Canopy Accounts & Permissions

Article author
Nick Renard
  • Updated

We have introduced a new user management feature that simplifies role assignment and standardization. This feature allows administrators to create a set of Canopy Roles, each containing permissions to specific Canopy sections. 

Canopy Roles are then assigned to venue(s) under each Canopy Account.

Upon the release of Canopy Roles, each Canopy Account will maintain their current permissions until a new Canopy Role is assigned and saved.

Canopy Roles

Creating and Updating Canopy Roles

To create a new Canopy Role:

  1. Click the [ + ] in the upper right-hand corner of the page.
  2. Provide an intuitive name for the new Canopy Role.
  3. Select the permission(s) for the new Canopy Role.
  4. Click Save.

To update an existing Canopy Role:

  1. Click on the desired Canopy Role.
  2. Update the name and/or permissions.
  3. Click Save.

Note: Updating an existing Canopy Role that has been assigned to a set of users will update their permissions automatically.

Canopy Accounts

The Canopy Accounts section will now display the role(s) assigned to each venue for each user. Legacy Permissions can be viewed until a new Canopy Role has been assigned to one of the user's venues.

Adding a New Canopy Account

The Canopy Accounts section allows administrators to add new users to their organization with the appropriate Canopy Roles. 

How to Add a New User

  1. Navigate to Canopy Accounts
    • Go to Access > Canopy Accounts in Canopy.
    • Click the blue [ + ] to begin the process.
  2. Enter User Details
    • Provide the user’s first name, last name, email address and any other required details.
    • Assign a Canopy Role to the desired venue(s) based on their role in the organization.
      • Leaving a venue role blank will prevent the user from accessing Canopy for that venue altogether.
  3. Confirm & Save
    • Review the user details and assigned roles.
    • Click Save to finalize the addition.

If the user does not exist in the ecosystem, they will receive an invitation email prompting them to create a password and set up their account.

If the user already has an account in another organization, they will be granted permissions within the current organization without needing to set up a new account.

 

Who Can Access Canopy Accounts?

Access to this section is limited to privileged users - such as administrators or designated managers - who are responsible for maintaining security for the organization. A privileged user will have the Access permission selected in their Canopy Roles(s) for the current organization. If a user does not have the Access permission selected for their account and navigates to the Access section of Canopy, they will be presented with an unauthorized message. 

How Permissions Work

Each permission section represents a functional area within Canopy. Users can be granted access to separate sections, depending on their responsibilities.

Each section (e.g., Menus, Orders, Status, Reports & Exports, Loyalty, Devices, Suites, and Access) represents a different aspect of the system that a user can interact with.

Canopy Account Statuses

When managing users in Canopy Accounts, each account is assigned a status that indicates its current accessibility within the system. There are three main statuses:

🟢 Active

An Active user has full access to Canopy based on the permissions assigned to them.

What This Means:

✅ The user has successfully accepted their invitation (if they were newly added).

✅ They have a working account and can log in.

✅ Their permissions define what areas they can access.

When You’ll See This Status:

  • The user has set up their account and is actively using Canopy.
  • An administrator has reactivated a previously deactivated user.

 

🟡 Invitation Pending

A user is in Invitation Pending status when they have been invited but have not yet completed account setup.

What This Means:

⚠️ The user has received an email invitation but has not created a password or logged in yet.

⚠️ They do not have access until they accept the invitation and set up their account.

When You’ll See This Status:

  • A new user was added but hasn’t completed the registration process.
  • The invitation email may have been missed or is still in their inbox.

What to Do If a User Stays in This Status Too Long:

  • Resend the invitation email from the Canopy Accounts section.
  • Ensure they check their spam/junk folder.

 

🔴 Inactive

An Inactive user can no longer access Canopy but remains in the system for record-keeping.

What This Means:

⛔ The user cannot log in and no longer has permissions.

⛔ Their data and activity history are preserved for administrative purposes.

⛔ They can be reactivated if needed.

When You’ll See This Status:

  • An admin manually deactivated the user.
  • The user no longer requires access to the organization.

How to Reactivate an Inactive User:

  • Navigate to Canopy Accounts and locate the user.
  • Click Reactivate, then assign the appropriate permissions.

What Happens When a User is Inactive?

🚫 Deactivation is Global

  • If a user is deactivated in one organization, their account is completely deactivated across all organizations in the current ecosystem.
  • They will lose access to every organization they were previously granted permissions in.

🔐 No Selective Deactivation

  • There is no option to deactivate a user only in a single organization while keeping access to others.
  • If a user should lose access to just one organization, please reach out to venuesupport@shift4.com for assistance.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Related articles

Comments

0 comments

Please sign in to leave a comment.