The Analytics Admin app provides a simple tool to help customers manage their users for the Fourth Analytics platform. It can be used to restrict sensitive payroll and HR data, which is crucial to ensure users are given the appropriate access to Analytics. It is also possible to grant 'Viewer Only' access to users who require it.
Analytics Admin users are able to:
- Create and remove Single Sign-On (SSO) and non-SSO users
- Manage users access to Dashboards and User Groups
- Manage users' mandatory user filters such as Location, Organisation Level, or Division
Only Fourth can assign Analytics Admin users.
This article provides instructions on how to use the app - from the end user's point of view.
Using the Analytics Admin app
This app is fully optimised for desktop use. It has limited use on mobile platforms but can be used to quickly create and delete users. Please note that filters are not available when using a mobile device.
- Log in to the Fourth app/Fourth Engage (sometimes this is named/branded to a specific organisation)
- Select Analytics Admin from the left-side menu, or from the All Applications area
Fig.1 - Selecting Analytics Admin from the All Applications area
This accesses the GoodData Admin Gateway, where Admin users can create or edit user records.
Fig.2 - The GoodData Admin Gateway
Creating New Users
Two options are available to create users depending on the customer configuration:
SSO Access - Link a Fourth Account with GoodData (enable SSO) (recommended)
SSO users only have access to Analytics through All Applications on the Fourth Platform. If they are terminated from the core solution, they no longer have access
- Standalone - Create a new GoodData user
Standalone users have access to Analytics via the URL and their login credentials. These users are able to maintain their login details themselves. If they are terminated from the core solution, they still have access via the URL unless the user record is deleted
Fig.3 - Two options for creating new users
Single Sign-On (SSO) User Creation
The recommended option when creating a new user is SSO.
- From the GoodData Admin Gateway, select Link a Fourth Account with GoodData (enable SSO)
Fig.4 - Link a Fourth Account with GoodData (enable SSO)
'Step 1 of 3 - Select a Fourth account'
A list of existing Fourth user accounts will display.
- Search for a Fourth user account record to link Fourth Analytics access to
- Use the Select button against that user account
Fig.5 - Searching for and selecting a user
'Step 2 of 3 - Confirm your details'
- Update the Email field so that it contains a work email address
This is so that any scheduled emails are not sent to the employee's personal email address linked to their Fourth account, which could be a risk to the business
- Complete the First name, Last name and Default project role fields as required and then select Link Fourth account
Fig.6 - Entering the user's details
'Step 3 of 3 - Configure Good Data projects'
The account is then linked, and filters can be applied if required - see the Assigning Access section for more details on filters.
Standalone User Creation
- From the GoodData Admin Gateway, select Create a new GoodData user
Fig.7 - Create a new GoodData user
Complete the following fields:
- Login-email: This is the email address that will receive private and global scheduled emails. This should be the user's work email address as sensitive customer data should be retained within the business
- First Name and Last Name: Employee's first and last name
- Password: Enter a generic password to share with the user - see Fourth Analytics - Changing Password on First Login for more information
- Default project role: select Viewer
- Select Create
Fig.8 - Entering details for a standalone user
In the Admin Gateway, a list of users is displayed.
- Under the 'Manage' column, it is possible to Edit or Delete records
- To remove a user, select Delete against their record
A pop-up will appear, advising that the operation permanently removes the user from Analytics and all assigned Analytics portals.
- To confirm the deletion, select Yes, Delete this User
Please note: This is the preferred method for deleting users.
Fig.9 - Delete user pop-up
Some customers may have users that have access to multiple Fourth Analytics portals.
- To remove a user from a single project, select Edit against their record
- The other Delete option here only deletes the user from that particular project and not from any others they may have access to
- In the pop-up that appears, select Yes, Delete project from user to complete this
Fig.10 - Delete project from user pop-up
Mandatory User Filters control what a user can see within Fourth Analytics. When creating an SSO or standalone user, the filters are not updated automatically from the core solution - location assignment is not replicated in the user for Fourth Analytics.
- To amend the Mandatory User Filters, from the Admin Gateway, select Edit against a user
Types of User Filters are:
Fourth Analytics is recommended for Ops levels and above due to the sensitive data within the HR and Payroll modules. Filters allow administrators to restrict access.
- When assigning filters, select each relevant area from the drop-down, e.g. Org Level, Location, Department
Four different scenarios are shown below that use different combinations of Filter configuration.
Scenarios 1&2 are the same in that the user can only see the locations allocated on the right-hand side. This will ensure any new locations/filters are never seen by the user if the Inclusive box is selected - this is selected by default).
Scenario 1 - access to one location only Scenario 2 - access to multiple locations
Scenarios 3&4 are the same in that the user can only see the locations allocated on the left-hand side if the "inclusive box" is left un-selected.
This will ensure any new locations/filters are seen by the user.
Scenario 3 - access to one location only Scenario 4 - access to multiple locations
Using Groups is the recommended option when assigning dashboard access.
Groups are used to group together multiple dashboards for easier assignment. Additional dashboards can be assigned using the dashboard configuration as mentioned above.
Standard Groupings are:
- Sales, Labour & T&A
- Productivity (RBS)
- Productivity (ABS) - Activity Based Scheduling customers only
- POS (customers with transactional POS Analytics)
- ATS (customers using Fourth ATS)
- Third Party (customers with third party integrations)
- Foundation (Foundation customers only)
- Gender Pay Gap (contains Payroll information for customers that have subscribed to the GPG service)
- Customer Admin - Displays location hierarchy and financial calendar
- Fourth Admin - FOURTH ADMINISTRATORS ONLY
If additional groups are required, please submit a request via the Customer Community. See Fourth Processes - Raising and Managing Support Tickets for guidance.
Please note: The HR, Payroll and Gender Pay Gap dashboards and usergroups contain employee personal information such as age, date of birth, gender and salary details.
Data permissions are applicable to the HR dashboard using the 'Filters' below i.e. selecting one or multiple locations [Name (units)].
Data permissions cannot be applied to Payroll data i.e. Users with access to Payroll dashboard or Gender Pay Gap dashboard will see data for all employees.
Users should be restricted to viewing only the dashboards and data they need.
Fig.11 - Filters, Dashboards, Groups
All of the dashboards available to the customer's project are visible and can be assigned here.
Fig.12 - Configuring dashboards for a user's view
The Payroll dashboard cannot be filtered by location. The user would need to have an additional filter added: "EMPLOYERPAYBASIS (PAYPERIODS)" to restrict any pay basis they should not have access to.
If the company only has one pay basis, users with location restrictions (e.g. Head Office) should not be given access to this dashboard.
The Payslip Analysis tab contains sensitive data and can be restricted to a location level. However, this should be tested before access is granted as each customer's configuration is different. An Analytics administrator can do this by applying the filters to their own profile to test. If unsure please raise a discussion on our Customer Community here.
This contains termination and absence data for Head Office, so this location should be removed from the user's access if they are not allowed to view this information.