Access Manager for ATO online services
Access Manager is used to manage access and permissions for:
- Online services for agents
- Online services for business
- Australian Business Register (ABR).
It also allows you to manage which functions others can access on behalf of your business.
To manage access for Online services for foreign investors, go to Authorise a representative.
Learn more about:
- Access Manager for business
- Access Manager for tax professionals
- Access Manager for business software users
Log in to Access Manager
To log in to Access Manager and manage permissions you need:
- a Digital ID, such as myIDExternal Link
- to be the principal authority or authorisation administrator in Relationship Authorisation Manager (RAM)External Link.
Access Manager and RAM
Relationship Authorisation Manager (RAM)External Link is an authorisation service that allows you to access our online services on behalf of a business.
Once someone accepts their authorisation in RAM to access ATO online services on behalf of a business, go to Access Manager to customise and manage their permissions.
Roles and authorisation types
Managing permissions for staff is one of the main functions of Access Manager. To do this, you need to be either of the following authorisation types in RAM:
- Principal authority – including Responsible authority, Indirect associate and Government representative. You have full access to ATO online services.
- Authorisation administrator – you can create and manage authorisations for others in RAM and customise permissions in Access Manager. Your permissions in Access Manager can only be modified by a principal authority.
If you're a principal authority or authorisation administrator in RAM, you automatically become an administrator in Access Manager and have access to all permissions for ATO online services.
Note: Once you assign permissions to authorised users, anything they do in ATO online services is legally binding to your business.
Responsibilities when using Access Manager
Access Manager allows you to manage who has electronic access to your business' tax information. It's your responsibility to regularly review and monitor who has access to your business records.
Data about individuals and entities in Access Manager is confidential. You must ensure that unauthorised people don't compromise the integrity of that data. If you leave your computer unattended, even briefly, you must log out from Access Manager or lock your computer.
When you log in to Access Manager, you agree to:
- comply with the terms and conditions of myID and RAM
- always keep your myID secure and not share it with others
- not disclose your myID password or share it with others.
By providing others with access to secure business information through myID and RAM, as yourself or as a representative for tax purposes, you must understand:
- User access and permissions – the level of access given to each type of user (Administrator, Authorised user) and the transactions users can undertake. For more information, see Access Manager permissions.
- Business appointments – the nature of your relationship with any entities you have appointed as a representative for tax purposes and what transactions they can undertake.
- Legally binding actions – the actions these users and representatives undertake through Access Manager are legally binding to your business.
Preventing unauthorised access to business information
If your staff have access to your secure information in ATO online services, we strongly recommend that you:
- use Access Manager regularly to ensure that a user's level of access to our systems is appropriate
- immediately disable or remove a user's account in Access Manager and RAM if you have any concerns about their activities
- ensure that each person who deals with us online on behalf of your business has their own myID
- keep passwords secure – they must not be shared.
If you use hosted (online) SBR-enabled software, we strongly recommend that you limit access to stored business information to appropriate staff only. If you have any concerns, contact your digital service provider for advice.