Create Domain-Settings-Overview.md #28887
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is my PR for my help article to be added to the new site.
|
@abdulrahuman5196 Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button] |
sophiepintoraetz
requested review from
rushatgabhane
and removed request for
abdulrahuman5196
rushatgabhane
suggested changes
Oct 11, 2023
There was a problem hiding this comment.
replace the file with the following to remove comments
---
title: The title of the post, page, or document
description: Want to gain greater control over your company settings in Expensify? Read on to find out more about our Domains feature and how it can help you save time and effort when managing your company expenses.
---
# Overview
Domains is a feature in Expensify that allows admins to have more nuanced control over a specific Expensify activity, as well as providing a bird’s eye view of company card expenditure. Think of it as your command center for things like managing user account access, enforcing stricter Workspace rules for certain groups, or issuing cards and reconciling statements.
There are several settings within Domains that you can configure so that you have more control and visibility into your organization’s settings. Those features are:
- Company Cards
- Domain Admins
- Domain Members
- Two-Factor Authentication
- Domain Groups
- Domain Group Settings
- Reporting Tools
- SAML
There are two ways to use Domains – as an unverified domain or a verified domain. An unverified domain allows you to import Company Cards and manage them, whereas a verified domain allows you to do that in addition to:
1. Receive vendor bills in Expensify
2. Fine-tune user restrictions using domain Groups
3. Configure SAML SSO for easier login to Expensify
4. Set vacation delegates for your domain members
5. Use consolidated domain billing
# How to claim a domain
To use the domains feature with an unverified domain, you’ll need to claim the domain first.
To claim a domain, you need to be a Workspace Admin with a company email address. This allows you to manage company bills, company cards, and reconciliation. Claiming requires an email matching your company's domain.
1. Create an Expensify account
2. Set up an expense Workspace
3. Go to **Settings > _Domains_**.
Whichever member runs through those steps will automatically be made a Domain Admin.
# How to verify a domain
To use the domains feature with a verified domain, you’ll want to go through the steps of verifying it.
To verify domain ownership, follow these steps:
1. Log in to your DNS service provider, which could be your Domain Name Registrar like NameCheap or GoDaddy, a dedicated DNS service provider like DNSMadeEasy or Amazon Route53, or managed internally by your company's IT department.
2. Find the page for editing DNS records for expensify.com. This might be labeled as DNS Management or Zone File Editor.
3. Add a new TXT record and set the value as: **532F6180D8**
4. Save your changes
5. Click the Verify button to confirm domain ownership
After successful verification, you can remove the TXT DNS record. Please note that an email will be sent to all Expensify users on the domain to inform them that their accounts will be under Domain Control after verification.
**Tips:**
Not sure how to do this? Check the below guides from some of the most popular hosts on the web:
[123-reg.co.uk](https://www.123-reg.co.uk/)
[One.com](https://www.one.com/en/)
[Wix.com](https://www.wix.com/)
Google/GSuite
[Godaddy](https://www.godaddy.com/)
When creating the TXT record, input only the code and no other values or information.
You can always confirm if you added the TXT code correctly here: https://viewdns.info/dnsrecord/?domain=[enterdomainhere]
# Domain settings
## Domain Admins
Domain Admins have full authority over domain settings. They can modify member group names and rules, link or modify Company Cards, and add or remove domain members and other admins.
### Adding a Domain Admin
1. Head to **Settings > Domains > [Domain Name] > Domain Admins**
2. In the "Email or Phone" field, type in the email address of the person you want to make a Domain Admin (this can be any email not specifically tied to the domain)
3. Click "Add Admin"
### Removing a Domain Admin:
1. If you're already a Domain Admin, go to **Settings > Domains > [Domain Name] > Domain Admins**
2. Locate the list of Domain Admins and find the one you want to remove
3. Next to the Domain Admin's name, click the red trash can icon. This will remove that person from the Domain Admin role
## Domain Members
A domain member is a user associated with a specific domain (usually a company or another group) in Expensify and typically managed by a Domain Admin. This is also where you can enable Two-Factor authentication for your domain.
### Adding users to the domain
When a Domain Admin adds a user to the domain, that will create a new Expensify account for that user, and they'll receive invitations to set up their account. Users can also join a verified domain by creating their own account, as long as they have an email address associated with that domain (e.g. yourname@yourcompany.com). Once they have verified the account, all Domain Admins will be notified, and the employee will be added to the Default Group.
**Important Note:** If someone who isn't a Domain Admin invites a user to a Workspace before they're invited to the domain, their account will be created, but in a closed state. A closed state means that the account cannot be used until it has been validated. Once the Domain Admin has invited the user, the user will receive a magic link to verify their account, sign in, and open the account completely.
### How to add users
1. In your web account, go to **Settings > Domains > [Domain Name] > Domain Admins**
2. In the email field, enter the user you want to invite. This will create their Expensify account and send them an invitation
### Removing users from the Domain
Removing a user means taking them out of your domain and closing their Expensify account completely if they don't have another login. Be cautious because closing an account is permanent and deletes any unsubmitted or processing reports.
