Each of the policy users and domain members can be assigned to roles based on what access level they need to have. The bulk of users will only be Employee users in the People section of the Policy Editor or Domain Members in Domain Control.

Covered in this article:

Additional articles covered elsewhere:

Policy Users

Policy Users are found and managed in Admin > [Policy Name] > People. These will include any employees on the policy, as well as their roles. 

You can assign auditors and administrators here, as well as set up approvers. 

Employee

This role has no ability to change the policy settings nor invite new users to the policy. Members in this role will only see their own reports and any reports submitted to or shared with them.

  • Employees should be in this role only, in an ideal setup.
  • Approvers can be in this role or they can also be Administrators depending on the level of control they should be allowed.

Policy Auditor

This role is a view and comment only role.  

Who would be most suitable for this role?

  • Accountants that have no part in the reimbursement process 
  • Bookkeepers
  • Internal or External Auditor Agents 
  • Anyone else who may need view-only permissions but should not be making policy changes

What can a Policy Auditor do?

  • Has visibility of all reports connected to the policy and will be able to make comments on them
  • Can export to an export template, but cannot export to a directly connected accounting system
  • Cannot edit policy settings. 

Are auditors billable users?

  • Yes, Auditors are still billable users and will still incur a billing charge if they take any report activity (creating, submitting, approving, rejecting, retracting, or exporting a report) during any given month. 
  • Viewing or commenting on a report, however, is not billable activity.

Policy Admins

This role has total control over the policy settings. 

What can a Policy Admin do?

Other notes about this role:

  • Approvers can be Admin or Employee users depending on the level of control they should be assigned.
  • Policy Owners are Admins by default.
  • Authorized Admins are any user that is assigned by the owner or another admin to be a policy admin.

Are Admins billable users?

  • Yes, Admins are billable users and will still incur a billing charge if they take any report activity (creating, submitting, approving, rejecting, retracting, or exporting a report) during any given month. 
  • Viewing or commenting on a report, however, is not billable activity.

Domain Users

Domain Users are found and managed in Admin > Domain Control > [Domain Name] > Domain Members

Domain Members

A Domain Member is literally anyone with an Expensify account using a a domain that is under  Domain Control

  • If you have Domain Control enabled for your domain, an account will be created automatically in the Domain Members list. You do not need to invite users through this page. 
  • These members can be broken down into groups. The most popular groups are simply Employees and Managers. However, you can have many more groups with any title. The different groups allow you to designate different domain rules to each group type.
  • Employee Group is the group you want to assign your employees to. This group by default has no access to edit domain control settings. This group can be restricted to very specific policy access so they cannot accidentally submit reports on the incorrect policy.
  • Manager Group is the group you can put report approvers into if they need to be governed by different domain rules than the Employee Group. This group can be restricted or not be restricted to specific policy access.

Domain Admins

This role has total control over the domain settings. Users in this role can change member group names and rules, add or change company card feeds, add or delete domain members and other admins, run analytic reports, and enable or disable SAML.

  • The Domain Owner is the only role that can delete the domain. This role is by default a domain admin.
  • Authorized Domain Admins are users appointed by a Domain Owner or Admin. These users cannot delete the Domain Owner, nor delete the domain.

Still looking for answers? Search our Community for more answers!

Did this answer your question?