Domain Administrators don't have enough rights
There are a few management tasks that domain admins should be able to do in Expensify but they can't:
- Reset other users' passwords
- Delete other users' expense reports
- Delete other users' expenses
We are a construction company with high turnover and a workforce who don't spend much of their day on the computer. There are a lot of problems that we need to just fix for them as admins, but Expensify prevents us and it's very frustrating.
Comments
Hey @sfeagans, thanks for posting to the Community! Policy/Domain Admins can become Copilots in users' accounts if they need to take actions on their behalf. Please find more information about this here.
Let me know if you have any other questions!
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeI understand that, but it still requires the user to follow the steps of granting the admin copilot access. As a domain admin, that should not be required - they should either automatically be copilots for all of the domain's users, or should at least have the admin rights I mentioned in my first post. The admin doesn't need to be able to process expense reports for the user, they just need to be able to administer the system, and their hands are tied right now.
- Spam
- Abuse
- Report
1 · Accept Answer Off Topic Insightful 1Vote Up AwesomeHi @sfeagans - thank you for the additional context. It's an interesting idea to have domain admins have copilot access to users of their domain, but for privacy reasons, we wouldn't be able to grant access automatically. For now, I'd suggest editing the title of your post to specify the action of your idea, e.g. "Give domain admins additional control of domain members' accounts", and be sure to vote for your own idea! If other users agree, they can vote for this idea too and add additional examples/suggestions.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeAdmin should be able to do the same as a user on any account without the need for the user to add admin as a co-pilot, fairly standard on most systems!
- Spam
- Abuse
- Report
1 · Accept Answer Off Topic Insightful 1Vote Up Awesome@Mark Louis
I'm just curious as to how the voting/use case for ideas and user needs comes into play from the community. This is a feature I have been requesting for over 2 years. It has been requested time and time again by multiple other admins, and we've provided a very thorough explanation of why this is necessary.
Does anything actually ever happen with these idea posts (aside from when it was already in development)?
This idea gets brought up all the time. I can't even keep track anymore.
https://community.expensify.com/discussion/374/admin-people-management#latest
- Spam
- Abuse
- Report
1 · Accept Answer Off Topic Insightful 1Vote Up AwesomeHi @Julia - I'm just in the process off pushing through some of those more popular suggestions! We review them regularly to see if they fit with our road-map and big-picture for Expensify. Unfortunately the voting can be a little slow. With around 5-6 million active users each month, the votes that we see here only represent a teeeensy portion of users, so we also weigh them up based on common support queries.
With this particular one, the issue is that it is really tricky in that it does not fit with the philosophy of Expensify being user-lead and users owning their own accounts for life. So while we're well aware of this request, it's difficult to come up with a solution that does not compromise how Expensify is designed to work.
One possible solution I have been ruminating on (since September!) is a potential ability for users to turn on a setting which pre-approves Copilot requests from their Policy Admins. A little like the Policy joining link. And then removes that access automatically when they are removed from the Policy.
The thing is how do we allow this, while still keeping complete account ownership and control within the user's grasp?
So, this one is not on my 'list' right now, because while I can see what everyone wants, I can't work out how to do that with compromising the Expensify philosophy. I also suspect it would be a VERY big project once we get to starting!!
I really value your insight here, so please do weigh in with your opinion! The key things to keep in mind are:
We are unlikely to change any of these things, so the question is, how do we make it easy for Admins to access user expenses to assist them, without compromising privacy?
I look forward to hearing your ideas!
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeMaybe if Expensify could share their roadmap with users being able to add items to if for suggestions with a voting function this would be beneficial in one single place. I think the community pages fail here, as the same topics gets mentioned over and over again and voted for in different places, so I can imagine its very difficult for Expensify to keep track of the total number of votes for any product development. So maybe sharing a document would be the way forward. Maybe something to think about how that could work. Maybe a google docs document?
- Spam
- Abuse
- Report
1 · Accept Answer Off Topic 1Insightful Vote Up Awesomethanks for the suggestion @cparsons, the team is always looking for ways to improve visibility on the Ideas section of the community, so will keep this in mind for the future.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeThanks for the thoughtful response @Rachael Hopkins
My solution is simple- use your existing means by having it tied to the domain and policy rules. If the domain owner restricts policy creation and can also restrict primary login, then there is no risk for anything you have identified which I've copied below. It is really that simple. The company still pays for your services and uses Expensify the way we were told it was intended to. The employee is free to create a log in completely separate from their work email address (the email address and login doesn't belong to the employee anyways, it is owned by the company, and is tied to their Admins domain and policy) for all the other use cases you have described below. If they have an account for personal or other use, it shouldn't be tied to their companies email address anyways. I imagine they may even be able to designate their work email address as a Co-pilot for their personal accounts, and they could fluidly navigate between the different accounts without having to log in and log out each time. Their personal accounts stay separate from the Domain and Policy admin this way.
