This guide explains how to add users to the company's Netvisor and manage their rights. A compiled guide on frequently asked questions about user rights is also available: FAQ user rights   

CONTENTS

Managing user rights

Users with the user administrator role (KH) and/or accounting office's administrator role (TPK) can edit the user rights of other company users. The company itself (or the accounting office) is responsible for the correctness and management of user rights. Changes to user rights can be made by Netvisor experts only in exceptional cases. In such cases, a written request must come from the company's Netvisor environment administrator or the company's authorized signatory.

Adding and copying users and user rights requires strong authentication. Strong authentication can be performed using the Netvisor mobile application or bank credentials. This procedure enhances the security of our customers and ensures the identity of the user rights adder. Additional verification is user and session-specific. This means that if the user administrator adds or copies multiple users or user rights during the same login session, no new authentication is required. The user administrator only needs to perform additional verification during the first addition within the same session. An exception to this is when the company has chosen to use Payment additional verification (Company menu > Sales and accounts receivable rights > Payment confirmation settings > Payment additional verification). If payment additional verification is enabled, re-authentication is required for each user addition.

User rights management is done on a company-specific basis, meaning that the users employed by the company currently being managed are controlled from under that company. From the same place, it is also possible to manage the rights of external users who have been granted access to the company. This usually applies to, for example, an accountant or an auditor.

The company's users and their user rights can be viewed through the company menu in the Users and roles view. This view is only accessible to users with the accounting office's administrator (TPK), user administrator (KH), or auditor (TT) role. Of these, TPK/KH users can edit the user rights of other users. 

Managing the company's administrator

“The administrator refers to a natural person appointed by the customer, who is granted the service's administrator rights, which include the rights to create new user accounts, add or remove service sections, and sign agreements within the service; and who acts as the customer's representative.”

Adding a new user (inviter's process)

From 1 April 2026 onwards, adding a new user to Netvisor takes place through an invitation process. The invitation verifies the user's identity with bank authentication and two-factor authentication (email and text message) before the KH user approves the user and grants them user rights. 

If you want to grant the user rights to another Netvisor environment, this can be done according to the instructions Authorizing a user to another company. In that case, the invitation process does not need to be used.

1. Adding a new user to the company is done from Company menu (company name at the top left) > Users and roles or User invitations. In the Users and roles view, you can see the environment's active and passive users. You can start the invitation process on either the Users and roles or User invitations tab.

2. You can add a user via the Authenticate to invite user function. Inviting a new user requires strong authentication to verify the identity of the user administrator. Strong authentication can be performed using the Netvisor mobile application or bank credentials.

 3. After successful authentication, the Users and roles or User invitations view opens, depending on which view the authentication was performed in. Adding a new user is possible from the "Invite user" section. If you want to send the invitation in English, you must change the Netvisor user interface language from the menu that opens behind your own name in the upper right corner. Inviting in Swedish is not currently possible.

4. A new window opens for creating the user, where you select how the user is added. A user with Finnish online banking credentials can be added from the company's employees or by selecting Invite new user and entering the user's name, email, and phone number. The invitee's personal identity code does not need to be handled. There is a separate guide for adding a foreign user: Logging in and inviting a foreign user.

5. When the user's details have been entered, select Send invitation. An invitation message is sent to the invitee's email address. The message contains instructions and an invitation code that must be activated within 72 hours. For the KH user, an overdue invitation is shown in the Netvisor user interface with the status Invitation overdue. By clicking the invitee's name, you can reopen the view where the invitation can be resent. In this view, you can also edit the invitee's contact details.

6. When the user has successfully completed the authentication process, the invitation status in the user interface changes to Waiting for approval. The KH user can approve the invited user by clicking the user's name. The user can be approved by a different KH user than the one who sent the invitation. The user administrator must check that the invitee's name matches the information obtained through strong authentication. If the information matches, select Approve and continue. If the name information does not match, the KH user must contact the invitee or a user with the P role, if the invitee was added from the company's employees, to clarify any discrepancies. However, the system allows approving a user whose name information does not match. If the user was added from the employees and the personal identity code in the employee list does not match the personal identity code obtained through strong authentication, the system will notify you of this and approval cannot be done. In that case, the personal identity code must be checked and, if necessary, the user must be invited again. 

7. After approval, the user's access rights are defined. User rights can be changed later on the Users and roles page. After defining the user rights, select Create user. The user is then moved from the User invitations view to the Users and roles view. At the same time, a notification of the completed approval is sent to the invited user by email, and they can log in to Netvisor. 

Valid until further notice: By default, the selection is set to the valid until further notice field, meaning the user right is valid until it is removed. 

Fixed validity period: Define the validity period of the user right (in this case, remove the selection from the valid until further notice field). After the validity period ends, the person cannot log in to the company. Note! If the validity period is ended, this does not stop possible email communication from the company, e.g., related to the approval cycle of purchase invoices (factual verification, approval, payment). If communication is to be stopped, either remove the user's accounts payable rights or modify the communication settings in the user's personal information.

