SupportAbility Roadmap

In the interest of providing greater transparency regarding planned enhancements and new features, details of the current SupportAbility Roadmap are updated here for the benefit of our subscriber base.  

The roadmap lists the key changes we plan to make to SupportAbility over the next 12 months. It is not designed to be a complete or final list. Instead, it is focused on providing information regarding upcoming changes that will affect the way our subscribers use the product for the purpose of forward planning. 

For further details on the process that SupportAbility utilises to determine this roadmap, please view our Knowledge Base article The Roadmap Process at SupportAbility

Audience: All


The following list summarises the content within this article. Click on the links below to take you to the relevant sections:


6 Month Roadmap

Improved security with Multi-Factor Authentication (MFA)

SupportAbility will be enhancing security by making Multi-factor Authentication (MFA) individual user login to SupportAbility available in the form of a  time-based one-time password (TOTP).  6 Digit Authentication codes will be generated using a smartphone Authenticator App, with the ability to use email as a fallback authentication method if the primary authentication smartphone is unavailable. 

It is important to note this feature will be off by default and is an opt-in configurable setting for providers, given consideration regarding how MFA will be implemented is required before activating this in SupportAbility and rolling this out to all Staff. 

N.B. The screenshots provided below are for reference only and are subject to change when this feature is released. 

Return to Summary

Transitioning to use MFA: System Settings

MFA Mode

Providers will have the option to improve the security of Staff logging into SupportAbility by transitioning their organisation to require MFA for all Staff logging into SupportAbility. To facilitate this, Staff with access to System Preferences can set the MFA Mode for their SupportAbility installation to one of the following three options:

  • Blocked: In Blocked mode, Staff will not be required, or even able to activate MFA in their Staff Account.

    This will be the default setting to ensure that the experience of logging into SupportAbility will not change once this new MFA functionality is released.
  • Optional: Optional mode allows Staff to activate MFA on their SupportAbility account whilst not requiring that they have MFA activated in order to log into SupportAbility. 

    In Optional mode, Staff will not be forced, or even prompted to activate MFA on their account when they log into SupportAbility. This mode allows providers to experiment with the MFA functionality and transition to activating MFA for all Staff Accounts before enforcing MFA for the organisation.
  • Enforced: The Enforced mode represents the final stage of an organisation's transition to mandating MFA for all Staff logins to SupportAbility. 

    In Enforced mode, Staff that have not activated MFA activated in their Staff Account will be forced to activate MFA in their Staff Account using an Authenticator app on their smartphone when they log in to SupportAbility. 

    In Enforced mode, Staff will not be able to log in to SupportAbility if they cannot verify their identity using MFA via a smartphone Authenticator App or via the email fallback option.

MFA Setup Guidance Message

Providers will have the option to configure system settings e.g:

To provide instructions for Staff that will appear on the left-hand side of the MFA Activation Wizard (see below for an example).

MFA Expiry Period

SupportAbility will support and remember authentications for up to 5 devices per Staff Member. However providers can choose how long SupportAbility will retain device authentications before they expire. Opions will include:

  • 24 hours
  • 7 days - set as the default
  • 14 days
  • 28 days
  • 30 days

Return to Summary

Primary MFA Tool: Smartphone Authenticator App

SupportAbility will support the generation of time-based one-time passwords (TOTPs) using smartphone Authenticator Apps (that support the RFC 6238 standard). Many free Authenticator Apps are available that support this standard.  These include, but are not limited to:

  • LastPass
  • Microsoft Authenticator
  • 1Password
  • Authy
  • Duo Mobile
  • FreeOTP
  • Google Authenticator

These smartphone Authenticator Apps will generate a 6 digit authenticator unique to each SupportAbility user, which is rotated every 30 seconds e.g:

Staff with MFA activated in their SupportAbility account will be required to enter the authenticator code generated by their smartphone Authenticator App when logging into SupportAbility, after entering their username and password.

We strongly recommend that providers choose to use a smartphone Authenticator App that supports cloud backup and ensure that all Staff have the cloud backup feature enabled in the Authenticator App on their smartphone.

