level for customer contact management
Feature Discount SchemesPermission level for feature discount scheme management
Email AddressesPermission level for email address management
Customer ActivityPermission level for customer activity viewing
User ActivityPermission level for user activity viewing
Ignore Traffic NumbersPermission level for ignore traffic number management
Ignore Traffic ChargebandsPermission level for ignore traffic chargeband management
Xero TasksPermission level for Xero task management
Expected PaymentsPermission level for expected payment management
Billing TasksPermission level for billing task management
Disaster Recovery FilesPermission level for disaster recovery file management
TODOsPermission level for TODO management
ServicesPermission level for service management

Permissions for managing system configuration and settings, including tariffs, customer statuses, and other system parameters. These permissions are typically granted to administrators.

FieldDescription
Standard FeaturesPermission level for standard feature management
Feature TypesPermission level for feature type management
Transaction TypesPermission level for transaction type management
Service Charge IntervalsPermission level for service charge interval management
Call TypesPermission level for call type management
Carrier Call TypesPermission level for carrier call type management
Call Types AKAPermission level for call type AKA management
Chargeband DiscrepanciesPermission level for chargeband discrepancy management
Customer StatusesPermission level for customer status management
Number StatusesPermission level for number status management
Feature StatusesPermission level for feature status management
Payment TypesPermission level for payment type management
Number TypesPermission level for number type management
Customer GroupsPermission level for customer group management
User GroupsPermission level for user group management
DepartmentsPermission level for department management
Note TypesPermission level for note type management
Ticket TypesPermission level for ticket type management
Ticket StatusesPermission level for ticket status management
Ticket PrioritiesPermission level for ticket priority management
Ticket Activity TypesPermission level for ticket activity type management
Ticket SuppliersPermission level for ticket supplier management
Ticket ResponsesPermission level for ticket response management
Commission ProfilesPermission level for commission profile management
Carrier Transaction TypesPermission level for carrier transaction type management
VAT RatesPermission level for VAT rate management
Customer ProductsPermission level for customer product management
Correspondence TypesPermission level for correspondence type management
User Activity ReasonsPermission level for user activity reason management
Call Type Custom GroupsPermission level for call type custom group management
LocationsPermission level for location management
Ignore Traffic Number TypesPermission level for ignore traffic number type management
Ignore Traffic Chargeband TypesPermission level for ignore traffic chargeband type management
User Activity TypesPermission level for user activity type management
Invoice Usage Report Customer ProfilesPermission level for invoice usage report customer profile management
MyAccount Customer ProfilesPermission level for MyAccount customer profile management
MyAccount NumbersPermission level for MyAccount number management
MyAccount CampaignsPermission level for MyAccount campaign management
Xero Task TypesPermission level for Xero task type management
Expected Payment TypesPermission level for expected payment type management
Customer ClassesPermission level for customer class management
CarriersPermission level for carrier management
Billing Task TypesPermission level for billing task type management
Stored Files Provider TypesPermission level for stored files provider type management
Stored Files ProvidersPermission level for stored files provider management
Auto Topup ProfilesPermission level for Auto Topup profile management
TODO StatusesPermission level for TODO status management
TODO Activity TypesPermission level for TODO activity type management
TODO Repeat RulesPermission level for TODO repeat rule management
TODO Action Taken/Next StepsPermission level for TODO action/suggestion management (Action Taken and Next Steps)
TODO TypesPermission level for managing TODO Types (categories)
Service StatusesPermission level for service status management
Service TypesPermission level for service type management

Specialised permissions for billing operations, including billing run management, call processing, and direct debit handling. These permissions control access to billing-specific functionality.

FieldDescription
Billing RunPermission level for billing run operations
ProcessingPermission level for billing processing operations
Direct DebitsPermission level for direct debit operations
CallsPermission level for call-related billing operations
Billing RunsPermission level for billing run management
Billing CyclesPermission level for billing cycle management
CDR FilesPermission level for CDR file management
Deleted CallsPermission level for deleted call management

Permissions related to data protection responsibilities and access to sensitive information. These permissions ensure compliance with data protection regulations.

FieldDescription
Data Protection Responsibilities
User Activity
Customer Activity
Data Protection Access

Users can enable two-factor authentication (2FA) using a TOTP authenticator app. Once enabled, they need both their password and a code from their app to sign in.

