Set up authorisations

If you are a principal authority or authorisation administrator, you can create authorisations for employees and other individuals to work on behalf of the business. It is your responsibility to maintain the integrity of your business records. This is to ensure:

  • employees can easily identify who can authorise them
  • the correct people have been authorised to access government online services on behalf of your business.

You can authorise someone as a:

  • Authorisation administrator – a user who can create and manage authorisations for others (a Basic user cannot be authorised as an authorisation administrator).
  • Authorised user – a user who can work on behalf of a business.
  • Machine credential administrator (MCA) – a user who can create and manage machine credentials to interact with government online services through business software (a Basic user cannot be authorised as an MCA).
  • Basic user – a user who can work on behalf of a business with a Basic myGovID identity strength (Basic access is only available for some government online services).

Basic users can only be authorised up to 12 months from their start date. Prior to the Basic authorisation end date, you’ll receive an email notification to renew. The ability to renew Basic user authorisations will be available soon.

For each government online service, the principal authority or authorisation administrator can grant either:

  • Full access
  • Custom access
  • No access.

On this page:

See also:

Before you start

Check with the user you are authorising that:

  • they have set up their digital identity, such as myGovID
  • their full legal name matches the name used to set up their digital identity
  • their email address can only be accessed by them – this is where the authorisation request is sent (it can be different to the email address they used to set up their digital identity, such as a work email address).

See also:

If you use a tax professional

If you use a tax professional to meet your tax obligations with the ATO or other government agencies, you don’t need to authorise them (or their practice) in RAM. Your agent will complete this on your behalf.

The tax professional notifies the ATO they're working on your behalf through their online services. This process has not changed.

Creating a new authorisation

To create a new authorisation:

  • select Manage authorisations
  • select the business you would like to add an authorisation to
  • click Add new user.

Then complete the following labels:

  • Representative type – select either Standard user or Basic user (this is based on the user's myGovID identity strength).
  • Representative details – enter the user's name and email address.
  • Authorisation details – select Yes or No for the user to be an authorisation administrator or an MCA (for a Standard user only). Enter a start and end date or it will default to no end date – this can’t be backdated or left blank as an end date is required for a Basic user (no longer than 12 months from the authorisation date).
  • Agency access – select the level of access (Full, Custom or None) for each agency. Choose the Select all option if you want to apply the same level of access to all. For Basic users, only agencies who accept this level of access will display.
  • Summary – review details and accept the Declaration. Select Show details for the full agency list.
  • Customise access if custom access is given for ATO online services to a Standard user, you will be redirected to the ATO’s Access Manager to set permissions. Before you can set permissions for a Basic user, they need to complete additional proof of identity requirements (automatically emailed to the user).

A new authorisation needs to be created when changing the authorisation of a Basic user to a Standard user. Once accepted, the status of the Basic authorisation will change to ‘Inactive – Overridden’.


    See also:

    Authorisation requests and codes

    When you authorise someone, they will receive an authorisation request via email containing a code. The request must be accepted or declined within seven days.

    Re-issuing authorisation codes

    If an authorisation code has expired (not accepted within seven days) or is not working, a principal authority or authorisation administrator will need to re-issue a code. To do this:

    • select Manage authorisations
    • select the business name associated with the user
    • click View next to the user’s name which will have a pending status
    • click Re-issue a code under the authorisation code details
    • a message will confirm you want to re-issue a code, if you select yes a confirmation message will appear advising the code has been re-issued
    • click Continue.

    See also: