User Management

Manage who can access the billing platform and what they can do. Each person in your organisation who needs platform access gets their own user account with an email address and a set of permissions that match their role.

Overview

User management covers:

  • Creating and editing user accounts
  • Setting permissions through user groups and individual controls
  • Configuring security settings like two-factor authentication
  • Monitoring user activity and sign-in history
  • Helping users who can’t sign in (see Account Access Assistance)

Creating Users

Go to Settings > Users > Add New to create a user account.

What you need:

  • The person’s full name
  • Their email address

Steps

  1. Go to Settings > Users > Add New.
  2. Enter the user’s Name (their full name as shown throughout the platform).
  3. Enter their Email Address. This is used to sign in, receive password resets, access recovery emails and system notifications. Each user needs a unique email address.
  4. Save the record.
  5. Assign the user to one or more User Groups to grant permissions.
  6. Use the Send Access Email action to email the user their sign-in details and a password reset link.

The user can then sign in and set their own password.

User Details

Each user record has several sections of information.

Basic Details

  • Name - the user’s full name, shown wherever the platform identifies them.
  • Email Address - the user’s email, used to sign in and receive notifications. Must be unique across all users.

Account Details

  • User Status - flags such as Account Manager or Commission Holder that describe the user’s role.
  • Allow Access - controls what type of access the user has. The Login flag lets them sign in to the platform. Other flags control customer access scope, email reports and API access (read/write).
  • Privilege Level - sets the user’s overall privilege ranking within the platform.
  • Expert Level - controls access to advanced features. Higher levels unlock more powerful (and potentially risky) capabilities. See Expert Mode for details.
  • Grant Permissions - the user groups this user belongs to. Select one or more groups to apply their permission sets.

Department Details

  • Departments - which departments the user belongs to. This controls which tickets and TODOs the user is responsible for, and which appear by default in their left-menu action list. All users can still view data from any department.

Security Settings

Two-Factor Authentication

Users can enable two-factor authentication (2FA) using a TOTP authenticator app. Once enabled, they need both their password and a code from their app to sign in.

When a user enables 2FA, the platform generates backup codes. These are single-use codes that work if the user loses access to their authenticator app. Advise users to store backup codes somewhere safe and separate from their device.

If a user loses both their authenticator and backup codes, an administrator can help through the Account Access Assistance workflow.

Session Timeout

Sessions expire after a period of inactivity. This protects accounts on shared or unattended computers.

API Tokens

Users with API access can generate authentication tokens for system integrations. Tokens inherit the user’s permissions, so the integration can only do what the user is allowed to do.

Permissions

The platform uses a layered permissions system. User groups provide the base permissions, and individual settings can extend or restrict access further.

User Groups

User groups are reusable permission templates. Each group defines a set of permissions that apply to all its members. A user can belong to multiple groups, and their effective permissions are the combination of all their groups’ settings.

Groups are defined by your system administrator and typically match job roles. Common examples include groups for billing staff, customer support, account managers and administrators. Go to Settings > User Groups to view and manage them.

Permission Categories

Permissions are organised into four main areas:

Standard Permissions - control access to everyday platform features like customers, numbers, features, invoices, reports and support tickets. Each area has its own permission level.

Settings Permissions - control who can change system configuration such as tariffs, customer statuses, invoice templates and other platform settings. These are typically limited to administrators.

Billing Permissions - control access to billing operations including billing runs, call processing, direct debits and billing cycle management.

Data Protection Permissions - control access to sensitive operations like viewing user activity logs, customer activity data and account recovery tools. These require the highest privilege levels.

How Permissions Work

Each permission area can be set to different access levels. The exact levels vary by area, but the general pattern is:

  • No access - the user can’t see or use this feature.
  • Read access - the user can view records but not change them.
  • Full access - the user can view, create and edit records.

Some areas have additional levels for specific operations like running reports or executing processes.

Managing Users

Editing Users

  1. Go to Settings > Users.
  2. Find the user through the list or search.
  3. Click their name to open their record.
  4. Make your changes and save.

Changes to permissions take effect the next time the user loads a page.

Deactivating Users

When someone leaves your organisation or no longer needs access, deactivate their account rather than deleting it. To do this, edit the user and remove the Login flag from their Allow Access field. This:

  • Stops them signing in immediately
  • Preserves their full audit history
  • Keeps data integrity for records they created or modified
  • Allows reactivation if they return

Password Management

Administrators can help users with password issues in two ways:

  • Send Access Email - sends the user an email with their sign-in details and a password reset link. Use this for forgotten passwords or when setting up a new user. Available from the Actions menu on the user’s record.
  • Send Recovery Code Email - generates a single-use recovery code that lets the user reset their password or remove their 2FA device. See Account Access Assistance for the full workflow.

Activity Monitoring

The platform tracks user activity for security and compliance. Administrators with Data Protection permissions can review:

  • Sign-in history - when each user signed in, from which IP address and location.
  • Failed attempts - unsuccessful sign-in attempts, including the reason (wrong password, account without Login access, etc.).
  • Record changes - what each user viewed, created or modified, with before-and-after values.
  • Security events - 2FA changes, password resets, backup code usage and access email sends.

Use these logs to investigate security concerns, verify compliance requirements or understand how the platform is being used.

Best Practices

Apply Least-Privilege Access

Give each user only the permissions they need for their role. Start with a user group that matches their job function and only add individual permissions where genuinely needed. It’s easier to grant extra access later than to clean up overly broad permissions after the fact.

Review Access Regularly

Set a regular schedule (quarterly works well for most teams) to review who has access and whether their permissions still match their role. People change jobs, take on new responsibilities or leave the organisation. Prompt reviews prevent access from drifting out of line with actual needs.

Enforce Strong Authentication

Require two-factor authentication for all users, especially those with access to billing, financial data or system settings. 2FA significantly reduces the risk of compromised passwords leading to unauthorised access. Make sure users store their backup codes securely.

Deactivate Leavers Promptly

When someone leaves your organisation, remove their Login access straight away. Don’t wait for an IT review cycle. The longer a disused account stays active, the greater the risk. Removing Login access is instant and reversible, so there’s no downside to acting quickly.

Use the Platform’s Tracking Tools

Record the reason for changes using the Update Reason dropdown and Update Details field when editing user records. This creates a clear audit trail showing not just what changed, but why. This is invaluable for compliance reviews and investigating security concerns.

Need fine-grained access control so your team only sees what they should? see how SAFE Billing Platform handles multi-user permissions

Still Didn’t Find Your Answer?

For assistance, please contact us below.

Submit a ticket