Yes, you can change the QuickBooks administrator, but the process differs based on whether you use QuickBooks Online or Desktop, and specific security protocols under the Sarbanes-Oxley Act require documented audit trails for any admin access changes to protect against financial fraud. The primary challenge stems from Internal Revenue Code Section 6001, which mandates taxpayers maintain adequate books and records including complete electronic accounting data, creating severe consequences when admin access becomes lost or compromised—resulting in potential IRS penalties, blocked access to financial records, and business operation disruptions that can cost companies thousands in recovery fees and lost productivity.
According to recent QuickBooks data breach investigations, more than 29 million small and medium-sized businesses now rely on QuickBooks for accounting management, yet 46% of organizations report experiencing fraud or cybersecurity incidents within the past two years.
What You’ll Learn:
🔑 Step-by-step processes to change primary administrator roles in both QuickBooks Online and Desktop versions without losing data access
💼 Legal compliance requirements including SOX regulations, IRS documentation standards, and segregation of duties rules that protect your business
🛡️ Security protocols to prevent unauthorized admin changes, implement multi-factor authentication, and create backup administrator accounts for business continuity
⚠️ Common mistakes that lead to locked accounts, departed employee access problems, and how to recover when the primary admin leaves without transferring control
📊 Real-world scenarios comparing admin transitions during employee departures, business sales, accountant handoffs, and emergency access situations with action-consequence tables
Understanding QuickBooks Administrator Roles
QuickBooks operates on a hierarchical user management system where different roles carry varying levels of authority and access. The administrator structure forms the foundation of your accounting security and determines who controls your financial data. Understanding these distinctions prevents security breaches and ensures proper segregation of duties compliance.
Primary Administrator: The Master Key
The primary administrator holds supreme authority over the entire QuickBooks account with unrestricted access to all features and settings. This role includes exclusive rights to manage all users, modify subscription details, control billing information, and transfer the primary admin role to another user. Only one primary administrator can exist per QuickBooks account at any given time.
The primary admin serves as the account owner with complete visibility into all financial transactions, reports, and company data. This user can add or remove any other user, including company administrators, and maintains control over connected third-party applications. The primary admin also manages Single Sign-On settings and determines which external services integrate with the accounting system.
When you first create a QuickBooks account, the system automatically assigns the person who sets up the account as the primary administrator. This assignment creates the foundational security structure for your entire financial management system. The primary admin bears ultimate responsibility for protecting company financial data and ensuring authorized personnel maintain appropriate access levels.
Company Administrator: The Second-in-Command
Company administrators possess nearly identical access to primary admins but with one critical limitation—they cannot modify or remove the primary administrator’s access. This restriction preserves a clear chain of command and prevents inadvertent lockouts from your own accounting system. Multiple company administrators can exist within a single QuickBooks account.
Company admins can view all financial reports, manage bank feeds, create and edit transactions, oversee payroll functions, and control most settings. They can add, edit, or remove standard users but lack authority to alter other company administrator permissions or transfer the primary admin role. This structure allows businesses to distribute administrative workload while maintaining centralized ultimate control.
The company admin role proves particularly valuable for growing businesses where the owner needs trusted financial managers to handle day-to-day accounting operations. Chief Financial Officers, controllers, and senior accountants typically receive company admin status. These users can manage critical accounting functions without risking accidental transfer of supreme administrative authority.
Standard Users: Role-Based Access
Standard users receive customized access based on their specific job functions within the organization. QuickBooks Online provides predefined roles including all-access, limited access, time tracking only, and reports only options. QuickBooks Online Advanced and Premier subscriptions offer custom role creation with granular permission controls across different accounting areas.
The standard user structure supports the principle of least privilege, where employees access only the information necessary to perform their duties. A bookkeeper might need invoice creation and bank reconciliation access but should not view executive compensation data. Sales staff may require customer information and invoice access without the ability to run comprehensive financial reports or modify chart of accounts.
Proper standard user configuration prevents internal fraud and maintains clear audit trails for financial activities. Each user’s actions appear in QuickBooks audit logs with timestamps and modification details, creating accountability and enabling investigation of suspicious transactions.
Legal and Regulatory Requirements for Administrator Changes
Financial software administrator changes carry significant legal implications beyond mere convenience or internal reorganization. Federal regulations governing accounting records and access controls establish strict requirements for documentation and maintenance. Understanding these legal frameworks protects your business from penalties and ensures compliance during audits.
IRS Electronic Records Requirements
The Internal Revenue Service maintains explicit authority to request electronic accounting software files including complete backup files with all metadata intact during examinations. Internal Revenue Code Sections 6001 and 7602 grant the IRS broad power to demand any books, papers, records, or electronic data that may illuminate aspects of tax returns. This authority extends specifically to QuickBooks files and the accompanying transaction histories.
IRS examiners request electronic records early in examinations using Form 4564, Information Document Request. Taxpayers must provide exact copies of original electronic backup files rather than condensed or altered versions. The IRS requires files in native QuickBooks format with .QBB extensions for Windows versions, capturing all changes entered after year-end close.
When administrator changes occur, businesses must maintain documentation showing who possessed access rights during specific periods. The IRS may question gaps in administrative oversight or sudden transfers coinciding with examination periods. Proper documentation of admin transitions demonstrates transparency and facilitates cooperation during audits, potentially reducing examination scope and duration.