Return to Summary

Activating MFA on a Staff Account

When the MFA Mode in system settings is configured to either 'Optional' or 'Enforced', Staff will have the option to activate MFA in their Staff Account from the 'My Staff Account' screen, available from the Dashboard. By default, MFA is deactivated for all users e.g:

Before activating MFA, the Staff Member will need to have the organisation's preferred smartphone app installed on their phone, and should have the cloud backup feature enabled.

Clicking on the MFA 'Activate' button will open the MFA Activation Wizard, which includes the instructions configured in System Preferences on the left-hand side: 

Staff will then use their smartphone Authenticator App to scan the QR code on the screen to link their SupportAbility account and start generating the required 6 digit Authenticator codes to log in.  Once linked, the Staff Member will need to enter the 6 digit Authenticator code generated in the app into the 'Confirm MFA Code' section of the wizard.

If the Staff Member is not able to scan the QR code (e.g. if they are accessing the using the SupportAbility MFA Activation Wizard on the smartphone), they can click the 'Can't scan the QR code?' link to show the text equivalent of the QR code that can be manually copied from SupportAbility and entered into the smartphone Authenticator App to link it to SupportAbility.

Once MFA has been Activated for a Staff Account, it can be deactivated by the user on the 'My Staff Account' page or by a Staff Member with the 'Edit User Accounts' privilege from the User Details tab of the Staff Member's Account.  Please note that if the MFA Mode for the SupportAbility installation is set to 'Enforced', the Staff Member will be required to Activate MFA when they next login in order to gain access to SupportAbility.

Return to Summary

Logging into SupportAbility when MFA is Activated on the Staff Account

A Staff Member logging into SupportAbility who have MFA Activated in their account will be requested to enter the 6 digit code generated by their smartphone Authenticator App after entering their correct username and password. 

If the correct code is entered, they will be logged in to SupportAbility. If they are unable to enter the correct code (e.g. they do not have access to their smartphone or smartphone Authenticator App), they will be able to request a code be sent to their email which they can then copy and enter into SupportAbility to log in.  Email Authenticator codes will be 8 digits in length so that they can be easily differentiated from the 6 digit codes generated by smartphone Authenticator Apps.  Email Authenticator code will be valid for 10 minutes

Please note that if the MFA Mode for the SupportAbility installation is set to 'Enforced', the staff member will be required to successfully pass the MFA requirements when logging in, in order to gain access to SupportAbility.

Return to Summary

MFA Reporting

As providers work to transition their workforce to enforcing MFA for all Staff logging into SupportAbility, it is important for them to be able to generate reports to identify the status of MFA across all Staff Accounts. 

To achieve this, we will be adding a new filter to the Staff Accounts Search called 'MFA Active' that will allow providers to search for Staff Accounts that do and do not have MFA Activated.  We will also be providing an additional field in the Staff Accounts export to identify which Staff Accounts do and do not have MFA Activated, however, users must have the 'Edit User Accounts' privilege in order to see this field in the export.

Return to Summary

Support Considerations

Enforcing MFA for Staff logins is an important security feature that we recommend providers transition to in order to take full advantage of. However, this transition represents a complex change management exercise that requires careful planning, coordination, documentation, training and will require organisations to provide additional support for their Staff. 

This is required as MFA does add complexity to the login process and potentially increase the risk of Staff not being able to access SupportAbility if they are having issues with the authentication technology.

We recommend that Staff have access to their work email on their smartphone if your organisation wishes to utilise the email fallback method, which reduces the risk of staff being locked out of SuppoortAbility if they are having technical issues with the smartphone Authenticator app.

Return to Summary

Continuous Product Discovery

What is Discovery?

At SupportAbility, we invest heavily in product development; whether that's building new technology or enhancing existing functionality and workflows.

We go to great lengths to ensure that the work we do benefits as many of our subscribing providers as possible. We work in full appreciation of the fact that SupportAbility is a software company, and our subscribing providers are the real-world experts in delivering NDIS services and as such, will always have a better understanding of their NDIS business requirements than we ever will.  

In the software world, the process of transferring that knowledge from real-world end-users of a software product to the engineers that build the software is called ‘discovery’.  Discovery is designed to help us understand the real-world business problems that we are trying to solve before we begin the work of designing and building software solutions to solve those problems. In short, Discovery helps us ensure meet the needs of our subscribers and add value.

