Deep Dive: Domain Groups and permissions — what are they all about?

Ariel Green
Ariel Green Expensify Team, Expensify Student Ambassador Posts: 111 Expensify Team
edited December 2021 in Deep Dive Docs
Let's talk about Domain Group permissions and how each setting works in Expensify. As a reminder, Domain Groups can be accessed by navigating to Settings > Domains > [Domain Name] > Groups > Edit

Here's a screenshot of Domain Group settings:

Expensify Card unapproved expense limit
This is now enabled in-line for each group.

Strictly enforce expense policy rules

If enabled, every rule that has been set for the policy will need to be satisfied before the report can be submitted for approval. If there is a policy violation on an expense, the employee will not be able to submit the report. If this feature is enable, employees can not dismiss policy violation notifications and submit their reports without correcting them.

Restrict primary login selection

If enabled, users can not make a non-company domain email address their primary email address (thus bypassing permissions set up via Domain Control). Employees will still be allowed to add secondary logins.

Restrict expense policy creation/removal

If enabled, users will be prevented from creating new group policies or personal subscriptions and can not remove themselves from an existing policy.

Note: If enabling this rule, it is recommended that a separate group is created for admins who need the ability to create new reports with the rule disabled.

Preferred Policy

If enabled, group members can only create and reports under the designated policy. This is useful when you have employees that are approvers for multiple policies but should only submit their own expenses under a single policy. However, once a report is created, the user will be able to move it to a different policy, or their personal policy. This allows users to still keep their personal expenses separate if need be. In addition, if a company card feed is set o use a particular policy, this setting will override it, allowing admins a more granular control over company card expenses.

Set Preferred Policy to: 

If Preferred Policy is enabled, you can choose a specific default group policy for all Group Members.

Note: If you do not want Group Members to automatically join a specific group policy, do not enable Default Group and Preferred Policy

Have a question, or want to know more? Start a discussion here!