Taxpayers cannot refuse to provide electronic accounting files when properly requested by IRS personnel. Treasury Department Circular No. 230 requires tax practitioners to promptly submit records unless they possess good faith belief that information contains privileged content. Creating new files instead of providing original copies violates these requirements and may result in summons enforcement proceedings.
Sarbanes-Oxley Compliance for Admin Access
The Sarbanes-Oxley Act of 2002 establishes internal control requirements that extend to accounting software administrator access management for public companies and organizations handling sensitive financial data. SOX Section 404 mandates companies establish and maintain adequate internal control structures over financial reporting. Administrator access controls form a critical component of these structures.
SOX compliance requires organizations to maintain access control matrices documenting which users possess specific permissions within accounting systems. When administrator changes occur, companies must record the authorization basis, effective dates, and approvals for such changes. Management must certify these controls operate effectively and external auditors verify compliance annually.
Segregation of duties principles under SOX prevent any single individual from controlling all aspects of financial transactions. Administrator access poses inherent SOX challenges because admins can override normal controls. Companies must implement compensating controls including enhanced monitoring, dual authorization for sensitive transactions, and regular review of admin activities to address these risks.
Periodic access reviews constitute mandatory SOX requirements where organizations must verify users retain only appropriate access levels for their current roles. Quarterly or semi-annual reviews ensure departed employees lose access promptly and role changes trigger permission adjustments. Administrator access requires particular scrutiny given its broad authority and potential for control circumvention.
State Data Privacy Regulations
State-level data privacy laws including the California Consumer Privacy Act and similar legislation in Virginia, Colorado, and Connecticut impose strict requirements on businesses handling personal information. QuickBooks files frequently contain employee Social Security numbers, customer payment card data, and other protected information subject to these regulations. Administrator access to such data triggers additional compliance obligations.
Organizations must implement reasonable security measures to protect personal information from unauthorized access, which includes proper administrator credential management and access termination procedures. State attorneys general can impose significant penalties for data breaches resulting from inadequate access controls. Recent enforcement actions demonstrate regulators focus intensely on administrative credential management failures.
When administrators change, businesses must ensure departing admins cannot access systems containing personal information after their employment ends. This requirement extends beyond simply removing QuickBooks access to include any backup systems, archived files, or connected services the previous admin could access. Documentation proving timely access revocation provides important legal protection during breach investigations.
How to Change Primary Administrator in QuickBooks Online
QuickBooks Online provides a streamlined process for transferring primary administrator responsibilities between users, though the procedure requires careful attention to security protocols. The current primary admin must initiate and complete the transfer process. You cannot bypass or shortcut these security measures designed to prevent unauthorized account takeovers.
Prerequisites Before Starting the Transfer
Before beginning the administrator change process, verify several critical conditions exist to ensure smooth completion. The current primary administrator must possess active login credentials and the ability to sign into the account. If the current primary admin has left the company or refuses to cooperate, you must follow alternative procedures involving QuickBooks support and business ownership verification.
The target user receiving primary administrator status must already exist as a company administrator within the QuickBooks Online account. You cannot transfer primary admin rights directly to standard users or newly invited users who have not yet accepted their invitations. If your intended new primary admin lacks company admin status, you must first promote them to company administrator, wait for them to accept the invitation, and then proceed with the primary admin transfer.
Ensure you have access to the phone number or email address associated with the current primary administrator account for one-time password verification. QuickBooks sends verification codes as part of the security process to confirm the admin change authorization. Without access to these verification methods, you cannot complete the transfer and must contact QuickBooks support for assistance.
Step-by-Step Transfer Process
Log into QuickBooks Online using the current primary administrator credentials and navigate to the main dashboard. Click the gear icon located in the upper right corner of the screen to access the settings menu. Select “Manage users” from the options under the “Your Company” heading to view the complete list of current users and their assigned roles.
Review the user list to locate the person who will become the new primary administrator. Verify the “Role” column displays “Admin” or “Company admin” next to their name. If it shows “Standard” or any other role, click “Edit” next to their name and change their user type to “Admin” using the dropdown menu, then save these changes before proceeding.
Once confirmed the target user holds company admin status, locate the “Action” column in their user row. Click the dropdown arrow or three-dot menu icon in this column to reveal available actions. Select “Make primary admin” from the menu options that appear.
A verification prompt appears requiring you to confirm this significant account change. The system displays a warning explaining that the current primary admin will become a company admin after this transfer completes. Read this information carefully to understand the implications before proceeding with the change.
QuickBooks sends a one-time password to the email address or phone number associated with the current primary admin account. Check your email inbox or text messages for this verification code. Enter the OTP code in the verification field and click “Change primary admin” to finalize the transfer.
The system processes the admin role transfer and automatically demotes the previous primary admin to company administrator status. The new primary administrator receives an invitation email they must accept to officially assume their new role. Until they accept this invitation, the transfer remains incomplete and the previous primary admin retains ultimate authority.
Post-Transfer Verification Steps
After completing the transfer process, sign out of the QuickBooks Online account completely and ask the new primary administrator to sign in using their credentials. They should verify they can access the “Manage users” section and see their role listed as “Primary Admin” in the system. Test their ability to perform primary-admin-only functions including managing other administrators and accessing subscription settings.
The former primary administrator should also verify their access changed to company administrator status by signing in and attempting to access primary-admin-restricted features. They should no longer see options to transfer the primary admin role or remove the new primary administrator from the user list. This verification confirms the transfer completed successfully without system errors.