Inviting a user (invitee's process)

1. The company's TPK or KH user starts the invitation process in Netvisor. The invitation requires the user's name, email, and phone number. 

2. The user receives an email from Netvisor containing an 8-character confirmation code. For security reasons, there are no direct links in the email. 

3. The code received by email must be entered on the page https://login.netvisor.fi/fi. Select Activate your invitation code and authenticate with online banking credentials.

4. After authentication, a view opens where the 8-character invitation code is entered. The code is valid for 72 hours from sending. If the code is entered incorrectly more than 3 times, the invitation is locked and the KH user must send a new invitation. If the invitation code has expired, the user will be notified and the KH user must start the invitation process from the beginning. 

5. When the 8-character invitation code has been entered successfully, an SMS confirmation is sent to the user. The text message code is valid for 10 minutes. If the code does not arrive, it can be requested again up to three times.

6. When the user has successfully completed the authentication process, the company's user administrator must still check and approve the user. The invited user will receive an email notification when the approval has been made. The user therefore cannot log in to Netvisor immediately after completing the invitation process. Netvisor support cannot approve the user; the approval is always done by the company's Netvisor environment KH user.

 7. After approval, the user can log in to Netvisor either with the Netvisor mobile application or with online banking credentials. 

Adding a user from the company's employees

1. If the person is already an employee in the company, they can be added from the menu showing all the company's employees

This option is only visible if the company has the Payroll package in use, or from additional services 'Payroll and time tracking' or 'Travel and expense claims'.

Through this selection, a new user is not created, as employees are already users in the background. The selected user is only granted access to the company.


2. When an employee is selected from the menu, their email and phone number found in the employee information are displayed below. The information is shown for identification purposes, as there may be employees with the same name in the company.

3. Define the user's personal information. The user's name cannot be changed in this view.

4. Define the necessary profiles and roles for the user.

Sales, products, purchases, and financial section rights

All rights - the user has all rights to the Accounting section.
Accounts receivable user - the user has rights to the Sales section.
Accounts payable user - the user has rights to the Purchases section.
Accounts payable and receivable user - the user has rights to the Sales and Purchases sections.
Viewing - the user has viewing rights to all sections. This must be specified separately for the payroll section as well. (Selections will not appear if the sections are not enabled for the company).
Company user - same as All rights, except only read rights for basic bookkeeping functions and income tax declarations. In this case, manual vouchers cannot be created for the company, and income tax declarations cannot be sent.
No rights - the user has no rights to the Accounting section. However, the user can access Electronic signing to view public documents, Extensions to the eScan processing view, and eScan settings to create user accounts. Additionally, the user can access Netvisor Store but cannot perform any actions there. 

User administrator (KH) Can manage the company's users and services. KH can create an accountant, but not another user administrator. They cannot add the accounting office's administrator right or give the payroll accountant right. They cannot add rights to themselves or change their own rights in user rights management. To add the KH role to another user, the adder must have TPK or KH+administrator user rights.
Accounting office's administrator (TPK) is, as the name suggests, a role belonging to the accounting office. TPK can create a KH and an accountant, but not another TPK. The TPK role can only be given by copying (requires TPK or KH+administrator user rights) or in exceptional cases by Netvisor support. Once the TPK role is obtained, the user is automatically added as a user to new companies created by the accounting office. In this case, they receive TPK + KH+KP rights (+P rights if the payroll section is enabled in the company) for that accounting office client. If the accounting office does not want the employee to see information about the accounting office itself, which has TPK rights to client companies, the user can be given TPK rights to the accounting office without KH rights. Similarly, the user profile must be considered or possibly have no rights to the accounting office itself. However, the person will receive TPK+ KH+KP rights for new companies opened. But they cannot open a company themselves under the accounting office, but it can be done from another company where they have KH rights. The background accounting office link always goes under the opener's base company. If the TPK role needs to be removed from the user, it is done through copying user rights, i.e., copy the user rights from a user who does not have the TPK role.
Accountant (KP) can perform more demanding accounting tasks in the company. They can send a control notification, delete an invoice and a voucher, edit sent invoices and delivered orders, make vat overrides, etc. 
Auditor (TT) is a special role given to an auditor and requires the user to have user administrator rights. If the user's base company is something other than Netvisor Auditors, please send a request to support to correct the base company. In this case, we can correct the user's base company to Netvisor Auditors.
After the user has been added, it is still possible to give the user customized rights, where different rights can be defined for sections and functions.

The user's personal information should always be filled in as completely as possible, as it facilitates contact with the customer in potential problem situations.

Once the user is added, they only have basic rights to the company. Additionally, rights to accounts receivable, the information view, and the financial period archive must be defined.

Payroll rights

If payroll has been enabled in the company, the user can be given the necessary rights to payroll. 

More detailed information about payroll rights is provided in the payroll guide Function-specific payroll rights and payroll roles.

In payroll, the following profiles and roles can be given.

Profiles

Employee profile: No rights to payroll or editing basic information. Right to enter and edit time management (time tracking and travel claims) data if the Travel service is enabled for the employee. The employee can see their own payroll basic information and can view and print their own payslips. This right also allows the user to see public electronic signing invitations in Netvisor.

