Users, Groups & Roles


  • In Users tab you create, and maintain the users of the system. These may be licensed users (allowed to log on) or unlicensed users (allowed to have report subscriptions and other limited features).
  • The Groups tab provides an optional way of creating user groups. In most configurations this is not needed.
  • Roles is where Roles and role assignments is set up. This is normally only necessary for the limited number of users belonging to the following two default roles:
    • Administrators which is the list of users that should have Administrative access to the system.
    • FullAccess which are the users (typically finance department and upper management) that should have unlimited access to all figures in the system.
    • For all other users that should have limited access to data as per their organizational role/ position access is defined through the Organization & Workflow hierarchy and assignments.
  • Security Contacts is where you set up the contact points in your organization to be used for certain security related matters as described.


As an Admin, you will be able to switch between users and see what they see when they login. To do that go to the upper right corner and choose switch user.


    1. Click on Users → In Users tab, New User
    2. Fill up info. for the new user
    3. Click on Create User button
    4. Setup this user in User Settings → Save
    1. Click on Roles tab
    2. Single click to select the role you want to add the user
    3. In Members tab, click on Add Members button
    4. Tick the user you want to add into this role
    5. Click on Apply then Save
  1. Add the user to organization tree for proper data access:
    1. Organization & Workflow → Organization Tree → select the proper Process/Organization Hierarchy/Workflow
    2. Select the proper position for this user
    3. In Organization Position tab → select the new user for Position held by or Delegate
    4. Apply change.
  2. Deploy users & roles:
    1. top right corner, click on small arrow next to the login user
    2. click on Deploy
    3. select Users and Roles
    4. Start Deploy
  3. Login in Web and Excel according to the email that the user gets from EFP system with UID and password.
    Example:


Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in: external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.

This can be activated for each installation in Epicor Financial Planner to get single sign on and two factor authentication through Azure AD authentication setup.


  • Users from organizations with Azure AD can login with their MS accounts (for example penny@abc.com) ;
  • pcPortal tries to find user penny@abc.com in our DB ;
  • If user has been found and it is valid (enabled, licensed) then do login with this pcPortal user ;
  • If not found then we retrieve domain name from her login name (penny@abc.com) which is ABC and search for instance where we need to create this user in pcPortal by instance domain name settings. Once we found corresponding instance - we do create new user in pcPortal with name (penny@abc.com) and defined defaults, then do login to pcPortal with this new user ;
  • With enabled Azure AD login, it is possible to turn off login by password ;
  • First time login with Azure AD, user will be asked to grant permission to Sign in and Read profile for pcPortal application ;
  • After successful login with MS account, user will be redirected to pcPortal for verification of provided Token ; and finding matching user in pcPortal by username for login ;
  • There should also be a new separate group created where all new users are added. It could be a new Group to track newly created users.





If you would like any of these security settings to be enabled on your account, please contact Support.

  • Account lockout for blocking the user after predefined number of invalid attempts of authentication (5 times).
  • The passwords are randomly generated for users and not shared with administrator but directly sent to end users' corporate email..
  • Support features for setting password history (last five passwords shall not be used) and password expiry period (90 days).
  • Password recovery by email (username). And username is always corporate email.
  • Application supports idle session timeout of 15 minutes. Users have to re-login after 15 mins idle session.


  • v2/admin/ug.txt
  • Last modified: 2022/02/02 10:45
  • by pcevli