Document the administrator change with the effective date, involved parties, and business justification for the transfer. Store this documentation in your accounting files along with other access control records. This documentation proves valuable during audits and provides historical context for future administrator transitions.
How to Change Administrator in QuickBooks Desktop
QuickBooks Desktop requires a different approach to administrator changes because it maintains two distinct admin types: the Primary Company Admin within the QuickBooks software and the Primary Intuit Account Admin managing the overall Intuit account and subscriptions. Understanding these differences prevents confusion and ensures you modify the correct administrator level.
Primary Company Admin Changes
Open QuickBooks Desktop and log in using the current administrator credentials for the company file you want to modify. Navigate to the “Company” menu at the top of the screen and select “My Company” from the dropdown options. Click “Manage Your Account” which may require you to sign in with your Intuit Account credentials if prompted by the system.
Scroll down to the “Primary Contact” section and click the “Change” button to initiate the administrator transfer process. If the new administrator already appears in your contact list, select them directly from the available options. If they do not appear in the list, you must first invite them as a user to the account by entering their details and waiting for them to accept the invitation.
Once you select the new primary contact from the list, click “Save and close” to finalize the change. The system updates the primary company admin designation and the new administrator receives confirmation of their elevated status. The previous primary admin retains access as a company administrator unless you explicitly remove their permissions.
Primary Intuit Account Admin Transfer
For transferring the Primary Intuit Account Admin role, access QuickBooks Desktop and navigate to “Company” then “Users” and finally “Intuit Account User Management” from the menu structure. This section displays all users associated with your Intuit account across products and services.
Locate the secondary administrator you want to promote to primary Intuit account admin status. If they do not appear in the list, you must first add them as a user with secondary admin privileges before proceeding with the primary admin transfer. Click on their name and select “Edit” from the available options.
Choose “Change Primary Admin” from the edit menu to begin the transfer process. The system sends a verification code to the new admin’s phone number or email address registered with their Intuit account. Enter this verification code when prompted to confirm you possess authorization to make this administrative change.
The new administrator receives an email invitation to accept their role as primary Intuit account admin. They must click the acceptance link in this email and complete any required verification steps. Until they accept this invitation, the primary admin transfer remains in pending status and the previous primary admin retains ultimate authority over the Intuit account.
Setting Up Users and Passwords
Managing individual user access in QuickBooks Desktop requires careful configuration of the users and passwords system. Navigate to “Company” then “Set Up Users and Passwords” and select “Set Up Users” from the menu to access the user management interface. This section allows you to add new users, modify existing user permissions, and assign administrative privileges.
Click “Add User” to create a new user account and enter the required information including username and email address. The system prompts you to create a password for this user account. Choose a strong password meeting minimum security requirements including uppercase letters, lowercase letters, numbers, and special characters.
Select the access level for the new user by choosing between “External Accountant,” “Full Access,” or “Selected Areas of QuickBooks.” For creating a new administrator, select either “Full Access” or manually configure selected areas to grant administrative permissions. Click “Next” to proceed through the permission configuration screens.
Review all assigned permissions carefully before finalizing the user creation process. The system displays a summary showing which QuickBooks areas and activities the user can access. Click “Finish” to create the user account with the specified permissions.
Real-World Scenarios: Admin Changes in Action
Understanding abstract processes becomes clearer through concrete examples demonstrating how administrator changes unfold in typical business situations. These scenarios illustrate common challenges and proper responses to ensure continuous access to financial data.
Scenario 1: Employee Departure Without Admin Transfer
Sarah founded a small marketing agency and hired Jennifer as her bookkeeper three years ago. Sarah made Jennifer the primary administrator in QuickBooks Online to handle daily accounting tasks. When Jennifer accepted a job at a larger firm, she gave two weeks’ notice but left without transferring the primary admin role back to Sarah.
| Action | Consequence |
|---|---|
| Jennifer leaves company as primary admin | Sarah cannot access subscription settings or manage users |
| Sarah attempts to log in with company admin credentials | System denies access to primary-admin-only features |
| Sarah contacts QuickBooks support for help | Support requires Business Change Request form submission |
| Sarah submits ownership verification documents | QuickBooks verifies and grants primary admin access within 3-5 business days |
| Sarah immediately creates backup company admin | Future departures cannot create similar access crises |
This situation demonstrates the critical importance of maintaining multiple administrators and proactively managing admin transfers before employees depart. Sarah lost access to critical accounting functions for nearly a week during the ownership verification process, delaying invoice processing and preventing payroll completion. The agency incurred additional costs hiring a temporary accountant to recreate financial reports from bank statements during this period.
Scenario 2: Business Acquisition Admin Transition
Tech Startup Inc. acquired Competitor Solutions LLC and needed to consolidate accounting operations under a single QuickBooks account. Competitor Solutions’ primary administrator Marcus needed to transfer control to Tech Startup’s Chief Financial Officer Rebecca to enable unified financial reporting.
| Situation | Resolution |
|---|---|
| Two separate QuickBooks accounts exist | Companies maintain separate accounting through transition period |
| Rebecca needs primary admin access to Competitor account | Marcus adds Rebecca as company administrator first |
| Rebecca accepts invitation and confirms access | Marcus initiates primary admin transfer to Rebecca |
| System requires OTP verification | Marcus enters verification code from his phone |
| Transfer completes successfully | Rebecca gains full control of acquired company’s financial data |
| Marcus loses primary admin status | Marcus remains as company admin for knowledge transfer period |
This scenario highlights the importance of staged admin transitions during business acquisitions. Rebecca first needed company admin access to familiarize herself with the acquired company’s accounting structure before assuming primary control. The transition period allowed Marcus to provide training and answer questions while Rebecca maintained ultimate authority over the account.
