User management: Overview

The User management view organizes users and their respective roles and privileges. User settings determine what users can do within Kofax AP Essentials. For example, an Admin can change systems settings, whereas a User can only process documents. User settings, roles and privileges can also be accessed from the API to create robust user authentication integrations with external systems.

Click to enlarge


A user is a person that logs in to Kofax AP Essentials to utilize its services. Administrators can add new users to the system and view and edit existing users on the Users view.

When you add a user to an account, the user has access to the customers and documents of that account. For example, a service-bureau employee who handles documents for several accounts should be associated with all the accounts he handles. Customers, however, should only be associated with their own companies, so they can only validate their own documents.

When a customer administrator logs in to Kofax AP Essentials for the first time after creating a customer, the terms of service are displayed. A customer administrator can agree to the terms on behalf of all users in the organization. The terms of service must be accepted in order to use Kofax AP Essentials.

User groups

A user group is a collection of users that all have the same privileges and access to the same buyers or sellers (if any). User groups make it easier to organize and maintain users and privileges. For example, if you create a group for Office users that contains several privileges, the next time you create a new Office user, you simply add the user to the group, instead of assigning all the individual privileges. You can also assign user groups to workflow steps, if you use the Workflow service.

Currently, user groups on the partner group and customer group levels do not support approval hierarchies. Do not select Use approval hierarchy on a workflow step that is assigned to a user group on the partner group or customer group level.

Administrators can create user groups on partner accounts, customer accounts, and customer groups.


Users can have one or more roles which determine what tasks they can perform in the system. Each role can contain one or more privileges. You can use roles to organize privileges into logical groups which make it easier to assign them to users. The Admin and User roles are internal roles that cannot be removed or changed.

  • Admin - Administrators who manage accounts, users and settings in Admin Center. The Admin user must have the Manage accounts privilege in order to change settings. Without this privilege, administrators can access the Admin Center, but they cannot edit settings.
  • User - Users who process documents and only has access to Kofax AP Essentials Office.

If you create a user with the User role on the partner account level, the user can log into Kofax AP Essentials Office with access to multiple customers. This is beneficial if you want to give users the ability process documents for multiple customers, but you do not want them to have administrative privileges. Typically, service bureaus, which process documents on behalf of many customers, create this type of user on the partner account level, so personnel can easily check and correct documents for multiple customers. You can also specify which customers the user has access to on the Customer account access tab tab in the Users view.


Privileges determine what actions users can perform and what areas they have access to. For example, the Access UPLOAD privilege grants access to the upload view, Access VERIFY grants access to the document view and so on.

Some privileges are associated with a specific service. For example, the Access STORAGE privilege is only available when the Storage service is enabled. If you disable a service that has a privilege associated with it, the privilege is removed from all users that have that privilege. A warning is displayed before any privileges are removed.

Administrators cannot grant or remove privileges that they do not have themselves. For example, if an administrator wants to grant the Manage accounts privilege to another user, the administrator must also have the Manage accounts privilege. Likewise, if an administrator wants to remove the Manage accounts privilege from another user, the administrator must have the Manage accounts privilege.

Viewing bank account numbers

Kofax AP Essentials uses privileges to determine who can view and edit bank account numbers. Administrators with the View supplier bank account numbers privilege can view supplier bank account numbers in Admin Center and Office. Without this privilege, account numbers are masked to Admin users. Extracted account numbers are visible inside Analytics regardless of privileges.

Office users (with the User role) can always view bank account numbers because it is a necessary function of processing documents.