How has SupportAbility traditionally approached Discovery? - Project Discovery

Traditionally, SupportAbility has undertaken the process of discovery using the following methods:

  • Roadmap Surveys: Periodic email surveys that we send to our subscribing providers, to help us understand which features they need most urgently.  This form of discovery is used to inform feature prioritisation for our roadmap.
  • Provider Feedback: Feature requests or product feedback communicated to us via support tickets or during meetings with our subscribing providers
  • Discovery Meetings: Online meetings held with providers for the express purpose of understanding real-world provider challenges and proposing solutions to ensure that what we build solves these issues in an appropriate manner. We may approach specific providers to participate in this process if they have expressed an interest in certain features that we are working on, or if we believe these features are particularly relevant to the way the provider uses SupportAbility in their day-to-day operations.

These discovery methods are best described collectively as 'Project Discovery' and are generally conducted once, at the beginning of a development project. Whilst a critical strategic tool, these methods do not cover all bases. Project Discovery alone makes it difficult to get quick answers to important questions from the right people throughout the lifecycle of a development project.

The Importance of Speed

Unfortunately, the current methods of discovery alone (listed above) can be very slow in providing the feedback we need to build great software. Often it can take a month or more to get the answers to simple questions from a variety of providers. This slows down our ability to develop and release important features as fast as possible.

Furthermore, long meetings to discuss Discovery questions are not an efficient use of provider resources or our own, and we are conscious of working to improve this.

Accessing the Right Audience

Discovery is all about understanding the real-world requirements of the end-user. It's not enough that we talk to providers about a new function we are building… we need to talk to the right person at that provider.  We need to be talking to the person that will need to interact with the functionality we are building; the true ‘end user’ as it were.

SupportAbility is a large, enterprise-grade software system. In recent years, much of our development roadmap has been focused on the finance and administration layers of the product. As a result, we’ve conducted discovery sessions with managerial staff - to whom this functionality is most relevant: nominated Authorised Representatives, system administrators and finance teams.

This year, we are dedicating our resources to building the SupportAbility mobile app.  A tool designed specifically to streamline the user experience and workflows for front line support workers working out in the community. The primary end-user of this app will be support workers, not managerial staff.   So it's important that we are able to talk to Support Workers, to understand:

  • the information they need to access to do their job whilst keeping themselves and the clients they work with safe
  • their daily work workflow and responsibilities (travel, evidence and goal progress tracking, timesheets, etc.) and the tools they need to facilitate this
  • what features will benefit them the most to support participants in the field
  • which user interfaces (UIs) and user experiences (UXs) are most appropriate and intuitive for them to use to reduce friction in their role

Introducing Continuous Discovery

Continuous Discovery is a process and methodology that aims to address these issues by allowing us to conduct small and more frequent discovery initiatives throughout the product development lifecycle. It allows us to obtain timely answers to important questions from the most appropriate audience in the most efficient manner possible.

Providers will have the option to participate in the Continuous Discovery process, by opting into this in System Preferences. When a subscribing provider opts-in to participate in the Continuous Discovery, this allows the SupportAbility Product Team to send the occasional 1-2 multiple choice question email survey to relevant, targeted staff in their organisation to get their thoughts and feedback so that we can better understand their job role and related requirements.  This in turn, allows us to build better tools to meet the needs of their workforce.

How we plan to identify and communicate with the right audience

For example, let’s say we were working on mobile app functionality that would allow a support worker to navigate to the locations of their various activities in a given day.  We would first need to start by identifying the appropriate audience i.e. support workers that do a lot of travel in their job role.  

We would then email a limited number of support workers from various organisations (maybe 10-20 support workers across our entire subscriber base and only those at providers who have opted-in to participate in Continuous Discovery) with a quick 1-2 question survey to get their thoughts and feedback regarding this specific area. We anticipate that their response would take 2 minutes or less to complete.

Similarly, if we were working on enhancing Bulk Payment Request features, we might target SupportAbility users that regularly generate the Bulk Payment Requests in SupportAbility.

Participating in Continuous Discovery

Each subscribing provider will be able to choose to opt-in and activate the Continuous Discovery process by enabling this in System Preferences, as participation will be deactivated by default.

