Expensify.org/hunger SNAP campaign status
We’re no longer accepting new participants as our focus is on reimbursing existing claims. While we’re unable to provide a specific timeline on when your report will be reimbursed, we’re doing our best to drive donations and keep reimbursements moving forward. If you know anyone who can donate to this campaign please encourage them to enable Personal or Corporate Karma on their Expensify account.

We're currently experiencing issues with our American Express and Capital One connections. Please visit our status page for more details and to subscribe to updates.

Best Practices Re: Removing users from Policies and Deleting users from Domain Control

SWalsh_2019SWalsh_2019 Expensify Customer Posts: 3 Expensify Newcomer

I am auditing our database of users that has never been cleanup and I want to proceed correctly. There are numerous termed employees that need to be deactivated.

I really want to understand the difference between the functionality of Domain Control and Policies and what effect removing/ deleting users means under each. Is data lossed?

Any guidance is MOST, MOST appreciated.

Answers

  • Sheena TrepanierSheena Trepanier Expensify Success Coach - Admin Posts: 1,317 Expensify Team

    Hi @SWalsh_2019, this is a great question and I'm happy to clear things up!

    What's the difference?

    A policy is used to group employee who should all follow the same expense reporting rules. Typically policies are used to separate employees by department or entity if multiple policies are used. An member of a policy has the permissions needed to submit reports on that policy and removing them will block them from submitting on that policy in the future.

    Domain Control on the other hand is used to group employees who have the same domain email, for example @Expensify.com, and lock down account creation using those emails. Domain Control also grants a company administrative control over an employee's account but this is limited to account creation, deletion, and assignment of company cards.

    What happens when an employee is removed?

    When you remove an employee from a policy, they can no longer create and submit reports on that policy. As an admin, you retain access to any of their submitted reports that you already have access to, no submitted reports are removed from the policy.

    Deleting an employee from Domain Control can have two different outcomes depending on how the employee has their account set up. If they are only using their work email with no secondary logins, then deleting them from Domain Control will delete their Expensify account entirely. If they have a secondary login, then deleting them from Domain Control simply removes the company email from their account and reverts them to their secondary login.

    If you remove an employee from Domain Control, you still retain access to their submitted reports and won't lose any information there. It's important to confirm that the employee is removed from the company policy as well as Domain Control, especially in the event they have a secondary login. Removing an employee from domain control does not remove them from company policies unless their account is successfully deleted.

    Best way to handle termed employees

    There are two main ways companies handle termed employees. The first is to delete them from the policies and domain. This is typically the cleanest but is also a permanent deletion if removing them from Domain Control.

    The second option is to create a group in the domain that you call "Terminated Employees" or something similar. Termed employees are moved to this group and are effectively locked down based on the group restrictions you select.

    The choice is yours, but if you run into questions before making changes feel free to circle back to this thread and @ my user name to notify me.

  • vmevme Expensify Customer Posts: 3
    This was helpful as I always wondered what the difference was...I wish deleting them from the domain control also deleted them from the policy so admins aren't duplicating efforts. 
Sign In or Register to comment.