For Orion’s core applications, each individual person, connection, or integrations should have its own individual user tied to that entity. User management allows for custom and specific access to collections of data and privileges around what that user can or can not do in the Orion platforms. In addition, the unique user provides for the tracking of activity, edits, and events which are be used in logging, auditing and troubleshooting. A user includes a username, a password, a first and last name, email address, an internal user ID, and a user type and a user role (both defined below).
Access to both the User experience and the Orion API are defined and controlled by the user type and the user role. The Manage Users App is the Orion application used to create, manage, or delete Users and/or User Roles.
User Privileges:
In addition to user type, Orion’s application security uses privileges to control what features or data points a user has access to. For application features privileges have an “Enabled” or “Disabled” setting, but for data points there are access levels to Read, Edit, and Delete.
User Roles:
A User Role is a collection of User Privileges assigned to a User for defining/controlling the access to the Orion platforms.
Special User Roles:
For ease of setup Orion provides each new database with a Default Advisor and Default Representative user roles which are preset to the commonly used features and access needed by those user types. The Advisor Admin user role is assigned to the first user(s) set up during implementation and has special access to create and manage new users for the firm.
User Types:
Administrator – Used exclusively for Orion employees, these user have access to multiple databases (often all available databases in production, staging, and test) and has access to multiple features and even tools meant for helping set up or configure new advisors, servicing and troubleshooting with users, and performing internal tasks for the organization, including reconciliation, billing, and trading. This level typically has access to all available Orion applications and features.
Advisor – This user has the highest level of access provided to Orion customers. The Advisor level user can be thought of as an administrative or back office user for a firm that will have access to all of the firm’s households/clients as well as potential access to all Advisor features (controlled by the user role).
Representative – This user can be commonly thought of as a typical advisor who works with individual clients. A Representative user has access only to a select group of Households and can only have access to features designed for an individual advisor’s use – this excludes firm level auditing, reporting, or administrative tools. In Orion a Household/Client is assigned to one or more Representative IDs, then a Representative user is associated to one or more of these IDs, however it is the best practice to be assigned to only one ID and then have that ID assigned to each Household this advisor should have access to.
Client – This user represents the end investor or financial planning client for the firm. This user will only have access to the Client Portal and has access to all features there that the firm has enabled for client users. A client user can only be assigned to a single household, but multiple client users can be associated to the same household (for example spouses, trustees, or children).
Use this chart for the availability for each user type with each Orion platform.
| Administrator | Advisor | Representative | Client | |
| Orion Connect | Yes | Yes | Yes | No |
| Eclipse | Yes | Yes | Yes | No |
| Advisor Portal | Yes* | Yes* | Yes | No |
| Orion Planning / Client Portal | Yes* | Yes | Yes | Yes |
| HiddenLevers | Yes | Yes | Yes | No |
Orion does have of a few special user types:
API/Integration User – This user is an Advisor level user set up with the API/Integrations user role and is used exclusively for integrations or API connections. This user has no access to the Orion User Interface and does not have a password expiration like a standard user.
Service Account – This user is rarely used, but still exists for use with some of Orion’s legacy functionality. While similar to the API/Integration user, it is used exclusively with Orion’s legacy web services or in some instances where user impersonation is required.