Creating a Staff Account
This article steps through Creating a Staff Account and includes details about how to configure Security Privileges, itemising access by Site and Service, setting up the individuals account details, including their Username and Password which is required in order for the individual to log in and start using SupportAbility.
Audience: Authorised Representatives, HR Specialist, Team Leaders, and anyone tasked with creating or updating Staff Accounts.
- The 'Edit User Accounts' Staff Account privilege is required, to create Staff Accounts
- A comprehensive understanding of Staff Account Privileges as outlined in this article (linked below), or video. This may also be found in the 'Staff Management' section of the Learning Centre:
- It is important that your 'Company Name' and 'System Administrator' details have been configured correctly in the Installation Options of System Preferences, as this information is populated in the email sent to Staff when setting their Password:
The following list summarises the content within this article. Click on the links below to take you to the relevant sections:
- How to create a Staff Account
- Setting up the Staff Members access privileges
- Security Privileges
- Sites and services where this staff member works
- Configuring the Staff Members account details
How to create a Staff Account
To create a new Staff Account, navigate to the plus icon next to the Staff Accounts search on the dashboard. This will only be visible if you have the required 'Edit User Accounts' privilege to do so.
Select this and then confirm you wish to 'Add a new Staff Account':
This will navigate you to the new Staff Account record, which is Active by default.
Staff Account tabs
Staff Accounts are comprised of a number of tabs as shown below:
Privileges required to access the different tabs in a Staff Account
Various Staff Account privileges are required in order to access the different tabs in a Staff Account as follows:
- The 'Edit User Details' privilege is required in order to create a Staff Account and access the 'User Details' tab
- The 'Human Resources' privilege at the Site/Service level or global 'Human Resources For ALL Staff' privilege provides access to all tabs of a Staff Account other than the 'User Details' tab.
- The 'Team Leader' privilege at the Site/Service level or global 'Team Leader for ALL Services' privilege provides access to the 'Availability', 'Training', 'Medical', and 'Learning Centre Log' tabs of a Staff Account.
When a Staff Account is first created, this opens on the 'User Details' tab:
There are four sections in the 'User Details' tab of a Staff Account that require configuration: 'User Details', 'Account Details', 'Security Privileges' and 'Sites and services where this staff member works'. Each of these areas will be explored further below.
Setting up a Staff Members access privileges
There are two areas in a Staff Account where privileges and access is granted:
- Security Privileges, and
- Sites and services where this staff member works
This is where Staff Accounts are made active or inactive, however, most other settings in this section are for Staff requiring high levels of system access as this is where global organisation privileges can be allocated:
To assign the Staff Member high-level Security Privileges such as access to 'Edit Client Records Across ALL Services', simply check the relevant settings for the individual. For more information on what each of these settings does, select the question mark next to the setting. N.B. Staff may only be granted privileges to the equivalent of or less than, those of the individual logged in.
Each of the privileges with the word 'ALL' in them, grant Staff this level of access across the entire organisation e.g. 'Edit Client Records Across ALL Services':
Only Staff who need access to all of the Client's and/or Staff at your organisation should be granted these privileges. Particular caution is recommended when your organisation delivers Support Coordination and/or NDIS Financial Plan Management Services as these global privileges will inadvertently give Staff access to these specialist Services as well.
The 'User is a Manager' and 'View Financial Information' privileges, when granted, apply this level of access to the Client records the Staff Member has been granted access to i.e. either all when any global privileges have been granted for 'ALL Services' or based on the 'Sites and services where the staff member works' as outlined below.
For example, if the Staff Member has access to all Clients via the 'Edit Client Records Across ALL Services' and the 'View Financial Information' privilege, they will be able to access every Client record, including the Funding tab where they will be able to add and edit Client Funding records as a result:
If however, the Staff Member only has access to the Day Services @ the Melbourne (HQ) Site at the Site/Service level, as well as the 'View Financial Information' Security privilege, they will only be able to see the Funding tab in the Client records of those who participate in this Service at this Site:
Comprehensive information regarding each of these Security Privileges can be found in the Staff Account Privileges article, linked below for reference, or this video.
