Managing Users, Roles and Permissions
Updated at February 17th, 2025
Table of Contents
User Management gives administrators the ability to add, edit, clone, deactivate and re-activate users. You can also edit roles/permissions. Lastly, you can download a list of users for auditing purposes and view the User Activity Log.
Figure 162 - User Management
Filters at the top allow you to filter users by practice(s), role(s) or status. The default shows only Active users and is sorted by Username. You can also type any criteria into the Search field, and it will automatically filter for users that match your criteria.
The listing of users includes the following columns:
- First Name
- Last Name
- Username
- Role
- Status
- Actions
The Bulk Edit feature lets you deactivate multiple users or send welcome emails at once. NOTE: When sending welcome email, each user will be forced to reset password upon receiving the welcome email.
Figure 164 - Bulk Edit
Both Send Welcome Email and Deactivate Users will confirm the user wants to perform this action to prevent accidentally deactivating or sending a welcome email to too many users.
Figure 163 - Deactivate Users Confirmation
The Download feature, lets you export the user list to CSV for audits. To add a new user, press Add New User. To edit a user, click the pencil icon next to the user.
Add New User
The Add New User dialog prompts you for the basic information on a new user including first and last name, email, mobile number, username, role, password, practice and reports. We require that each username be unique. You should also make the username unique across all environments (Prod, UAT, Demo, etc.) so that Okta single sign-on works properly.
The admin can assign a default password or choose to have the user create their own password on their first login. Additionally, if the admin wants the user to receive a welcome email with a link to PatientPay Admin, they can check this box. Otherwise, no notification is sent to the user upon account creation.
NOTE: The password must be at least 8 characters and contain at least one special character or digit.
Figure 165 - Add New User
If “Allow user to create own password” is checked, the first time they login to PatientPay, they will be prompted to create a password per our policy.
Figure 166 - New User Password Creation
NOTE: Any new user will remain in status Inactive until they login for the first time.
Edit User
By clicking the pencil icon next to a user, you can edit the user’s details. Press Save to commit your changes or Cancel to dismiss the dialog and abandon your changes. If the admin wants to send the user a welcome email to give them an easy way to login after account creation, they can check “Send welcome email” and press Save.
Figure 167 - Edit User
Clone User
You can use the Clone User button to clone an existing user and avoid user errors with configuring the Practices and Reports. You are required to enter a unique First Name, Last Name, Email, Username and Password before pressing Save.
Figure 168 - Clone User
Activate / Deactivate User
To disable a user from logging into the system, you can edit the user using the pencil icon and choose the Deactivate User button. If you ever want to re-activate them, choose the Activate User button. The user will receive a “Welcome to PatientPay” email with their PatientPay username and a link to activate their account. Our system will consider them Inactive/deactivated until they click that invitation and set up a password.
Figure 169 - Okta SSO Welcome Email
Managing Roles/Permissions
Users with the PatientPay System Administrator role can edit the roles/permissions including adding custom roles. This can be helpful in situations where user requirements are unique and outside the three default system roles: PatientPay System Administrator, Practice Administrator and Practice User. To edit roles/permissions, choose the Roles button from the main screen.
Figure 170 - Role Management
NOTE: Users are not permitted to edit the permissions of the PatientPay System Administrator role or give any role the Configuration permission.
The user has the following options on this screen:
Add New Role
This will create a new role. The role is given a default name but you are encouraged to give it a more descriptive name. Simple check off the desired permissions and press Save.
Clone Role
This will clone the existing roles permissions and create a new role. This is helpful if you want to customize one of the existing roles with unique permissions. The role is given a default name but you are encouraged to give it a more descriptive name. Simple check off the desired permissions and press Save.
Delete
Choose this option if you wish to delete a custom role. Ensure that no users are assigned to this role before deleting.
Save
Choose this option to save changes to your role.
