[Product Change] We’ve made secure receipt URLs the default for all policies
In February 2020, we released a powerful security feature that allows admins to block company outsiders from accessing receipt image URLs unless they have an Expensify account with access to view the receipt in Expensify directly.
In Policy settings, Public Receipt Visibility was previously enabled by default
To ensure that receipts are secure for all users who need them to be, we have disabled Public Receipt Visibility (as a default) for all policies. This will mean that receipts are only viewable by Expensify users who have access to view the receipt in the application. If a user sees this error:
Either they are not signed into Expensify, or a Policy Admin needs to grant access to this receipt image to the user.
How to grant receipt access to external parties:
- Invite the user to your policy if they’re likely to submit expense claims in the future:
- To invite a user into your policy, head to Settings > Policies > Group > [Policy Name] > People.
- Use one of the policy joining options to invite someone into your policy.
- Share the report with them using the Share button.
- To share a report, head to the report page and open the Details pane on the right side of the page.
- Click the sharing icon and add the user’s email.
Enabling Public Receipt visibility
To enable Public Receipt Visibility, head to Settings > Policies > Group > [Policy Name] > Expenses > Expense Basics.