Sites and services where this staff member works
This is where access can be set according to the specific areas of the organisation the Staff Member works in. Once entered, additional privileges can also be allocated here, for any Staff with management responsibilities in these areas of the organisation.
Begin by selecting the '+ Add' button in the 'Sites and services where this staff member works' section:
This will allow you to 'Add Site and Service access':
From here the relevant options can be selected as follows:
- Site - required
- Service - required
- From Date - optional
- To Date - optional
- Privileges - as required, details regarding each privilege outlined below
- Team Leader - select if this Staff Member requires the access granted by this privilege, for the selected Site/Service
- Human Resources - select if this Staff Member requires the access granted by this privilege, for the selected Site/Service
- Document Manager - select if this Staff Member requires the access granted by this privilege, for the selected Site/Service
More detailed information is outlined below for each field in the modal.
Begin by selecting the relevant Site from the dropdown list:
Noting this defaults to the first Site for your organisation as configured in System Preferences or that the individual setting up the Staff Account has access to.
N.B. It is only possible to configure Site access in the 'Add Site and Service access' window, and this can no be changed once the Site/Service has been added (a new entry would need to be added if a change is required).
Next, select the relevant Service from the dropdown list. The list of available Services will be those configured as 'Available' for this Site in System Preferences::Sites:
If the Site/Service combination has already been added to this Staff Account a blue notification message will display advising this:
The same Site/Service can be added again if required (for example if access for a different date range was required). The purpose of the notification is to simply alert Staff in case this was an unintended error.
Administration [ALL SERVICES]
Selecting 'Administration [ALL SERVICES]' grants the Staff Member access to all Services delivered at this Site, including specialist services such as Support Coordination and Plan Management, if these Services are available from that Site:
A blue notification message is displayed advising the level of access this Service grants. This also appears in the 'Sites and services where this staff member works section'. The notification message is intuitive and will either include or omit the mention of specialist Services depending on whether they are available from that Site:
Access to multiple Services at the same Site
If this level of access is not appropriate for the Staff Member and they do not require access to all the Services available at that Site, then the relevant individual Services will need to be listed as separate entries, e.g. 'Day Services' and 'In Home' which are both managed from that Site e.g. Melbourne (HQ):
Access to the same Service at multiple Sites
Similarly, if the Staff Member works in the same Service but across multiple Sites, additional entries will need to be added for each Site/Service:
Changing the Site
If a Staff Member moves to working from a different Site, the Site cannot be modified in the 'Sites and services where this staff member works' section. For historical purposes, it is not recommended to delete any records, rather, it is suggested that a To Date should be entered on the existing entry, and a new Site/Service entry added for the relevant Site/Service with the new From Date.
From and To Dates
Generally, these fields are not completed for permanent Staff:
However, the From and To Dates may be added to reflect the period in which a Staff Member is working in a Site/Service if it was for a limited period and the date/s are known e.g. commencing at the Geelong Site in Day Services from the 1st of March, 2021:
The 'To Date', however, can also be added later to the relevant entry when the Staff Member ceases working in a particular Site/Service:
While these fields are optional, entering this information is helpful for several reasons:
- A work history of the Site/Services Staff worked in and the duration for each is logged
- Maintains privacy of Client information, so that Staff can no longer access Client information for specific Site/Services once the 'To Date' entered in their Staff Account for that Site/Service has passed
- N.B. If Staff Members share another Site/Service in common with a Client, they will still be able to access that Client's record
- Assists with Rostering so these Staff Members no longer appear in the 'Service Staff' list in related Activities for this Site/Service, once the To Date has passed
Once a Staff Member leaves your organisation, we recommend following the steps outlined in the Deactivating a Staff Account article (linked below).
Site/Service based privileges
There are three Privileges that can be granted at the Site/Service level as follows:
- Team Leader
- Human Resources
- Document Manager
N.B. these Privileges can also be granted at the Site/Service level once the Site/Service entry has been added:
This privilege should only be granted if the Staff Member requires the following access for the selected Site/Service:
- Ability to see the dashboards of other members of their team i.e. Staff Members that work in the same Site/Service
- Access to the following tabs in the Staff Accounts of Staff Members that work in the same Site/Service: Availability, Training and the Learning Centre Log.
