As an Ontraport account owner, you perform user management tasks like adding users, settings permissions, creating roles and much more. In this article, you’ll learn about users, roles and permissions and how to use them to manage your team in Ontraport.

Note, your subscription level determines how many users are included in your account:

Basic Plus Pro Enterprise
1 2
(More can be purchased)
3
(More can be purcahsed)
5
(More can be purchased)

Plus accounts and above can pay an additional $47 per month to add additional users.

Table of contents

The relationship between users, roles and permissions
Role hierarchy
The “Account Owner” role
Assign ownership of records
Understanding permissions
Add a role and set permissions
Create a new user
User permission exceptions
Delete a user
Restrict IP addresses that can access your account
Set your account’s time zone


The relationship between users, roles and permissions

Before adding roles and setting up permissions, it’s helpful to understand how users and roles are connected in your account.

Users
Users are the people who sign in to your account. Individual users have their own username and password combination.

Roles
Every user in your account is assigned a role, and multiple users can have the same role. For example, members of a sales team would have the role “Sales Representative” and members of your support team would have the role “Customer Support Representative.”

Permissions
Permissions control what areas of your account each role is allowed to view, edit and delete.

Role hierarchy

Every role has a manager except for the “Account Owner.” Your role managers allow you to create a hierarchy within your roles. This makes it easy for your managers to oversee their subordinate roles’ work.

View your role chart

  • Go to your profile iconAdministrationUser ManagementTeam Roles & Permission Management.
  • Click role chart to view your role hierarchy tree.

This will help you visualize which roles are subordinate to others. For example, in the image below, “Sales Manager” and “Sales Representative” are both subordinate roles to “Account Owner.” And “Sales Representative” is a subordinate role to “Sales Manager.”

The “Account Owner” role

The highest level role in your account is “Account Owner,” and that is the person who signed up for and pays for your account. This is the only role in your account who doesn’t have a manager.

As the account owner, you have complete control over your Ontraport account. This includes the ability to create new roles, add users and set permissions in your account.

Assign ownership of records

Record ownership is at the core of Ontraport’s permission management capabilities. It allows you to choose which users and roles should be able to view and edit specific records. Every record in your account has an “owner” drop down field, and you can select one of the users.

There are several ways to automatically update your records’ owner fields.

Contact records can be updated using a lead router. A lead router automatically updates the “owner” field in contact records. The example below shows a round robin lead router which assigns contacts evenly across users. But you can also set up a weighted random to send more experienced reps a higher percentage of leads.

  1. Check out this article on lead routing to learn more.

All other records, such as deals or companies, can be updated using the update action element.

Another way to automatically update the “owner” field in your records is from your form’s settings.

Every form’s settings contain a “Notification and Routing” section. From there you can select a user or a lead router from the “If this is a new Contact make the Contact Owner” drop down field.

For example, you can create a booking form for each of your sales reps. This ensures that the new leads who book a call using that form are owned by the rep they booked with.


Understanding permissions

Yes/No Checkbox

Many permissions only have a checkbox next to them. When you check the box, you are giving your role permission to view and use a particular feature. When a permissions is set to “No,” users assigned that role won’t be able to see or interact with that feature.

For example, if your “Sales Representative” role does not have permission to cancel tasks, it would look like this:

Your sales reps won’t see the “Cancel” action when they select a task:

“Can view” dropdown

These options let you control which records your user can see.

Here’s what each option means:

Owned by me and my roles Owned by me and my subordinates Owned by me
This role can see the records they own and the records owned by users with the same role. This role can see the records they own and the records owned by subordinate users. This role can only see records that they own.

The owner of each record is determined by the user selected in your record’s “owner” field:

“Can create/edit” dropdown

  1. These options control which records your user can create or edit.

Here’s what each option means:

Owned by me and my roles Owned by me and my subordinates Owned by me None
This role can create new records.
This role can also edit records they own and records owned by users with the same role.
This role can create new records.
This role can also edit records they own and the records owned by subordinate users.
This role can create new records.
This role can also edit records they own.
This role can only view records — they cannot edit any records or create new records.

