User management: Overview

You use the User management view to organize users and their respective roles and privileges. User settings determine what users can do within Kofax AP Essentials. For example, an Admin can change systems settings, whereas a User can only process invoices. User settings, roles and privileges can also be accessed from the API to create robust user authentication integrations with external systems.

Click to enlarge


A user is a person that logs on to Kofax AP Essentials to utilize its services. You can view and edit existing users on the Users view and add new users to the system.

When you add a user to an account, the user has access to the customers and invoices of that account. For example, a service-bureau employee who handles invoices for several accounts should be associated with all the accounts he handles. A customer, however, should only be associated with his own company, so he can only validate his own invoices.

When you add a user to a customer, the user has access to the invoices of that customer.

When a customer administrator logs in to Kofax AP Essentials for the first time after creating a customer, the terms of service are displayed. A customer administrator can agree to the terms on behalf of all users in the organization. The terms of service must be accepted in order to use Kofax AP Essentials.


A group is a collection of users that all have the same privileges and buyers (if any). Groups make it easier to organize and maintain users and privileges. For example, if you create a group for Office users that contains several privileges, the next time you create a new Office user, you simply add the user to the group, instead of assigning all the individual privileges. You can also assign customers to groups created on the partner level.


Users can have one or more roles which determine what tasks they can perform in the system. Each role can contain one or more privileges. You can use roles to organize privileges into logical groups which make it easier to assign them to users. The Admin and User roles are internal roles that cannot be removed or changed.

  • Admin - Administrators who manage accounts, users and settings in Admin Center. The Admin user must have the Manage accounts privilege in order to change settings. Without this privilege, administrators can access the Admin Center, but they cannot edit settings.
  • User - Users who process invoices and only has access to Kofax AP Essentials Office.

If you create a user with the User role on the account level, the user can log into Kofax AP Essentials Office with access to multiple customers. This is beneficial if you want to give users the ability process invoices for multiple customers, but you do not want them to have administrative privileges. Typically, service bureaus, which process invoices on behalf of many customers, create this type of user on the account level, so personnel can easily check and correct invoices for multiple customers. You can also specify which customers the user has access to on the Customers tab in the Users view.


Privileges determine what actions users can perform and what areas they have access to. For example, the Access UPLOAD privilege grants access to the upload view, Access VERIFY grants access to the document view and so on.

Some privileges are associated with a specific service. For example, the Access STORAGE privilege is only available when the Storage service is enabled. If you disable a service that has a privilege associated with it, the privilege is removed from all users that have that privilege. A warning is displayed before any privileges are removed.

Administrators cannot grant or remove privileges that they do not have themselves. For example, if an administrator wants to grant the Manage accounts privilege to another user, the administrator must have the Manage accounts privilege himself. Likewise, if an administrator wants to remove the Manage accounts privilege from another user, the administrator must have the Manage accounts privilege himself.

Viewing bank account numbers

Kofax AP Essentials uses privileges to determine who can view and edit bank account numbers. Administrators with the View supplier bank account numbers privilege can view supplier bank account numbers in Admin Center and Office. Without this privilege, account numbers are masked to Admin users. Extracted account numbers are visible inside Analytics regardless of privileges.

Office users (with the User role) can always view bank account numbers because it is a necessary function of processing invoices.