- Ability to filter the Roster for the holistic Site/Service and for Staff Members that work in the same Site/Service
- Ability to see Client Journals that have been marked for 'Team Leaders Only' for Clients that participate in the same Site/Service
- Along with the author, Team Leaders have the ability to edit Client Journals for Clients that participate in the same Site/Service that have been created before they are locked
- Grants the individual access to create, edit and manage Activities delivered for this Service from this Site
- This includes adding Clients to an Activity, updating their Funding Source e.g. to their NDIS Funding and checking the 'No Charge' setting where applicable.
- Perform the Activity Sign Off i.e. approve Activities for that Site/Service; approving NDIS Support Allocations and Staff Timesheet data in readiness for Finance and/or Payroll.
- Accept or reject Organisation Accident Incident Register (AIR) incidents and Opportunities for Improvement (OFI's)
This privilege should only be granted if the Staff Member requires the following access for the selected Site/Service:
- Access to all tabs, other than the 'User Details' tab, in the Staff Accounts of those Staff who work in this Site/Service
- This means they can record and access required personnel information and use the Human Resources functionality within SupportAbility
Please see the Staff Accounts - Human Resources tabs article linked below for more information regarding this
This privilege should only be granted if your organisation is using the Document Management System (DMS) for managing internal policies, procedures and forms etc, and the Staff Member requires the following access for the selected Site/Service:
- They need to be able to upload and manage Documents in the DMS in SupportAbility for this Site/Service
For more information about the Document Management System, please refer to this section of the Additional SupportAbility Features article linked below.
Add the Site/Service
Once the relevant access level has been granted, remember to select the 'Add' button to save the addition and close the modal:
Whether a Staff member works in one or multiple Services, it is important that one of the Services is set as their 'Primary' Service so that it appears as the default selection for them when entering information in SupportAbility.
This is automatically configured for the first Site/Service created, at the time of creation:
When additional Site/Services are added the 'Primary' button can be selected for an alternative Site/Service if required:
When a Site/Service entry is deleted and it was configured as Primary, this must be selected again for the relevant entry.
Configuring the Staff Member's Account details
This section is where the Staff Member's First name and Last name is entered, and other information is displayed such as Timezone, Default State, Primary Site/Service and the SupportAbility ID of the record:
Timezone and Default State
When an organisation operates in one Timezone/State, this setting is already configured when your installation is provisioned and cannot be customised:
However, when an organisation operates across multiple Timezones/States, the 'Timezone' and 'Default State' fields must be updated when creating each Staff Account:
The current 'Date and Time' is displayed next to the Timezone field and updates based on which Timezone is selected.
N.B. In order to be able to modify those fields in each Staff Account, the 'Timezone & State is set' setting will need to be changed to 'For each staff member' in the 'Installation Options' section on the 'Settings' tab in 'System Preferences'. The default setting for this is 'Organisation wide' which locks these fields in Staff Accounts, preventing them from being modified:
Primary Site and Service
The 'Primary Site' and 'Primary Service' fields displayed here are automatically populated, as determined by the Site/Service checked as 'Primary' in the ' Sites and services where this staff member works' section of the Users Details (as outlined above).
Account Details is where your organisation's Shared Security Details are displayed for reference:
The Individual Security Details are also entered here, such as the Staff Member's 'Staff Account Email Address' and 'Username', and the 'Set Password' email is sent or the password is manually configured in order to grant the Staff Member access to SupportAbility:
Staff Account Email Address
The 'Staff Account Email Address' is primarily used for three purposes:
- Sending the Set or Reset Password Link
- When the Staff Member selects 'I forgot my password' on the login page and enters their Username
- Sending bulk communications to Staff
If no email address has been entered, an amber warning will display - Staff Account Email Address is required for Staff to reset their password via the Forgot Your Password link - as shown above.
If an incorrect 'Staff Account Email Address' has been entered, this will result in no email being sent to the Staff Member who will then be unable to reset their Password and access SupportAbility.
Once the 'Staff Account Email Address' has been entered and saved the related amber warning will no longer be visible:
When no 'Staff Account Email Address' has been entered/saved, then the only option is to 'Set the Staff Members Password' manually, rather than being able to send an Email Link (as outlined below):
Ensuring Staff Members' 'Staff Account Email Address' has been entered in all Staff Accounts is also useful for the purpose of emailing all Staff members in a list of results, generated from the Staff Accounts Search:
More information about this bulk email feature is outlined in the Staff Account Search article and Sending Bulk Communications - Staff article, both linked below.