Scenario 3: Accountant Temporary Access for Tax Preparation
Small Manufacturing Company hired external accountant David to prepare year-end financial statements and tax returns. The company’s owner Tom wanted to grant David necessary access without permanently surrendering primary administrator control.
| Challenge | Solution |
|---|---|
| David needs comprehensive financial data access | Tom creates External Accountant user role for David |
| External Accountant role lacks some required permissions | Tom temporarily elevates David to company administrator status |
| Tax preparation requires access to closed periods | Tom provides closing date password for limited timeframe |
| David completes tax return preparation | Tom changes David’s role back to External Accountant |
| David maintains ongoing access for quarterly reviews | Standard accountant role provides sufficient access for routine work |
This example demonstrates how businesses can provide temporary elevated access without transferring primary administrator status. Tom maintained ultimate control throughout the engagement while giving David the tools needed to complete his work efficiently. The company avoided security risks associated with permanent administrator assignments to external parties.
QuickBooks Administrator Roles Comparison Table
Understanding the distinct capabilities of each administrator level helps organizations assign appropriate access rights aligned with job responsibilities and security requirements.
| Capability | Primary Admin | Company Admin | Standard User |
|---|---|---|---|
| Access all financial data | Yes | Yes | Limited by role |
| Create and edit transactions | Yes | Yes | Based on permissions |
| Manage bank connections | Yes | Yes | No |
| Run financial reports | Yes | Yes | Limited by role |
| Manage subscription and billing | Yes | No | No |
| Add or remove standard users | Yes | Yes | No |
| Add or remove company admins | Yes | No | No |
| Modify primary admin | Yes | No | No |
| Transfer primary admin role | Yes | No | No |
| Set closing date password | Yes | Yes | No |
| Access audit log | Yes | Yes | No |
| Connect third-party apps | Yes | Yes | No |
| Manage Single Sign-On settings | Yes | No | No |
| Number allowed per account | One only | Multiple | Multiple |
| Required at account setup | Yes | No | No |
This comparison reveals the critical distinction between primary and company administrators centers on user management and subscription control authority. While both roles access identical financial data and reporting functions, only the primary admin modifies the administrator structure itself. Standard users receive highly customized access aligned with their specific job functions and responsibilities within the organization.
Security Best Practices for Administrator Access
Proper administrator access management extends far beyond simply following transfer procedures—it requires comprehensive security practices protecting against unauthorized access and data breaches. Organizations using QuickBooks must implement multiple layers of security controls to safeguard financial information.
Implement Multi-Factor Authentication
Multi-factor authentication adds a critical security layer requiring users to verify their identity through multiple methods before gaining system access. QuickBooks supports two-step verification using one-time passwords sent via text message or email to registered phone numbers and addresses. Enable this feature for all administrator accounts immediately to prevent credential theft attacks.
Navigate to your Intuit account settings by clicking on your profile icon and selecting “Sign in & Security” from the menu. Locate the two-step verification option and click “Turn on” or “Set up” to begin the configuration process. Choose your preferred verification method—either SMS text message or email—and enter the corresponding contact information where you want to receive security codes.
QuickBooks sends a test verification code to confirm your contact information works correctly. Enter this code in the verification field and click “Save” to activate two-factor authentication on your account. After enabling this feature, every login attempt requires both your password and a one-time code sent to your verified contact method, dramatically reducing unauthorized access risk even if someone steals your password.
Update your MFA preferences regularly and maintain backup verification methods in case your primary phone number or email becomes unavailable. Consider using authenticator apps like Google Authenticator or Microsoft Authenticator for enhanced security compared to SMS-based codes, which can be intercepted through SIM-swapping attacks.
Create Backup Administrator Accounts
Never configure your QuickBooks account with a single administrator who possesses exclusive access to critical functions. Single points of failure create severe business continuity risks when that administrator becomes unavailable due to illness, termination, or personal emergencies. Establish at least one backup company administrator who can assume primary responsibilities if needed.
Select a trusted individual within your organization such as a financial manager, controller, or business partner to serve as the backup administrator. This person should understand basic QuickBooks operations and possess the authority to make financial decisions during emergencies. Add them as a company administrator following the standard user invitation process.
Document the backup administrator’s credentials in a secure location accessible to multiple authorized parties such as a password manager with shared vault access. Include detailed instructions explaining how to initiate a primary admin transfer if the current primary admin becomes unreachable. Store this documentation separately from QuickBooks itself to ensure access during account lockout situations.
Test the backup administrator’s access periodically to verify they can log in successfully and perform essential functions. Schedule quarterly or annual reviews where the backup admin signs in, reviews their permissions, and confirms they remember how to navigate critical QuickBooks features. These tests identify and resolve access problems before emergencies occur.
Conduct Regular Access Reviews
Implement a formal schedule for reviewing all QuickBooks user access rights to ensure permissions remain appropriate for current job responsibilities. Quarterly reviews provide a reasonable balance between thoroughness and administrative burden for most organizations. Annual reviews suffice for very small businesses with stable staffing.