When a user enables 2FA, the platform generates backup codes. These are single-use codes that work if the user loses access to their authenticator app. Advise users to store backup codes somewhere safe and separate from their device.

If a user loses both their authenticator and backup codes, an administrator can help through the Account Access Assistance workflow.

Sessions expire after a period of inactivity. This protects accounts on shared or unattended computers.

Users with API access can generate authentication tokens for system integrations. Tokens inherit the user’s permissions, so the integration can only do what the user is allowed to do.

The platform uses a layered permissions system. User groups provide the base permissions, and individual settings can extend or restrict access further.

User groups are reusable permission templates. Each group defines a set of permissions that apply to all its members. A user can belong to multiple groups, and their effective permissions are the combination of all their groups’ settings.

Groups are defined by your system administrator and typically match job roles. Common examples include groups for billing staff, customer support, account managers and administrators. Go to Settings > User Groups to view and manage them.

Permissions are organised into four main areas:

Standard Permissions - control access to everyday platform features like customers, numbers, features, invoices, reports and support tickets. Each area has its own permission level.

Settings Permissions - control who can change system configuration such as tariffs, customer statuses, invoice templates and other platform settings. These are typically limited to administrators.

Billing Permissions - control access to billing operations including billing runs, call processing, direct debits and billing cycle management.

Data Protection Permissions - control access to sensitive operations like viewing user activity logs, customer activity data and account recovery tools. These require the highest privilege levels.

Each permission area can be set to different access levels. The exact levels vary by area, but the general pattern is:

  • No access - the user can’t see or use this feature.
  • Read access - the user can view records but not change them.
  • Full access - the user can view, create and edit records.

Some areas have additional levels for specific operations like running reports or executing processes.

  1. Go to Settings > Users.
  2. Find the user through the list or search.
  3. Click their name to open their record.
  4. Make your changes and save.

Changes to permissions take effect the next time the user loads a page.

When someone leaves your organisation or no longer needs access, deactivate their account rather than deleting it. To do this, edit the user and remove the Login flag from their Allow Access field. This:

  • Stops them signing in immediately
  • Preserves their full audit history
  • Keeps data integrity for records they created or modified
  • Allows reactivation if they return

Administrators can help users with password issues in two ways:

  • Send Access Email - sends the user an email with their sign-in details and a password reset link. Use this for forgotten passwords or when setting up a new user. Available from the Actions menu on the user’s record.
  • Send Recovery Code Email - generates a single-use recovery code that lets the user reset their password or remove their 2FA device. See Account Access Assistance for the full workflow.

The platform tracks user activity for security and compliance. Administrators with Data Protection permissions can review:

  • Sign-in history - when each user signed in, from which IP address and location.
  • Failed attempts - unsuccessful sign-in attempts, including the reason (wrong password, account without Login access, etc.).
  • Record changes - what each user viewed, created or modified, with before-and-after values.
  • Security events - 2FA changes, password resets, backup code usage and access email sends.

Use these logs to investigate security concerns, verify compliance requirements or understand how the platform is being used.

Give each user only the permissions they need for their role. Start with a user group that matches their job function and only add individual permissions where genuinely needed. It’s easier to grant extra access later than to clean up overly broad permissions after the fact.

Set a regular schedule (quarterly works well for most teams) to review who has access and whether their permissions still match their role. People change jobs, take on new responsibilities or leave the organisation. Prompt reviews prevent access from drifting out of line with actual needs.

Require two-factor authentication for all users, especially those with access to billing, financial data or system settings. 2FA significantly reduces the risk of compromised passwords leading to unauthorised access. Make sure users store their backup codes securely.

When someone leaves your organisation, remove their Login access straight away. Don’t wait for an IT review cycle. The longer a disused account stays active, the greater the risk. Removing Login access is instant and reversible, so there’s no downside to acting quickly.

Record the reason for changes using the Update Reason dropdown and Update Details field when editing user records. This creates a clear audit trail showing not just what changed, but why. This is invaluable for compliance reviews and investigating security concerns.


Need fine-grained access control so your team only sees what they should? see how SAFE Billing Platform handles multi-user permissions