Managing Client Access and User Roles
Our system provides granular control over client access, enabling a single user to manage multiple client profiles. This separation of authentication and authorization from service delivery, billing, and support enhances security and organization. Clients can also manage access to their own profiles, granting permissions to other users as needed.
Users and Profiles: A Dual Structure
The system operates with two distinct entities: users and profiles.
- Profiles (Client Profiles): These represent billable entities, such as businesses. They hold ownership of products and services, and designated users can access and administer them.
- Users: Users can manage one or more linked profiles. Specific permission controls govern user access to each individual profile.
Upon creating a new client or when an administrator sets up a new profile, a corresponding user is generated based on the profile's information. This user is designated as the profile owner, with each profile having only one owner.
Profile owners inherit all possible user permissions. They manage users and their permissions within the Profile Management section of the Client Dashboard. Only profile owners can send invitations to add new or existing users to their profiles.
If a logged-in user decides to create a new profile during checkout, that user automatically becomes the profile owner.
For instance, a freelance consultant with multiple clients would have each client represented by a separate profile. The consultant could use a single set of login credentials to access and manage each of these profiles independently. These profiles remain distinct and unconnected.
The Invitation Process
Invitations expire after seven days.
When associating a user with a profile, an invitation can be sent to a specified email address. The recipient receives an email with a link to accept. Each invitation contains a unique, one-time-use link valid for seven days. The user must click this link and complete the process to accept the invitation.
If you send an invitation to an email address linked to an existing account, the recipient can log in with their existing credentials to accept or create a new user with any desired email address. Accepting an invitation is not equivalent to profile email verification.
If the email address does not match an existing account, a new one can be created. While invitations are sent to a specific email, the recipient can complete the process using any email address. This emphasizes that accepting an invitation is separate from user email verification.
Managing Access Within the Client Dashboard
Profile owners manage users and their permissions in the Profile Management section of the Client Dashboard. This is the recommended method for adding users to existing profiles.
Login Behavior
When a user associated with only one profile logs in, their session automatically links to that profile.
If a user manages multiple profiles, a "Select Profile" page appears. The user must choose a profile to view relevant information.
Clicking a profile name logs the user into that profile. Users can switch profiles at any time through the "Hello, [Name]!" menu by selecting "Switch Profile" and then choosing another profile.
Managing Permissions in the Client Dashboard
Profile owners control user permissions within the Profile Management section of the Client Dashboard.
To adjust permissions:
- Go to "Hello, [Name]! > Profile Management."
- Locate the user.
- Click "Manage Permissions."
- Select the desired permissions.
- Click "Save Changes."