During each access review, export the complete user list from QuickBooks showing all accounts and their assigned roles. Compare this list against your current employee roster to identify any accounts belonging to departed employees that should be immediately removed. Check for users whose job roles have changed and require permission adjustments to align access with their new responsibilities.
Pay particular attention to administrator accounts during these reviews since they possess elevated privileges and present heightened security risks. Verify each administrator still requires that level of access for their current duties. Challenge any long-standing administrator assignments to ensure they reflect genuine business needs rather than outdated permissions that accumulated over time.
Document each access review with the review date, participants, findings, and any changes made to user permissions. Store these records with other internal control documentation for reference during audits or investigations. This documentation demonstrates your organization takes access control seriously and maintains proper oversight of financial system security.
Common Mistakes to Avoid When Changing Administrators
Organizations frequently make preventable errors during administrator transitions that create access problems, security vulnerabilities, or compliance failures. Learning from these common mistakes helps you avoid similar pitfalls in your own admin change processes.
Failing to Document the Change
Many businesses change administrators without creating any written record of the transition, leaving no audit trail explaining why access changed or who authorized the modification. This lack of documentation creates problems during SOX audits, IRS examinations, or internal investigations of suspicious transactions. Auditors question undocumented admin changes and may view them as evidence of weak internal controls.
The consequence of undocumented admin changes extends beyond audit findings to operational confusion when future staff members review historical access patterns. Without clear records, organizations cannot determine who possessed specific permissions during past periods, complicating fraud investigations and access dispute resolution.
Create a standardized form or checklist documenting every administrator change including the date, previous administrator, new administrator, business justification, and approving authority. Require signatures from both the previous and new administrators acknowledging the transfer. Store these forms with other access control documentation in secure but accessible locations for future reference during audits or reviews.
Not Removing Departed Employee Access Promptly
Companies often delay removing QuickBooks access for departed employees due to workload pressures, assuming the terminated employee poses no threat, or uncertainty about proper removal procedures. This delay creates severe security vulnerabilities where former employees retain access to sensitive financial data and can manipulate records or steal information weeks or months after their employment ended.
The consequences of delayed access removal include potential fraud where former employees create fake vendors, redirect payments, or alter financial records to cover previous misconduct. Recent QuickBooks fraud cases demonstrate terminated employees changed payroll direct deposit information to redirect funds to personal accounts or modified customer payment details to steal incoming revenue.
Establish a formal offboarding checklist including immediate QuickBooks access termination as a mandatory step occurring on or before the employee’s final day. IT departments or HR personnel should verify access removal completion within 24 hours of termination. Never delay this critical security step regardless of departure circumstances or ongoing workload demands.
Sharing Administrator Credentials Among Multiple People
Some organizations establish a single administrator account with credentials shared among several staff members to avoid purchasing additional user licenses or simplify access management. This practice creates severe audit trail problems because QuickBooks logs show all actions under the shared account name, making it impossible to determine which specific individual performed particular transactions.
The consequence of shared credentials extends to complete loss of accountability within the accounting system. When fraud occurs and investigators review audit logs, they cannot identify the guilty party among the multiple users sharing access. This ambiguity can expose innocent users to suspicion and prevent proper fraud prosecution due to lack of evidence linking specific individuals to questionable transactions.
QuickBooks pricing includes multiple users in most subscription tiers, eliminating any financial justification for credential sharing. Assign each person their own unique login credentials and corresponding user account within QuickBooks. The minimal additional cost of extra user licenses pales compared to the massive legal and financial exposure created by shared credential practices.
Ignoring Multi-Factor Authentication
Many QuickBooks users view multi-factor authentication as an inconvenient obstacle slowing down their login process rather than essential protection against credential theft and account takeovers. They disable 2FA if permitted or skip the optional setup process during account creation. This decision leaves accounts vulnerable to phishing attacks and password breaches exploited by criminals to access financial data.
The consequence of skipping MFA manifests in rising numbers of QuickBooks account compromises where criminals use stolen credentials to alter payroll deposit information, redirect customer payments, or steal sensitive business information. Recent security incidents demonstrate attackers specifically target QuickBooks Online Accountant accounts lacking MFA to gain access to multiple client files simultaneously.
Enable multi-factor authentication on all administrator accounts immediately regardless of perceived inconvenience. The few extra seconds required for code entry provide exponentially greater security protection than password-only authentication. Configure backup verification methods to prevent lockout situations if your primary MFA device becomes unavailable.
Do’s and Don’ts for QuickBooks Administrator Management
Implementing clear guidelines for administrator management helps organizations maintain security and control over financial data while enabling efficient operations.
Do’s for Administrator Management
Do maintain at least two company administrators to ensure business continuity if one administrator becomes unavailable due to illness, departure, or emergency. This redundancy prevents access crises that halt accounting operations. The backup administrator should possess sufficient QuickBooks knowledge to perform essential functions and understand where to find additional help when needed.
Do implement strong password requirements for all administrator accounts including minimum length, complexity rules combining uppercase, lowercase, numbers, and symbols, and mandatory periodic password changes. Enforce these requirements through technical controls and administrative policies. Use password managers to generate and store complex passwords that humans cannot easily remember but provide strong security protection.