A Username is required before a Password may be set:
Once a Username has been entered, select the 'Set Password' button:
Two methods are available to do so, either 'Send Password Link', or 'Set Password' manually, both outlined further below.
Send Password Link
When 'Send Password Link' is selected, a Reset Password link is emailed to the 'Staff Account Email Address' entered for the Staff Member by selecting 'Confirm' (as above). It is important to note that this link will expire in 3 days from the point it was sent.
Once confirmed, a date and time stamp appears to indicate when this was last sent:
Reset Password Link email
The Staff Member will receive an email from SupportAbility on behalf of your organisation. This email contains:
- details about your organisation's Shared Username and Password, which is the first level of security required before entering or updating your individual password
- a Reset Password link, and
- details of the System Administrator to contact if you experience any ongoing issues.
Select 'Reset Password' to navigate to SupportAbility to do so.
N.B. Instead of 'All Star Provider ' it will state your organisation name as configured in the Installation Options section of System Preferences as outlined above.
N.B. Instead of 'Compliance Team' details, your System Administrator as configured in the Installation Options section of System Preferences (as outlined above) will be displayed.
Please note that if the Staff Member has not logged into SupportAbility before, they will be prompted to enter your organisations Shared Username and Password as the first level of Security:
N.B. The prompt to enter the Shared Username and Password will look different, depending on the web browser being used to access SupportAbility, the above example is using the Safari web browser.
As mentioned above, the Shared Username and Password information is included in the Password Link Email. This is also displayed in the User Details tab of the Staff Account e.g:
The Staff Member can also see this information in their 'My Staff Account' section of SupportAbility.
Once entered, the Staff Member may choose to set the browser to 'Remember this password' so they do not have to enter this each time they log in to SupportAbility e.g:
It is important to note that whilst they may set this to remember upon initial Log In, if they log into SupportAbility from a different machine or web browser, they will be prompted to enter this again.
Once the Shared Username and Password have been entered successfully (as required), the Username as configured is displayed and the Staff Member will be prompted to enter a password based on your organisation's requirements, noting that if Password Strength Management has not been configured from the default, the minimum requirements as mentioned above will be listed here:
Once the password has been updated a successful confirmation will appear:
Set Password manually
When Set/Reset Password manually is selected, this allows you to enter a temporary password for the Staff Member, and select whether or not to prompt them to update their password upon next log in:
To do this, enter a password that meets your organisation's requirements, noting that you will need to provide this temporary password manually to the Staff Member, to ensure they can log in:
Once entered a confirmation message will be displayed:
If the Staff Member is prompted to change their password to something more secure upon logging in with the temporary password i.e. 'Force password reset on next log in' is selected; once the temporary password has been entered successfully, this will be required:
Force password reset on next log in
Whilst 'Force password reset on next log in' can be deselected, the only time we recommend doing so, is if you believe a Staff Members Account security has been compromised. Therefore, whoever may be logging into the Staff Members Account will no longer be able to gain access using the previous password.
Multi-Factor Authentication (MFA)
By default, Multi-Factor Authentication (MFA) is deactivated for all users:
If an organisation chooses to use Multi-Factor Authentication as part of the log-in process, after MFA has been configured in System Preferences, each Staff Member will need to activate MFA individually in their Staff Account.
When MFA is configured as 'Optional' Staff will have the option to activate MFA from 'My Staff Account', which is accessed via the Dashboard.
Selecting the 'Activate' button in the 'Individual Security Details' section will commence the process for activating MFA:
Information on completing the Activation steps is outlined in the How to activate Multi-Factor Authentication (MFA) for your Staff Account article linked below for reference.
When MFA is configured as 'Enforced' Staff Members who have not yet activated MFA will be required to do so when next logging into SupportAbility:
Information on logging into SupportAbility with MFA activated is outlined in the How to log in to SupportAbility once Multi-Factor Authentication (MFA) has been activated in your Staff Account article linked below for reference.