Hi Network 👋 Keen to tap into your collective wisdom on best practice strategies for managing user groups in Xplan. For practices that outsource administration and paraplanning, and need to grant third-party access to their Xplan site—what key considerations should be kept in mind when adding or removing clients from user groups to ensure appropriate access and data security? Thanks in advance for sharing your insights 🙏
Xplan ExpertThis is a great topic! And I think it does call for the collective wisdom of licensees and practices who face this challenge every day. I'm going to put the call out and see what other Advisely members do in this space....
Hi Michelle,
Great topic! Just to make sure we’re on the same page, are you looking for best practices around:
Happy to share insights once I understand your focus a bit better! 😊
Jackie
Hey there jaclyn.bazin4 👋 Thank you so much for the reply and apologies for the delay. I can confirm that I am seeking best practice in relation to sharing access with third parties but if you could also share some advice on limiting access to sensitive data, I believe this would also benefit my clients greatly if I can pass this on. 👐
Hi michelle.butler.0, thanks for confirming , and no worries at all on the delay!
When it comes to sharing access with third parties, especially offshore providers, we’ve found that using User Groups is a solid foundation for restricting client access. It’s widely adopted across licensees and helps ensure that users only see client’s they are working on.
That said, outsourcing does introduce new complexities, particularly when outsourced admin teams require broad access to perform tasks efficiently. The key is to start by clearly defining what tasks the third-party user needs to perform, and then work backwards to determine the minimum access required to support those duties.
Some things to consider:
To help limit exposure to sensitive data, you can explore:
However, it’s worth noting that some tools (like document generation or export reports) may still allow access to data in ways that are harder to restrict. So, it’s important to regularly review what users can do, not just what they can see.
There’s no one-size-fits-all solution here, but a layered approach, combining technical controls with clear role definitions, tends to work best.
Regards
Jackie
Iress TeamHey Michelle, what a great question!
This is something I recently discussed with one of our kiwi Xplan businesses, who is looking at setting up virtual administrators to support their various practices. As well as managing user groups on their Xplan site, clearly defining their users capabilities (as to what they can view, create, or amend) and making smart use of Xplan's Access Levels is important. We've also explored how Xplan assists with security measures such as IP whitelisting for geolocation. Would love to hear from other advice businesses and what their processes are around this.
Xplan Expert💡The IP whitelisting is such a great call out!
Thank you so much bridget.lowe! That is a great help.
Hi bridget.lowe 😊When you were discussing the IP whitelisting with your client was there any community articles on this subject at all? I can't seem to locate anything that discusses things to consider and the how to. Appreciate any assistance you can provide 🙏
Advisely TeamGreat topic, michelle.butler.0 🙌 – I imagine it’s something a lot of practices quietly wrestle with, especially when one misstep could risk a data breach.
Would love to hear how others are approaching it!