Do conduct background checks on employees who will receive administrator access to your QuickBooks account. Financial system administrators handle sensitive business information and possess authority to manipulate critical records. Background verification including criminal history, credit checks, and reference verification helps identify potential fraud risks before granting elevated permissions.
Do document all administrator changes with written records showing the date, individuals involved, business justification, and approving authority. Store this documentation with other internal control records for audit reference and historical access pattern analysis. Include details about what permissions changed and why the change was necessary for business operations.
Do enable audit log monitoring to track all administrator activities within QuickBooks and review these logs regularly for suspicious patterns. Look for admin actions occurring outside normal business hours, bulk transaction deletions, or unauthorized user permission changes. Set up alerts notifying you immediately when administrators perform high-risk activities like closing date modifications or user access changes.
Do create and test disaster recovery procedures including documented steps to regain QuickBooks access if all administrators lose their credentials or the account becomes locked. Store these procedures in secure locations accessible without QuickBooks access. Test recovery procedures annually to verify they work correctly and update them when QuickBooks changes its account recovery process.
Don’ts for Administrator Management
Don’t grant primary administrator status to external parties including accountants, bookkeepers, or consultants unless absolutely necessary for specific business reasons. External parties lack the same accountability as employees and may service multiple clients with conflicting interests. Use External Accountant or Company Admin roles providing adequate access for professional services without surrendering ultimate account control.
Don’t delay administrator transitions when employees announce their departure from your organization. Complete primary admin transfers before the employee’s final day to prevent situations where departed employees retain control of your financial data. If the departing person serves as primary admin, identify their replacement and initiate the transfer process during the notice period.
Don’t skip verification steps during administrator change processes even when they seem redundant or time-consuming. One-time password confirmations and email verifications prevent unauthorized admin transfers that could lock legitimate owners out of their own accounts. These security measures protect against social engineering attacks where criminals impersonate legitimate users to gain administrative access.
Don’t ignore suspicious administrator activity such as unexpected permission changes, new users added without authorization, or admin actions during off-hours. Investigate these incidents immediately rather than assuming they resulted from honest mistakes. Many fraud schemes begin with subtle administrative permission manipulations that escalate over time.
Don’t disable security features like multi-factor authentication, password complexity requirements, or automatic session timeouts because they create minor inconveniences. These protections provide essential defense against credential theft and unauthorized access. The temporary inconvenience of entering verification codes pales compared to the catastrophic consequences of compromised administrator accounts.
Pros and Cons of Different Administrator Structures
Organizations must weigh various administrator configuration approaches based on their size, complexity, security requirements, and operational needs. Each structure offers distinct advantages and disadvantages worth considering.
Single Primary Administrator with Multiple Company Admins
This structure designates one trusted individual as the ultimate authority while distributing daily administrative workload among several company administrators who handle routine operations.
Pro: Clear chain of command exists with one person bearing ultimate responsibility for QuickBooks management and critical decisions. Other team members know exactly who possesses final authority when questions or conflicts arise about permissions, data access, or account configuration. This clarity prevents confusion during crisis situations requiring rapid administrative decisions.
Pro: Distributed workload allows multiple administrators to share routine tasks like user management, bank connection troubleshooting, and report generation without requiring involvement from the primary admin for every administrative function. Company admins handle most day-to-day administrative needs efficiently while the primary admin focuses on strategic oversight and high-risk activities.
Pro: Business continuity protection exists because multiple administrators possess knowledge and capability to maintain QuickBooks operations if any single administrator becomes unavailable. The primary admin can transfer their role to a company admin during extended absences or organizational restructuring without disrupting accounting operations.
Con: Potential bottleneck emerges when only the primary admin can approve certain critical changes like subscription modifications, primary admin transfers, or high-level permission adjustments. If the primary admin travels frequently or manages numerous responsibilities beyond QuickBooks, these bottlenecks may delay important administrative actions.
Con: Security complexity increases with multiple administrators requiring individual credential management, MFA setup, and access monitoring. Organizations must track and document permissions for several high-privilege users rather than focusing security resources on a single account. This complexity can lead to security oversights if not properly managed.
Rotating Primary Administrator
Some organizations transfer primary administrator status periodically among several trusted individuals to distribute power and reduce single-point-of-failure risks.
Pro: Reduced fraud opportunity occurs because no single individual maintains permanent supreme authority over the accounting system. Potential fraudsters cannot plan long-term schemes relying on consistent administrative access to manipulate records and cover tracks. The rotation creates natural review opportunities when incoming admins examine the previous admin’s activities.
Pro: Cross-training benefits develop as multiple team members learn primary admin functions and develop comprehensive QuickBooks expertise. This knowledge distribution strengthens organizational resilience and reduces dependence on any single individual for accounting operations. Team members understand the full scope of QuickBooks capabilities rather than narrow specialized functions.
Con: Audit trail confusion results from frequent administrator changes making it difficult to identify who possessed primary admin authority during specific periods when reviewing historical transactions or investigating issues. Documentation requirements increase substantially to maintain clear records of which individual held primary admin status at any given time.
Con: Transition overhead consumes significant time as organizations must complete the full primary admin transfer process repeatedly, including OTP verification, invitation acceptance, and permission verification. Each transition creates temporary vulnerability windows and risks of procedural errors leading to access problems.
Con: Inconsistent practices may emerge as different primary admins implement varying approaches to user management, permission structures, and security protocols based on their personal preferences and understanding. This inconsistency can create confusion among users and weaken overall security posture through gaps between different admins’ security awareness levels.