### How to remove users
In your web account, go to **Settings > Domains > [Domain Name] > Domain Admins**
Check the box next to the employee's name you want to remove, then click “Close Accounts”.
### Important notes about closing accounts through Domain settings:
If a user has a [Secondary Login](link) linked to their Expensify account, they can still access their account after it's closed in the domain. This is helpful for accessing financial data, like tax-related receipts.
Closing an account through the domain permanently removes any unsubmitted receipts/reports. Make sure to approve or reimburse all employee reports before closing an account.
If an employee doesn't have a Secondary Login, they'll be automatically removed from the group Workspace. If they have a Secondary Login, it will continue to be associated with the group Workspace.
## Domain Groups
Domain Groups can be accessed if you have verified your domain. Groups are used to set rules or permissions for groups of users so you can enforce multiple different expense workspaces and rules. If you are a Domain Admin, you can create and edit Domain Groups under **Settings > Domains > _Domain Name_ > Groups**.
### Creating Domain Groups
1. In your Expensify account on the web, navigate to **Settings > Domains > _Domain Name_ > Groups**
2. Select “Create Group” to create the group. This will allow you to name the Group, as well as configure permissions that will apply to members of the Group.
### Adding members to a Domain Group
1. In your Expensify account on the web, navigate to **Settings > Domains > [Domain Name] > Domain Members**
2. Select the checkbox next to the domain members you wish to add to the Domain Group
3. Select “Add to Group” to select the Group you wish to add them to
### Editing Domain Groups
1. In your Expensify account on the web, navigate to **Settings > Domains > _Domain Name_ > Groups**
2. Next to the Group you wish to edit, select “Edit”
3. This will open the Edit Permission Group pane, where you can edit the rules and permissions for that group
4. Make your edits and click “Save”
## Domain Group settings
These are the settings that can be customized for each group you have created. Typically, companies use two groups (Employees and Managers) and enforce stricter rules for Employees. The settings are:
- Strict Workspace Enforcement: When enabled, all Workspace rules must be followed for a report to be submitted. If a rule is violated, the report can't be submitted until the issue is fixed. Employees can't bypass this by dismissing notifications.
- Login Restrictions: Enabling this prevents users from using non-company email addresses as their primary login. Secondary logins are still allowed.
- Workspace Creation and Removal Restrictions: This feature stops users from creating new group workspaces or unsubscribing from existing workspaces. Admins who need these abilities should be in a separate group with this restriction turned off.
- Preferred Workspace: When enabled, group members can only create reports under one designated Workspace. They can move a report to a different Workspace or their personal one later if needed. This helps keep personal and company expenses separate. If a company card uses a specific Workspace, this setting overrides it for more control over company card expenses.
- Setting a Preferred Workspace: If Preferred Workspace is on, you can choose a default group Workspace for all Group Members.
## SAML
To enable SAML SSO in Expensify you will first need to claim and verify your domain. Once you have a verified domain, you can access SAML SSO by navigating to **Settings > Domains > _Domain Name_ > SAML**
## Enable Two-Factor Authentication (2FA)
1. As a Domain Admin, head to: **Settings > Domains > _Your Domain Name_ > Domain Members**
2. Turn on Two Factor Authentication by toggling it to ENABLED
3. Any Domain members that do not have two-factor authentication enabled will be asked to set it up on their Home page when they next log in, and won't be able to use Expensify until they do.
4. To turn it off, simply toggle it off and refresh the page.
**Tips:**
- When using SAML, two-factor authentication cannot be required.
- For disputing digital Expensify Card purchases, two-factor authentication must be enabled.
- It might take up to 2 hours for domain-level enforcement to take effect, and users will be prompted to configure their individual 2FA settings on their next login to Expensify.
# FAQ
## How many domains can I have?
You can manage multiple domains by adding them through **Settings > Domains > New Domain**. However, to verify additional domains, you must be a Workspace Admin on a Control Workspace. Keep in mind that the Collect plan allows verification for just one domain.
## What’s the difference between claiming a domain and verifying a domain?
Claiming a domain is limited to users with matching email domains, and allows Workspace Admins with a company email to manage bills, company cards, and reconciliation. Verifying a domain offers extra features and security.
|
@rushatgabhane - sorry, was there something you needed me to do here? |
Removed <--- and -->
Added a title
|
A preview of your ExpensifyHelp changes have been deployed to https://f7fb56f8.helpdot.pages.dev ⚡️ |
| Check the box next to the employee's name you want to remove, then click “Close Accounts”. | ||
|
|
||
| ### Important notes about closing accounts through Domain settings: | ||
| If a user has a [Secondary Login](link) linked to their Expensify account, they can still access their account after it's closed in the domain. This is helpful for accessing financial data, like tax-related receipts. |
There was a problem hiding this comment.
I think there's meant to be a link here
There was a problem hiding this comment.
