Access Manager for ATO online services
Access Manager is used to manage access and permissions for:
- Online services for agents
- Online services for business
- Australian Business Register (ABR).
It also allows you to manage which functions others can access on behalf of your business.
To manage access for Online services for foreign investors, go to Authorise a representative.
Learn more about:
- Access Manager for business
- Access Manager for tax professionals
- Access Manager for business software users
Log in to Access Manager
To log in to Access Manager and manage permissions you need:
- a Digital ID, such as myIDExternal Link
- to be the principal authority or authorisation administrator in Relationship Authorisation Manager (RAM)External Link.
Access Manager through RAM
Relationship Authorisation Manager (RAM)External Link is an authorisation service that allows you to access our online services on behalf of a business.
RAM is connected to Access Manager. When you authorise a person to act on behalf of your business using RAM, you can set their permissions in Access Manager at the same time.
By logging in to Access Manager through RAM, you agree to:
- comply with the terms and conditions of myID and RAM
- always keep your myID secure and not share it with others.
Roles and authorisation types
Authorising and managing permissions for staff is one of the main functions of Access Manager. To do this, you need to be either of these authorisation types in RAM:
- principal authority – you have full access to ATO online services
- authorisation administrator – you can create and manage authorisations for others. This role must be authorised by a principal authority or another authorisation administrator.
If you're a principal authority or authorisation administrator in RAM, you automatically become an administrator in Access Manager. This means you:
- have access to all permissions for ATO online services – an authorisation administrator's permissions can only be modified by a principal authority
- can set up authorisationsExternal Link and grant Full, Custom or No access to users in RAM. Users with custom access have limited access to ATO online services and must be assigned specific permissions in Access Manager.
Note: Once you assign permissions to authorised users, anything they do in ATO online services is legally binding to your business.
Set permissions using RAM
In RAM you can set, view, modify, remove, disable, and restore permissions.
To set permissions in RAM when you add a new user:
- Select Custom for Australian Taxation Office in the Agency access. Custom access users will be visible in Access Manager once the authorisation is created in RAM.
- Complete the steps in the Summary section.
- Select ATO Access Manager. Not all online services offer this option in custom set up.
You will now be in Access Manager.
View or modify permissions
To view or modify existing permissions in RAM:
- Select the user.
- Select View or Edit.
- Select ATO Access Manager.
You will now be in Access Manager.
Responsibilities when using Access Manager
Access Manager allows you to manage who has electronic access to your business' tax information. It's your responsibility to regularly review and monitor who has access to your business records.
Data about individuals and entities in Access Manager is confidential. You must ensure that unauthorised people don't compromise the integrity of that data. If you leave your computer unattended, even briefly, you must log out from Access Manager or lock your computer.
When you log in to Access Manager, you agree to:
- comply with the terms and conditions of myID and RAM
- always keep your myID secure and not share it with others
- not disclose your myID password or share it with others.
By providing others with access to secure business information through myID and RAM, as yourself or as a representative for tax purposes, you must understand:
- user access and permissions – the level of access given to each type of user (Administrator, Authorised Custom, Authorised Full, Authorised Basic) and the transactions users can undertake. For more information, see Access Manager permissions.
- business appointments – the nature of your relationship with any entities you have appointed as a representative for tax purposes and what transactions they can undertake.
- legally binding actions – the actions these users and representatives undertake through Access Manager are legally binding to your business.
Preventing unauthorised access to business information
If your staff have access to your secure information in ATO online services, we strongly recommend that you:
- use Access Manager regularly to ensure that a user's level of access to our systems is appropriate
- immediately disable or remove a user's account in Access Manager and RAM if you have any concerns about their activities
- ensure that each person who deals with us online on behalf of your business has their own myID
- keep passwords secure – they must not be shared.
If you use hosted (online) SBR-enabled software, we strongly recommend that you limit access to stored business information to appropriate staff only. If you have any concerns, contact your digital service provider for advice.