External Administrator (Accountant or Bookkeeper)
Some small businesses grant primary administrator status to their external accountant or bookkeeping service provider who manages their QuickBooks on their behalf.
Pro: Professional expertise ensures QuickBooks configuration aligns with accounting best practices and tax compliance requirements. Professional bookkeepers and accountants possess deep QuickBooks knowledge exceeding typical business owners’ expertise, potentially reducing errors and improving financial reporting quality.
Pro: Time savings for business owners who can delegate QuickBooks management entirely to specialized professionals while focusing on core business operations. Owners avoid learning complex accounting software and troubleshooting technical issues, instead relying on their accountant’s expertise.
Con: Loss of control over critical business financial data creates dependence on the external party for routine accounting access and reporting. The business owner cannot immediately access their own financial information without contacting their accountant, creating delays in decision-making requiring current financial data.
Con: Security risks increase when external parties who serve multiple clients maintain primary admin access to your financial data. These arrangements create vulnerability to credential breaches affecting the accounting firm or deliberate misconduct by the external provider. Recent data breach incidents demonstrate attackers target accounting firms precisely because compromising one firm’s credentials grants access to numerous client QuickBooks accounts.
Con: Transition difficulties emerge when businesses outgrow their external bookkeeper or want to bring accounting functions in-house. The external party may resist transferring primary admin status, particularly if they view QuickBooks control as essential to retaining the client relationship. Businesses sometimes face hostage situations where external bookkeepers refuse to relinquish admin access without legal action.
Emergency Access Recovery When Admin is Unavailable
Even with proper planning, situations arise where the primary administrator becomes completely unreachable and you need immediate access to QuickBooks for critical business functions. Understanding emergency recovery procedures prevents prolonged accounting disruptions.
Contacting QuickBooks Support for Admin Access
When the current primary administrator cannot transfer their role due to departure, death, incapacitation, or refusal to cooperate, you must request Intuit’s assistance through their Business Change Request process. This formal procedure verifies your legal authority to control the QuickBooks account before granting primary admin access.
Begin by opening the Business Change Request form on Intuit’s website and selecting the company you want to request primary admin access for from your account list. Click “Continue” to proceed to the verification section where you must provide detailed business information proving your ownership or authorization to control the account.
Prepare supporting documentation establishing your legal authority over the business including business formation documents, EIN verification letter from the IRS, current business license, or corporate resolution authorizing your admin access. Intuit requires different documentation types depending on your business structure—sole proprietorships need different proof than corporations or partnerships.
Submit the completed Business Change Request form with all required supporting documents attached. Intuit’s account protection team reviews these submissions manually to prevent fraudulent account takeovers. The review process typically requires 3 to 5 business days but may extend longer if additional documentation or clarification is needed.
During the review period, maintain alternative accounting records using bank statements and backup financial documents to ensure business operations continue. You cannot access QuickBooks features requiring primary admin authority until Intuit completes their verification and grants you primary admin status. Plan for this delay when emergency access becomes necessary.
Alternative Access for Accountants
Accountants working in QuickBooks Online Accountant have a unique pathway to request primary admin access for client accounts when the client’s primary admin becomes unavailable. This process requires the accountant firm’s primary admin to initiate the request and follows different procedures than the standard Business Change Request.
Sign into QuickBooks Online Accountant using your firm’s primary admin credentials and navigate to your client list. Locate the client account needing admin access and select it to view the client details. Look for the three-dot menu icon in the Action section and click it to reveal available options.
Select “Change primary admin” from the menu to initiate the accountant admin transfer process. The system displays a confirmation prompt explaining you are requesting to become the primary administrator for your client’s account. Review this information and select “Change primary admin” again to confirm your request.
The client’s current primary admin receives notification of your access request via email and must approve your elevation to primary admin status. If the current primary admin cannot approve because they are unavailable, contact QuickBooks support explaining the situation and providing documentation supporting your authority to request this access for your client.
After Intuit grants you primary admin access to complete your accounting work, follow proper procedures to transfer primary admin status back to your client when your engagement concludes. Do not retain primary admin access to client accounts longer than necessary for your professional services.
Integration of QuickBooks Admin Management into Business Continuity Planning
Effective business continuity planning recognizes that accounting system access constitutes a critical business function requiring protection and redundancy. QuickBooks administrator management must integrate into broader disaster recovery strategies ensuring financial operations continue during various disruption scenarios.
Documentation and Backup Procedures
Create comprehensive documentation detailing your QuickBooks administrator structure including current primary administrator identity, all company administrator names, standard user list with roles, emergency contact information for administrators, and complete procedures for initiating admin transfers. Store this documentation both electronically and physically in secure locations accessible during system outages.
Implement automated daily backup procedures for QuickBooks Desktop company files or ensure your QuickBooks Online subscription includes adequate data retention and recovery capabilities. Test backup restoration quarterly to verify you can successfully recover data if corruption or loss occurs. Schedule backups to run automatically during overnight hours when users are not accessing the system.
Document your backup storage locations, retention policies, and recovery procedures in detail. Include specific file paths, cloud storage credentials, and step-by-step restoration instructions that someone unfamiliar with your systems could follow during emergencies. Update this documentation whenever backup procedures or storage locations change.