All rights profile: Grants all rights to the HRM side. Rights are given to the payroll accountant. Additionally, the payroll accountant must be given the payroll accountant role (P).

Approver profile: No rights to payroll or editing basic information. Right to edit time management data, e.g., approving travel claims and time entries. The approver must also be assigned sufficient hierarchy rights to see their subordinates' time entries and travel claims.

Company management profile: Can see payslips and reports. No rights to perform monthly or annual obligations. Cannot edit basic information. If the company management wants to view payroll phases, viewing rights (or editing rights if desired) must be set for payroll and managing salary models and types from function-specific rights. 

Viewing profile: Grants viewing rights to the payroll side.

No rights profile: No rights to the payroll section.

Roles

Payroll accountant role (P): The payroll accountant role is mandatory for the user who calculates salaries. It is recommended that the payroll accountant has the payroll profile "All rights". The payroll accountant also needs payment rights from accounts payable rights to pay salaries. 

The payroll accountant role (P) can be given either by the accounting office's administrator (TPK) or the Netvisor environment administrator visible on the company's management front page, who also has the user administrator role (KH). Removing the role also requires the same rights. One cannot grant rights to oneself. In exceptional cases, the role can be set by support. 

Foreman role (E): The foreman role can be given to a user in a supervisory position. The E role respects the company hierarchy, and the user can only see the salary information of those employees to whom they have factual verification or approval rights through the hierarchy. The role entitles the user to view employees' salary information.

Personal details handler (HH): The personal details handler (HH) role allows managing employee information more limitedly than the payroll accountant role. This role does not allow access to the payroll process or, by default, to pages containing employees' salary information. The HH role respects the company hierarchy, and the user can only see the employees to whom they have factual verification or approval rights through the hierarchy.

Editing a user

Editing a user can be accessed by clicking the user's name in the user listing. A user cannot edit their own rights in user rights management.
Select "Add new access right" if you are adding access for the person to another company you manage; or
Select "Edit user's personal details" if there is a need to change the user's personal information.

If the user wants to edit their own email or phone number, for example, this can be done by clicking their own name at the top right. More information can be found in the guide My basic settings. From the same view, you can also change the interface language.

User account validity

User rights can be valid until further notice or the validity period can be defined for a specific period. The user administrator (KH) role can set the validity period of user rights on a company-specific basis as follows: Company menu > Users and roles > click the user's name > "Edit user's login settings" link. 

"Update validity period for all companies" option updates the user right for all companies where the editor has user administrator rights. The number following the selection shows how many companies the change is made to, and by clicking it, the specific companies are listed.


Note! If the validity period is ended, this does not stop possible email communication from the company, e.g., related to the approval cycle of purchase invoices (factual verification, approval, payment). If communication is to be stopped, either remove the user's accounts payable rights or modify the communication settings in the user's personal information.

Deleting a user

Only users with the KH and/or TPK role can delete user rights.

Deleting a user with the KH role requires KH + administrator rights.

If you want to remove a user's rights from only one company, proceed as follows: Company menu > Users and roles > click the desired user's name > User's other access rights.

On the page that opens, click the link in the Delete column on the row of the company to be removed. If the user has rights to multiple companies and the user administrator performing the deletion also has rights to these same companies, rights can be deleted from either all or only some of the companies by clicking the link in the Delete column for the desired companies.

In the above case, the user's base company is Porin Testiyritys Oyj. If the user's right to their base company is removed, they cannot log in to any other company, even if they have rights to them, until a new base company is set by the user themselves or in exceptional cases by Netvisor customer support. If login is prevented due to the base company, a pop-up window will appear for the user the next time they log in to Netvisor, from which they can select a new base company for themselves. 

The base company is the company to which the user was originally added, more information in the guide Base company in Netvisor. The user's base company is the active company if Company's own user column says "Yes".  If the user already has credentials for another company, the column will say "No" for them. The base company of users can be seen in the Users and roles listing in the base company column.

Authorizing a user to another company

A person with the user administrator (KH) role can add rights for another person to another company where they also have the KH role. Adding is done by finding the user in a company where both the KH and the user to be added are users. Then go to the company menu, from there to the Users and roles view. Click the user's name and on the page that opens, click the Authenticate to add access right link. After successful authentication, the same view opens, and there is the Add new access right function.

Select the company to which the rights are being granted and click the Continue button

Next, select the desired user profile and any special role and Save.

User rights report

The user rights report lists the user rights of the company's users. The report details the validity period of the user's rights, roles, function-specific rights, sales and accounts receivable rights, and financial period archive rights. The user rights report can be downloaded as an Excel file from under the company name Users and roles > above the user listing Other functions button > Download user rights report (Excel).

Keywords: Netvisor, user rights, management, administrator, authorization, payroll, accounts receivable, user rights, deleting a user, user rights report

This article has been translated using an AI-based translation tool. The contents or wording of these instructions may differ from those in other instructions or in the software.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.