Yes - this is depending on whether the Secondary Login article is live on the new site (that's where it needs to direct to)
There was a problem hiding this comment.
ah okay, could we remove the link for now? we can add it when the article is live
this way the link won't be broken. what do you think?
docs/articles/new-expensify/workspace-and-domain-settings/Domain-Settings-Overview.md
Outdated
Show resolved
Hide resolved
…in-Settings-Overview.md Co-authored-by: Rushat Gabhane <rushatgabhane@gmail.com>
rushatgabhane
approved these changes
Oct 25, 2023
There was a problem hiding this comment.
Reviewer Checklist
- I have verified the author checklist is complete (all boxes are checked off).
- I verified the correct issue is linked in the
### Fixed Issuessection above - I verified testing steps are clear and they cover the changes made in this PR
- I verified the steps for local testing are in the
Testssection - I verified the steps for Staging and/or Production testing are in the
QA stepssection - I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
- I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
- I verified the steps for local testing are in the
- I checked that screenshots or videos are included for tests on all platforms
- I included screenshots or videos for tests on all platforms
- I verified tests pass on all platforms & I tested again on:
- Android: Native
- Android: mWeb Chrome
- iOS: Native
- iOS: mWeb Safari
- MacOS: Chrome / Safari
- MacOS: Desktop
- If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
- I verified proper code patterns were followed (see Reviewing the code)
- I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e.
toggleReportand notonIconClick). - I verified that the left part of a conditional rendering a React component is a boolean and NOT a string, e.g.
myBool && <MyComponent />. - I verified that comments were added to code that is not self explanatory
- I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
- I verified any copy / text shown in the product is localized by adding it to
src/languages/*files and using the translation method - I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
- I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is approved by marketing by adding the
Waiting for Copylabel for a copy review on the original GH to get the correct copy. - I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
- I verified the JSDocs style guidelines (in
STYLE.md) were followed
- I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e.
- If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
- I verified that this PR follows the guidelines as stated in the Review Guidelines
- I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like
Avatar, I verified the components usingAvatarhave been tested & I retested again) - I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
- I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
- If a new component is created I verified that:
- A similar component doesn't exist in the codebase
- All props are defined accurately and each prop has a
/** comment above it */ - The file is named correctly
- The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
- The only data being stored in the state is data necessary for rendering and nothing else
- For Class Components, any internal methods passed to components event handlers are bound to
thisproperly so there are no scoping issues (i.e. foronClick={this.submit}the methodthis.submitshould be bound tothisin the constructor) - Any internal methods bound to
thisare necessary to be bound (i.e. avoidthis.submit = this.submit.bind(this);ifthis.submitis never passed to a component event handler likeonClick) - All JSX used for rendering exists in the render method
- The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
- If any new file was added I verified that:
- The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
- If a new CSS style is added I verified that:
- A similar style doesn't already exist
- The style can't be created with an existing StyleUtils function (i.e.
StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
- If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
- If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like
Avataris modified, I verified thatAvataris working as expected in all cases) - If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
- If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
- If a new page is added, I verified it's using the
ScrollViewcomponent to make it scrollable when more elements are added to the page. - If the
mainbranch was merged into this PR after a review, I tested again and verified the outcome was still expected according to theTeststeps. - I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.
|
@tylerkaraszewski Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button] |
|
🎯 @rushatgabhane, thanks for reviewing and testing this PR! 🎉 An E/App issue has been created to issue payment here: #30323. |
tylerkaraszewski
approved these changes
Oct 25, 2023
|
✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release. |
64 tasks
|
🚀 Deployed to staging by https://github.com/tylerkaraszewski in version: 1.3.92-0 🚀
|
|
🚀 Deployed to production by https://github.com/Beamanator in version: 1.3.92-4 🚀
|
|
🚀 Deployed to staging by https://github.com/tylerkaraszewski in version: 1.3.93-0 🚀
|
|
🚀 Deployed to production by https://github.com/Beamanator in version: 1.3.93-1 🚀
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is my PR for my help article to be added to the new site.
Details
Fixed Issues
$ https://github.com/Expensify/Expensify/issues/311432
Tests
Offline tests
QA Steps
PR Author Checklist
### Fixed Issuessection aboveTestssectionOffline stepssectionQA stepssectiontoggleReportand notonIconClick)myBool && <MyComponent />.src/languages/*files and using the translation methodWaiting for Copylabel for a copy review on the original GH to get the correct copy.STYLE.md) were followedAvatar, I verified the components usingAvatarare working as expected)/** comment above it */thisproperly so there are no scoping issues (i.e. foronClick={this.submit}the methodthis.submitshould be bound tothisin the constructor)thisare necessary to be bound (i.e. avoidthis.submit = this.submit.bind(this);ifthis.submitis never passed to a component event handler likeonClick)StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG))Avataris modified, I verified thatAvataris working as expected in all cases)ScrollViewcomponent to make it scrollable when more elements are added to the page.mainbranch was merged into this PR after a review, I tested again and verified the outcome was still expected according to theTeststeps.Screenshots/Videos
Web
Mobile Web - Chrome
Mobile Web - Safari
Desktop
iOS
Android