Store at least one complete backup copy offsite or in cloud storage geographically separated from your primary business location. This geographic separation protects against local disasters like fires, floods, or building damage that could destroy both your primary systems and locally stored backups. Encrypt offsite backups to protect sensitive financial data during transmission and storage.
Succession Planning for Administrator Roles
Identify potential successors for each administrator role within your organization who could assume those responsibilities if current administrators leave unexpectedly. Document these succession plans with clear promotion pathways and training requirements preparing successors for their potential future roles. Review and update succession plans annually or whenever organizational changes affect key personnel.
Provide cross-training opportunities where potential administrator successors learn QuickBooks administrative functions under supervision of current administrators. This training should cover not only technical QuickBooks operations but also business context explaining why certain administrative decisions get made and how they align with broader company objectives.
Create detailed knowledge transfer documents capturing critical information possessed by current administrators including unusual accounting procedures, custom report configurations, third-party integration details, and historical context for account structure decisions. Store these documents where successors can access them if sudden administrator departures occur without adequate transition periods.
Regular Testing and Validation
Schedule periodic drills testing your administrator access procedures to verify they work correctly during actual emergencies. These tests should include attempting to recover QuickBooks access using only your documented procedures without assistance from current administrators. Time how long recovery takes and identify procedural gaps or documentation deficiencies revealed during testing.
Conduct disaster recovery exercises simulating various scenarios like primary administrator sudden departure, credential compromise requiring emergency password resets, or accounting firm security breach affecting client access. Evaluate how quickly your organization can restore normal accounting operations and identify bottlenecks or dependencies slowing recovery processes.
Validate that backup administrator accounts remain functional by having backup admins sign in quarterly and complete sample administrative tasks. This validation confirms the accounts are not locked, passwords have not expired, and backup admins remember how to navigate critical QuickBooks functions. Document validation results and address any access issues discovered during testing.
FAQs About Changing QuickBooks Administrator
Can I change QuickBooks administrator without the current admin’s help?
No. The current primary administrator must initiate and authorize the transfer process using their login credentials and verification codes. If the current primary admin is unavailable, you must submit a Business Change Request form with ownership documentation to QuickBooks support.
How long does the QuickBooks admin transfer process take?
Typically 15-30 minutes. The actual transfer completes quickly once you initiate it, but the new primary admin must accept their invitation email before the transfer finalizes. Emergency access requests through QuickBooks support require 3-5 business days for verification.
What happens to the old primary admin after the transfer?
They become company administrator. QuickBooks automatically changes the previous primary admin to company administrator status when the transfer completes, allowing them to retain access and perform most functions except managing the new primary admin or transferring the role.
Can I have multiple primary administrators in QuickBooks?
No. Only one primary administrator can exist per QuickBooks account at any time. You can have multiple company administrators who possess nearly identical access except for primary-admin-only functions like user management and subscription control.
Does changing the administrator affect my QuickBooks data?
No. Administrator changes modify only user access permissions and roles, not your financial data, transactions, reports, or account settings. All historical transactions, customer information, and vendor records remain completely unchanged regardless of who holds administrator status.
What if I forget my QuickBooks administrator password?
Use password reset. Visit the QuickBooks sign-in page, click “I forgot my user ID or password,” and follow the prompts to receive a reset link at your registered email address. Complete the verification process to create a new password.
Can an accountant be the primary administrator?
Yes, but not recommended. While technically possible, granting external parties primary admin status creates security risks and control loss. Use External Accountant or Company Admin roles providing adequate access for professional services without surrendering ultimate account authority.
How do I remove a former employee’s admin access?
Immediately upon departure. Log in as primary admin, navigate to Manage Users, locate the departed employee, click Edit, and either remove their access completely or downgrade their role to prevent accounting system access during and after their final day.
Does QuickBooks notify users about administrator changes?
Yes. The system sends email notifications to both the previous and new primary administrators when transfers complete. The new primary admin must accept an email invitation before the transfer finalizes. Other users do not receive automatic notifications.
Can I transfer primary admin to someone without existing QuickBooks access?
No. The target user must first be added as a company administrator and accept their invitation before you can transfer primary admin status to them. You cannot transfer directly to completely new users or standard users.
What documents do I need for emergency admin access requests?
Business ownership proof required. Submit business formation documents, EIN verification letters, business licenses, or corporate resolutions proving your legal authority to control the account. Required documents vary based on your business structure and specific situation.
How often should I review QuickBooks administrator access?
Quarterly recommended. Review all administrator and user access every three months to verify permissions remain appropriate for current job responsibilities. Annual reviews suffice for very small businesses with stable staffing and minimal administrative changes.
Can I change administrator roles in QuickBooks Desktop and Online?
Yes, but processes differ. QuickBooks Online uses a web-based interface for admin transfers while QuickBooks Desktop requires managing both Primary Company Admin and Primary Intuit Account Admin roles through different menu paths.
What happens if multiple people try to change the admin simultaneously?
First to complete succeeds. QuickBooks processes admin transfer requests sequentially, completing the first properly authorized request and rejecting subsequent attempts until the first transfer finalizes. The system prevents conflicting simultaneous admin changes through verification requirements.
Is two-factor authentication required for administrator accounts?
Strongly recommended, sometimes mandatory. While not universally required, QuickBooks enforces two-factor authentication for certain administrator actions and payroll access. Intuit increasingly mandates MFA for all administrator accounts to enhance security.