Best Practice for Managing User Groups

Hi Network 👋 Keen to tap into your collective wisdom on best practice strategies for managing user groups in Xplan. For practices that outsource administration and paraplanning, and need to grant third-party access to their Xplan site—what key considerations should be kept in mind when adding or removing clients from user groups to ensure appropriate access and data security? Thanks in advance for sharing your insights 🙏

xplan

11 Replies

courtney.youngblutt
Xplan Expert
3 months ago
This is a great topic! And I think it does call for the collective wisdom of licensees and practices who face this challenge every day. I'm going to put the call out and see what other Advisely members do in this space....
jaclyn.bazin4
Active Interactor
3 months ago
Hi Michelle,

Great topic! Just to make sure we’re on the same page, are you looking for best practices around:

Sharing access with third parties (e.g. outsourced admin/paraplanners), or

Limiting access to sensitive data (like file notes, documents, or specific client info)?

Happy to share insights once I understand your focus a bit better! 😊

Jackie
- michelle.butler.0
  Active Interactor
  3 months ago
  Hey there jaclyn.bazin4 👋 Thank you so much for the reply and apologies for the delay. I can confirm that I am seeking best practice in relation to sharing access with third parties but if you could also share some advice on limiting access to sensitive data, I believe this would also benefit my clients greatly if I can pass this on. 👐
  - jaclyn.bazin4
    Active Interactor
    3 months ago
    Hi michelle.butler.0, thanks for confirming , and no worries at all on the delay!
    
    When it comes to sharing access with third parties, especially offshore providers, we’ve found that using User Groups is a solid foundation for restricting client access. It’s widely adopted across licensees and helps ensure that users only see client’s they are working on.
    
    That said, outsourcing does introduce new complexities, particularly when outsourced admin teams require broad access to perform tasks efficiently. The key is to start by clearly defining what tasks the third-party user needs to perform, and then work backwards to determine the minimum access required to support those duties.
    
    Some things to consider:
    
    If they’re doing data entry, they’ll likely need access to most client fields.
    
    If they’re generating documents (e.g. fact finds), they’ll need merge capabilities.
    
    If they’re managing datafeeds, broader client access may be unavoidable.
    
    To help limit exposure to sensitive data, you can explore:
    
    Access Levels and Custom User Fields to control visibility/editability
    
    Page-level user conditions to restrict access to specific screens
    
    Capability-driven access to limit what functions users can perform
    
    Client-level access via User Groups to restrict visibility to certain clients only
    
    However, it’s worth noting that some tools (like document generation or export reports) may still allow access to data in ways that are harder to restrict. So, it’s important to regularly review what users can do, not just what they can see.
    
    There’s no one-size-fits-all solution here, but a layered approach, combining technical controls with clear role definitions, tends to work best.
    
    Regards
    Jackie
bridget.lowe
Iress Team
3 months ago
Hey Michelle, what a great question!
This is something I recently discussed with one of our kiwi Xplan businesses, who is looking at setting up virtual administrators to support their various practices. As well as managing user groups on their Xplan site, clearly defining their users capabilities (as to what they can view, create, or amend) and making smart use of Xplan's Access Levels is important. We've also explored how Xplan assists with security measures such as IP whitelisting for geolocation. Would love to hear from other advice businesses and what their processes are around this.
- courtney.youngblutt
  Xplan Expert
  3 months ago
  💡The IP whitelisting is such a great call out!
- michelle.butler.0
  Active Interactor
  3 months ago
  Thank you so much bridget.lowe! That is a great help.
- michelle.butler.0
  Active Interactor
  2 months ago
  Hi bridget.lowe 😊When you were discussing the IP whitelisting with your client was there any community articles on this subject at all? I can't seem to locate anything that discusses things to consider and the how to. Appreciate any assistance you can provide 🙏
rainier.reyes
Advisely Team
4 months ago
Great topic, michelle.butler.0 🙌 – I imagine it’s something a lot of practices quietly wrestle with, especially when one misstep could risk a data breach.

Would love to hear how others are approaching it!

Welcome to the Advisely forums!

This is where financial advice professionals from all walks of life come together to share knowledge, swap ideas, solve problems, and talk all things growth and efficiency.

Here are some tips when posting in the forums:

Be respectful and courteous to fellow members
If a reply helped you, mark it as a solution so other users can find it easily
Take a moment to read through our Community Guidelines
For Xplan support issues, it's best to raise a ticket in Iress Connect first. You can also search the discussions for posts about the same issue first before starting a new thread.
Keep an eye out for our 'Ask me anything (AMA)' threads – these are live text-based Q&As with industry and Xplan experts during a set period of time. Find out when the next one is happening here.
Don’t be shy! You don’t need to be an expert to help someone out. Many users are looking for practical advice, shared experiences, or just a fresh perspective
Introduce yourself and meet other members here!