By activating Continuous Discovery in your SupportAbility installation, you are allowing the SupportAbility product team to send the occasional short email survey (via their Staff Account Email) to the staff that have active Staff Accounts in your installation.

We recommend before activating this feature, that organisations communicate with their staff to inform them that their organisation has agreed to participate in SupportAbility’s Continuous Discovery process and that they may receive a short email survey from time to time, in order to assist in the continued evolution of SupportAbility and that their participation is very much appreciated. 

The Continuous Discovery System Preferences setting can be deactivated at any time to exclude your organisation from this process and to cease receiving any further email surveys related to this.

Unsubscribe Option for Individual Staff

Even if an organisation chooses to participate in the Continuous Discovery process, individual staff can choose to opt-out of the process at any time.  Each email survey sent to staff will contain an unsubscribe link which will take them to the My Staff Account page within SupportAbility where they can opt out from receiving any further Continuous Discovery emails.

Staff can return to their My Staff Account page within SupportAbility at any time to resume their personal participation in Continuous Discovery, assuming their organisation has activated Continuous Discovery in System Preferences.

We Value Your Feedback

Continuous Discovery surveys will form an important part of how we design and build software solutions for our subscriber base moving forward.  We encourage every provider to activate this feature in system preferences and inform their staff of the value of participating in this process.

We look forward to collaborating with providers through the Continuous Discovery process in an effort to deliver true value with the SupportAbility product.

Return to Summary

12 Month Roadmap

SupportAbility - Mobile Phone version

In response to feedback from both current subscribing providers and prospective providers, we can confirm that, following the Billing Flexibility project, our next major project, expected to commence late in 2021, will be to create a mobile phone version of SupportAbility. 

This mobile-friendly version of SupportAbility will not provide access to the full functionality of the standard SupportAbility application, but will instead focus on providing access to the core functions required by support workers in the field.

Some of the functionality we are considering for the initial release of the mobile version of SupportAbility will include the ability for Staff to:

  • Login securely
  • View their Roster
  • Access basic Client Details and Warnings
  • Access basic Activity information
  • Check-in and out of Activity-based shifts with geolocation
  • Enter the kilometres travelled in private and/or company vehicle
  • Create Client Journals (case notes)

Please be aware that this is a long-term major project that will require some interface changes to SupportAbility in readiness for this before the actual mobile interface is released. The actual mobile interface is expected to be released in late 2022.

It is yet to be determined if the mobile phone version of SupportAbility will be delivered in the form of a mobile application or a responsive web design.  We will be reviewing the technology options available and will provide more details once a decision on this has been made. 

We will be sending out a survey to our subscribing providers in the coming months to determine the functionality that they deem to be most important to deliver in the initial stages of this major project.  However, we welcome any ideas or suggestions that our providers would like to share with us by sending an email to

Return to Summary

Decommissioned Feature Notices

We have a policy of removing functionality that is not being used in an effort to improve the user experience by reducing system complexity, preserving screen real estate, and reducing bugs. The following existing SupportAbility features have been scheduled for removal: 

  • Legacy Client Record Privacy Settings
  • Rate Cards and Cost Amortisation for Services

Legacy Client Record Privacy Settings

The Client privacy settings on the Client Details tab of the Client Record are a legacy item from the first release of SupportAbility over 10 years ago:

Our data analysis indicates that of the 80,000 Client Records stored in SupportAbility across all of our subscribing providers, less than 0.3% of these Client Records are using these settings. 

We expect these Privacy Settings to be removed from the Client Details tab of the Client record by the end of 2022.

Return to Summary

Rate Cards and Cost Amortisation for Non-NDIS Services

The Rate Card system and the cost amortisation model for Non-NDIS services were included in the first release of SupportAbility over a decade ago. 

This lacks the sophistication and flexibility of our more recent billing technology and greatly over-complicates the Staff section of the Activity Edit screen.  

Our data analysis across all of our subscribing providers indicates that very few providers are using the Rate Card and cost amortisation model when billing for non-NDIS services.  

We expect this functionality to be removed before the end of 2022.

Return to Summary

Still need help? Contact Us Contact Us