“Can delete” dropdown

  1. These options control which records your user can delete.

Here’s what each option means:

All Owned by me and my roles Owned by me and my subordinates Owned by me None
This role can delete any record. This role can delete records they own and the records owned by users with the same role. This role can delete records they own and the records owned by subordinate users. This role can only delete records they own.  This role cannot delete any records.

Add a role and set permissions

We suggest adding your roles and setting permissions before you add your users; this way, when your new users log in for the first time, they can only access what they have permission to.

  • Go to your profile iconAdministrationUser Management tabTeam Roles & Permission Management.
  • Click new role at the top.
  • Type in the name of your new role (e.g., “Sales rep”, “Customer Service Rep,” “Graphic Designer”).
  • Select a manager from the “Role Manager” dropdown.
  • Go through each of the permission settings and set your preferred permissions for the role.
    1. Check out the “Understanding permission” section below to learn what each permission controls.
  • Click save.


Create a new user

  • Go to your profile iconManage Users.
  • Click new user.
    1. If you’ve exceeded the number of account users included in your subscription plan, you’ll see a pop-up that lets you know an additional user seat will be an additional $47 per month.
    2. Click Agree to continue.
  • Fill in the required fields in the “Contact Information” section.
  • Fill in the fields for the “Email Information” section.
    1. Email From Name: This field determines what name will appear next to the subject line of emails sent by this user, like this:
    2. Reply To Email: This is the email address the user will receive reply emails from contacts. If left blank, replies will flow to the administrator’s “reply to” email address.
  • Fill in the required fields in the “User Details” section.
    1. Role: Select a role for your user.
    2. Manager: Select your user’s manager.
  • Click save.

User permission exceptions

In some cases, you may want a specific user in your account to have different permissions than the other users with the same role. With user permission exceptions, you can add and remove permissions for specific users in your account. Here’s how:

  • Go to your profile iconManage Users and click on a user.
  • Scroll down to the “User Permission Exceptions” section and click new user permission exceptions.
  • Select an exception from the dropdown.
  • Choose if the exception should be set to “Visible” or “Not Visible.”
    1. “Visible” means your user has access to the feature.
    2. “Not Visible” means the user does not have access.
  • Click add exception.

For example, this setting would allow your user to use the “Refund Transaction” action on contact purchases:


Delete a user

If you want to remove access to your account, you can delete a user.

  • Go to your profile iconAdministrationUser Management tabUser Management.
  • Select your user and click Delete.
  • Select the user to reassign records to.
  • Click Delete.

Restrict IP addresses that can access your account

IP address restrictions help you maximize the security of your Ontraport account. When you enable this security feature, users who log in from a new IP address need to verify their identity before logging in. You can also revoke access from specific IP addresses. This gives you control over the locations where users can log in to your Ontraport account.

Turn on IP address restrictions

  1. Go to your profile iconAdministrationSecurityIP Address Restrictions toggle on.

Approve new IP addresses to log in to your Ontraport account

You won’t be able to log in to your account with an unauthorized IP address. Instead you’ll see this page:

Click the Authorize me button on that page, and Ontraport will send you an email with the subject line “Ontraport — Authorize IP Address.”

The IP address authorization email looks like this:

When you click Authorize IP Address, your IP address is added to the “Authorized IP Addresses” section in your user profile.

Note, never grant access to a request you don’t recognize. If you receive a request that didn’t come from you or your team, please change your Ontrapot password and contact Support.

Revoke IP authorization

You can revoke any of your authorized IP addresses. This will block users from logging in from the selected address.

  • Go to your profile iconManage Users and click on the user profile you want to edit.
    1. Or, to edit your own authorized IP addresses, go to your profile iconPersonal Profile.
  • Scroll down to the “Authorized IP addresses” section and select the address(s) you want to revoke.
  • Click Revoke IP authorization. a user.


Account’s time zone

Your account’s time zone helps you customize the timing of your automation. The date and time settings on automation elements let you choose from two time zones:

  1. In my time zone — uses a fixed date/time
  2. In the contact’s time zone — uses a relative date/time

Change your account’s time zone

  • Log in as the account owner.
  • Go to your profile iconPersonal Profile.
  • In the “User Details” section, click on the Time zone field and select your time zone.

Note, your account’s time zone field is only available from the account owner’s personal profile.