Permissions
The following represents the available permissions for custom roles and their purpose:
| Permission | Description |
| Search | Can view/access Search menu |
| Analytics | Can view/access Analytics menu |
| Create Payment | Can view/access Create Payment menu |
| Cash Register | Can view/access Cash Register menu |
| User Management | Can view/access User Management menu |
| Configuration | Can view/access Configuration menu |
| Reports | Can view/access Reports menu |
| Bill Payments | Can access Bill Payments function |
| Now Payments | Can access Now Payments function |
| Insurance Payments | Can access Insurance Payments function |
| Subscriptions | Can access Subscriptions function |
| Partial payments | Can issue partial payments |
| Voids/refunds | Can issue voids/refunds |
| Partial refunds | Can issue partial refunds |
| Payment Plan Custom Installments | Can customize payment plans |
| Download Statement | Can download statement JSON |
| View SMS Responses | Can view SMS responses from patients |
| Security System Admin | Can create System Admin roles |
| Security Practice Admin | Can create Practice Admin roles |
| Security Practice User | Can create Practice User roles |
| Security Manage Roles | Can access Role Management |
System Default Roles
Below is a breakdown of the permissions available to each system role:
| Permission | System Admin | Practice Admin | Practice User |
| Search | X | X | X |
| Analytics | X | ||
| Create Payment | X | X | X |
| Cash Register | X | X | X |
| User Management | X | X | |
| Configuration | X | ||
| Reports | X | X | X |
| Bill payments | X | X | X |
| Now payments | X | X | X |
| Insurance payments | X | X | X |
| Subscriptions | X | X | X |
| Partial payments | X | X | |
| Voids/refunds | X | X | |
| Partial refunds | X | X | |
| Payment Plan Custom Installments | X | X | |
| Download Statement | X | ||
| View SMS Responses | X | X | X |
| Add/Edit users of role System Admin | X | ||
| Add/Edit users of role Practice Admin | X | X | |
| Add/Edit users of role Practice User | X | X | |
| Add/Edit roles | X |
PatientPay System Administrator
The System Administrator has all rights in PatientPay including:
- Can create additional user roles
- Can add additional System Administrators, Practice Administrators and Practice Users
- Can access Configuration to manage system configuration settings
- Can access all reports and Analytics
- Can access Download Statement(s) on Bill Detail
- Can complete patient transactions for any practice
Practice Administrator
Practice Administrators are given higher levels of access to specific practices:
- Can add additional admins and users to their practices
- Can deactivate other admins and users in their practices
- Can update User Management details such as username, password, role, reports, etc.
- Can look up transactions and complete refunds for patients that belong to their practices
- Can complete patient transactions including partial payments for patients belonging to their practices
- Report access is granted in User Management
Practice User
Practice Users are given basic levels of access to specific practices:
- Can complete patient transactions for their practice(s), including partial payments
- Can look up transactions for their practice(s), but are unable to issue refunds
- Cannot access Configuration
- Cannot access User Management
- Can only update their own user details under My Account
-
Can only view reports as assigned in User Management
Download User List
It is often helpful to export the user list for SOX audits that require evidence of access controls. The Download feature on the main user listing provides easy access to a CSV export of the users in your profile. For example, Practice Admins will only be able to export users that belong to their practice(s). To export your user list to CSV, simply select Download and CSV from the menu.
NOTE: The Download operation can take a few seconds to load so give it some time before the CSV will automatically download to your browser.
The downloaded file will be a comma-delimited (CSV) file with a header record in the first row containing the following columns:
- First Name
- Last Name
- Username
- Role
- Practices
- Reports
- Status
The Practices and Reports values will represent a pipe-delimited list of the practice and report names in the user’s profile. PatientPay System Administrators will have their Practices and Reports values blank representing all. The Status column will have a value of Active or Inactive depending on the status of the user account. All values will be enclosed in double quotes to preserve spacing and special characters. It may be helpful to load the CSV into a common application like Microsoft Excel or Google Sheets for easier viewing.