The P11D Organiser has a 'Admin' user account that allows you to add, remove and manage users within the system. The user ADMIN function can be accessed in two ways:
1. From the P11D Organiser login screen.
From the P11D Organiser login screen, over type/replace the displayed User name with “ADMIN” (see below):
The Admin user password is set initially with a password provided to you by your software support provider. It will be necessary for a person within your own organisation to be designated "in charge" of the system’s ADMIN account - This can be by keeping safe the password for the Admin User or by adding the role to their own login credentials (see below).
2. From within the software File menu - If you have added User Administration to your own login credentials, you can select '6 - User Administrator' option from the File menu.
Note:The ADMIN account only allows management of the users and security; it cannot be used to interact with the Employee and P11D benefit data.
Password Makeup and Security
Under the Security Tab on the Admin user account, you can set the global security settings for every user you manage. This can include elements like number of password retries before locking them out and the password makeup, which can be very simple or you can enforce Mixed Case, Numeric and Special Characters to be used (or any combination) if you wish. To make sure all users adhere to this you need to check the Save As Global Security Settings when editing these details and ensure all users that have been/are created have the Use Global Security Settings checked also.
Having logged into the system with the "ADMIN" account a list of existing system users is displayed. This main system user screen allows the user records to be added, edited or deleted.
Adding new users
Using the "Add" button from the System Users tab, enter a user name email address for the new user account. The "Notes" field is not a mandatory field.
Force password change - An option to make users change the initial password set for them at next logon can be used if required - select/tick the checkbox to apply.
HMRC Filing - The ability to assign HMRC Filing access to the user can be made from the details tab - select/tick the checkbox to apply (can also be set using the "Roles" tab)
User Administrator - The ability to assign user admin access can be made from the details tab - select/tick the checkbox to apply (can also be set using the "Roles" tab)
System Administrator - The ability to assign System Admin access can be made from the details tab - select/tick the checkbox to apply (can also be set using the "Roles" tab)
Software Update - This gives the user the ability to update the software.
Once your selections have been made for the user, click OK and you will be asked to set an initial password for the user (which can be changed by the user on first use). The Password makeup needs to reflect the security profile set by Admin.
Having completed the "Details" tab, selecting the "Security" tab allows you to to make additional security settings. Here you can chose to check/uncheck the "User must change password at next logon" option to either allow the user to set their own password on first use, or keep the password that has already been created for them.
The default password age is 180 days and can be changed to fit with your own company policy. You can also set password length, reset password reminder days, how many times users can try to log in with an incorrect password etc.
Additional security features and parameters can be accessed and set by un-checking the "Use Global Security Settings" These include:-
Security - Turn On/Off the security feature for the selected account. i.e. The user account settings for account expiry etc. will not be applied to this account.
Password History - Turn On/Off the storing of password previously used i.e if turned off the user can use a previously used password without a system prompt.
Password Log Entries - The maximum number of passwords to be saved against the user account
Show last login on login - Displays a date & time for the last time the user logged into the P11D Organiser system.
Number of Retries - To set the number of failed attempts before the user is then locked out of the system.
Reminder Days - Sets the number of days that the user will be prompted to change their password
Password Life - Sets the number of days for use of the current password
Password minimum Length - Setting for the number of characters contained in the password used
User has been locked out - Checkbox to display that a user has been locked out either by choice as a manual setting by the Admin, or because the user tried to log in incorrectly a greater number of times than is set.
User must change password at next logon - An option to make users change the initial password set for them at next logon can be used if required - select/tick the checkbox to apply.
Next password Change - a date setting of the next password change (default setting is the date for 180 days from first use)
Use Global Security Settings - Check/uncheck to apply the system defaults for security settings.
By default, the user’s Roles are set to access and use the P11D Organiser only (Role 1. P11D Organiser) This default setting does not include the additional system functionality that may be required to submit end of year FBI or mid-year P46 Car returns to the Government Gateway. You can enable these "Roles" for a person who manages the Filing By Internet submission for the company or who is allowed to backup/restore data in the system, or manages a user's logins and privileges etc.
You can edit allocated ‘roles’ as required – those in the top of the list are selected, those at the bottom are available. To move items from available to active, just double click on the role and it will move to the appropriate area. A typical P11D Organiser user will have roles 1, 4 and 5 selected - (These are typically set on the Details Tab).
The ‘roles’ available to set per user are:
- P11D Organiser – normal user of the system
- Print Only – further info later in this guide - "restricted user accounts"
- Modify Only – further info later in this guide - "restricted user accounts"
- HMRC Filing – Ability to access the file menu and make HMRC for P11D EOY and P46(car) submissions
- System Administrator – Admin features such as data backup & restore etc.
- Software Update - Gives the user the ability to update the P11D sofware
- User Administrator – User admin (managing user accounts/roles/passwords etc)
User Locked out
Below is an example of the display when a user has been locked out (e.g. 3 failed attempts with an incorrect password) The ADMIN account can unlock a locked user account by clicking on the “Unlock” button
User passwords can also be reset by editing a user record and un-tick the “User has been locked out” flag.
Logged In users
The screenshot below shows an example where 2 users are currently "logged in" to the system (1 user and the Administrator).
Currently logged in sessions can be logged off, or specific users can be locked out if necessary.
Restricted User Accounts
The user account screen below displays an account that has been set to a restricted role to only allow “Search payroll and reprint benefits”. Using this restricted role, users can search by payroll number and only print a P11D benefits statement for a single employee .
Here is a screenshot of a person who is restricted to “Search payroll and modify benefits”. The user can search by payroll number but can actually modify a person’s benefit. The user is restricted on being able to access any other areas of the system so as to not be able to make global company wide adjustments etc.