If a company doesn't have the domain rights to the email handle, then they can't restrict policy creation and primary login restriction. So they would not automatically get admin rights and the integrity of the data remains with the user.
As it stands, our employees do not 'own' their accounts or historical information. WE DO. We pay for it. If an employee leaves the company and asks for historical access, I will definitely work with them to change around the restrictions to let them change their primary login. At that point, I have ZERO need or use case for being able to administer any historical data anyways, assuming all of their final expenses and credit card transactions have been submitted (which we also struggle with currently).
If you are truly user lead, then certainly I can hope you understand that as admins, we only want these additional proxy abilities in place to HELP OUR USERS. There's just some things within Expensify that we can easily work around and fix, because we live and breathe in the system and see all the weird stuff, but are nearly impossible to reasonably explain to our employees and expect them to handle regularly.
Has Expensify completely changed it's model, are you no longer wanting enterprise business accounts? Will you be phasing us out? All of the recent changes within the last 6 months say yes. There has been so much change, I feel like you all are just showing us the door so we can see ourselves out.
- Spam
- Abuse
- Report
1 · Accept Answer Off Topic Insightful 1Vote Up Awesome@Rachael Hopkins @Julia
I don't have anything to add except the fact that i completely echo @Julia's statement. If I'm a domain admin, and controlling their account from the domain level. This is a simple ask. We are new and growing with Expensify, but all this is making us desire to change corse.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up Awesome@Rachael Hopkins , actually thinking about this a bit more I think the answer is simple if we just change some terms used in the problem we uncover a solution that fits, instead of co-pilot let's say policy.
For any expense posted to a specific policy, the policy admin should have full permissions to delete, modify, and more including modifying an expense report on the company policy. This is currently lacking.
As far as resetting users passwords, this isn't a need when you get to a larger level. Everyone has the ability to do 'forgot password'.
This is the exact same 'user centric' model Slack currently has; It's not special. It just needs to be done right. When you're in my slack workspace, I have full control over every aspect of your account, except your password and login. That user can log into many slack accounts with the same email (if they want). If I want your name different in my channel, I'll do it. I'm not sure why Expensify is over complicating this process.
- Spam
- Abuse
- Report
1 · Accept Answer Off Topic 1Insightful Vote Up AwesomeWe're an accounting firm for some businesses and non-profits who know very little about accounting and need it to be as simple as possible. This is the biggest draw-back I have considering Expensify. If we have to chase them down and coach them through making corrections on a policy we should have full access to fix/edit/delete transactions on- than that's going to be stressful for everyone involved. Would love to see that feature added.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeHi @Lorien - welcome to the Community! We actually offer users the ability to add a Copilot to their account - this allows the Copilot to log into the user's account via their own Expensify account, and perform any actions that the user can.
As a Policy Admin, you're also able to modify things like Categories and Tags once an Expense has been added to a Report and submitted (but you won't be able to create or delete Expenses unless you're a Copilot). Hope that helps!
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeThat does help, thanks @Jason Li . Does Copilot give you access to their entire account; or just the portion that's on your policy? (like we don't need to their personal tracking if they do that on top of this business policy)
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeGreat question, @Lorien!
There are two "flavors" of Copilot access; "Submit-Only" and "Full Access". Both of them do pretty much exactly what it says on the tin. That said, I recommend taking a look at these two articles to see if Copilot can address your needs!:
Deep Dive: What is a Copilot, what are the different types?
Deep Dive: Best practices and when to use Copilot
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeI agree with sfeagans and others who are looking for more power and control to company administrators. There seems to be a long-standing disconnect with Expensify, which errs on the side of giving power/control to users. It's gotten a little better, but a long way to go. We have a sizeable group of tech-challenged people and we're regularly frustrated because we need the employee to do/change/manage something that we could easily do from our end. There is no way I'll be able to get 300 people to grant us Copilot access. They have a hard time remembering passwords.
If my company is paying for the service, my company should have complete control over all accounts we pay for. Wall off personal accounts. Make it clear to users that anything and everything that happens in a company account can be seen by and controlled by the Company. Same as company email, company travel accounts and company cell phones.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up Awesome@Mark11215
There are many actions that admins do have the ability to take in regards to employee expenses and reports. Can you elaborate on the specific action(s) that you're looking to complete on behalf of an employee?
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeDisable certain messages from appearing in Employee Inbox (such as credit card marketing, encouraging use of auto-submit, etc.)
Disable SmartScanning from a Control Policy.
Merge reports prior to approval, so that if an EE incorrectly creates multiple reports for a given period; merge them into 1 report.
In profile, update the way their name appears or make other changes in the profile as needed.
These are a few examples.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up AwesomeThanks for the clarifying @Mark11215.
- Spam
- Abuse
- Report
0 · Accept Answer Off Topic Insightful Vote Up Awesome