How many users can I invite to HIBR?

Lite includes 1 user (owner only). Pro includes 5 users. Enterprise has unlimited users. Additional users on Pro can be added at AED 50/user/month. All tiers include unlimited read-only viewers (e.g., your external accountant or auditor) who don't count against the active-user quota.

What roles can I assign to users?

HIBR ships with 8 default roles: Owner, Admin, Accountant, HR/Payroll Officer, Sales User, Warehouse User, Cashier, and Viewer. Enterprise can create unlimited custom roles with granular per-module permissions. The Owner role is unique — it can't be deleted and only the Owner can change the workspace billing or terminate the workspace.

Does HIBR support two-factor authentication?

Yes. 2FA is available on all tiers and enforced by default for the Owner role. Supported methods: TOTP (Google Authenticator, 1Password, Authy, etc.), SMS to a UAE mobile number, and WebAuthn passkeys. Enterprise admins can require 2FA for all users in the workspace.

Does HIBR support single sign-on (SSO)?

SSO is included in Enterprise. Supported identity providers: Microsoft Entra ID (Azure AD), Google Workspace, Okta, OneLogin, and any SAML 2.0 or OIDC-compliant provider. SCIM provisioning is supported for automated user lifecycle management.

Where do I see who did what?

Settings → Audit Log. Every meaningful action — invoice created/voided, payment recorded, user added/removed, permission changed, data exported, integration connected/disconnected, tax filing submitted — is logged with user, timestamp, IP address, and the before/after diff. Audit logs are retained for 7 years per FTA Tax Procedures Law requirements.

Can I customize notifications?

Yes. Settings → Notifications gives per-user granular control over 40+ notification types across 4 channels: in-app, email, WhatsApp (Pro+), and SMS (Enterprise). You can mute, route by severity, or set quiet hours per channel.

How do I close my HIBR account?

Settings → Billing → Cancel subscription. After cancellation, your data is retained for 90 days in read-only mode so you can export it. On day 91, data is permanently deleted unless you've started an Enterprise data-handover SOP. PDPL Article 13 (right to erasure) is honored on owner request at any time during the retention window.

Home › Help › Account & Settings

Help · Account & Settings

HIBR Account & Settings

Users, roles, two-factor authentication, single sign-on, notification preferences, audit log, workspace settings. The operational reference for everything under Settings — the controls that govern who can do what inside your HIBR workspace.

Updated May 2026 9 min read For: Owners + Admins Beta opens: October 2026

Your account vs your workspace

HIBR has two layers:

Your personal account — your login (email + password + 2FA), your profile, your notification preferences. One account per person. The same account can belong to multiple workspaces if you serve clients across several businesses (common for accountants and tax agents).
The workspace — the actual ERP instance for a business: company profile, TRN, employees, customers, books. Each workspace has one Owner and any number of additional users. The workspace is what you pay for; your personal account is free.

Switching workspaces: Click the company name in the top-left → "Switch workspace". HIBR keeps each workspace fully separated; no data ever crosses between them.

User management

Settings → Users gives you the full roster, with status (active, invited, suspended), role, last-login timestamp, and the workspaces each user has access to.

Inviting a user

Settings → Users → Invite user.
Enter email + role. The user gets an email invite valid for 7 days. They set their own password and 2FA on first login.
Optional: scope. If you've created custom scopes (e.g., "Branch: Dubai only" or "Customers: Sales-team-owned only"), apply them at invite time.
Audit log captures the invitation. Every user-management action is logged for 7 years.

Removing or suspending a user

Suspending pauses access without deleting the user record — useful for staff on long leave or contractors between engagements. Removing fully revokes access and dissociates from all records. Either way, the user's historical actions remain in the audit log (immutable).

Default roles

HIBR ships with 8 default roles. Each role has a curated permission set that maps to typical SMB job functions. Permissions can be extended (Enterprise tier) but never below the safety floor — e.g., no role can disable the audit log or bypass approval workflows.

SCOPE: FULL

Owner

The workspace creator. Cannot be removed; cannot have permissions reduced.

Unique to Owner: billing changes, workspace deletion, sole 2FA-required role by default.

SCOPE: FULL EXCEPT BILLING

Admin

Operational manager. Manages users, roles, integrations, and settings.

Cannot: change billing, delete workspace, demote the Owner.

SCOPE: FINANCE

Accountant

Books, invoices, payments, VAT 201, Corporate Tax, journal entries.

Cannot: manage users, modify integrations, view employee salaries.

SCOPE: HR + PAYROLL

HR/Payroll Officer

Employees, leave, payroll runs, WPS SIF generation, gratuity, EID + visa tracking.

Cannot: view customer/supplier data, approve high-value payments.

SCOPE: SALES

Sales User

Quotations, sales orders, customer accounts, the AR aging they personally own.

Cannot: view full financials, modify product cost data, approve credit notes.

SCOPE: INVENTORY

Warehouse User

GRNs, stock transfers, picking lists, cycle counts, batch + serial tracking.

Cannot: see purchase prices on supplier-confidential items, modify GL.

SCOPE: POS

Cashier

POS sales, end-of-shift cash count, customer lookup. Permission to issue refunds is configurable.

Cannot: see margin, modify product pricing, void historical sales.

SCOPE: READ-ONLY

Viewer

Read-only access to assigned modules. Designed for external accountants, auditors, investors.

Cannot: create, modify, or delete anything. Unlimited seats on all tiers.

Custom roles (Enterprise)

Enterprise admins can compose roles from a granular permission tree: 200+ permissions across 14 modules. Examples seen in beta:

"Branch Manager — Dubai" — Sales + Accountant + Warehouse permissions, scoped to a single branch location.
"AP Clerk" — Can create supplier invoices and supplier payments up to 25,000; everything above routes for approval.
"AR Specialist" — Customer invoices + collections + dispute management, but no journal-entry power.
"Group Auditor" — Read-only across all workspaces under a parent company.

Custom roles inherit safety floors: no custom role can disable the audit log, bypass owner-required approvals, or modify the company TRN/Corporate Tax Reference.

Two-factor authentication (2FA)

2FA is available on all tiers. The Owner role has 2FA enforced by default. Admins can enforce 2FA workspace-wide on Pro and Enterprise.

Method	How it works	Best for
TOTP	App generates a 6-digit code rotating every 30 seconds.	Everyone — the default. Works with Google Authenticator, 1Password, Authy, Bitwarden.
WebAuthn passkey	Phone/laptop biometric (Face ID, Touch ID, Windows Hello) or hardware key (YubiKey).	Owners + Admins. Phishing-resistant.
SMS	6-digit code to your UAE mobile number.	Backup only. SMS is the weakest 2FA — use TOTP or passkey as primary.
Recovery codes	10 single-use backup codes generated at 2FA setup.	Emergency only. Print and store offline.

Lost your 2FA device? Use a recovery code at login. If you've lost both, the Owner can reset another user's 2FA from Settings → Users. If the Owner has lost their own 2FA and recovery codes, HIBR support requires identity verification (passport + Emirates ID + ownership proof) before resetting Owner 2FA. This protects you against social-engineering attacks.

Single sign-on (SSO)

SSO is included in Enterprise. It eliminates separate HIBR passwords and lets your IT team manage HIBR access through the same identity provider that controls Microsoft 365, Google Workspace, etc.

Supported protocols: SAML 2.0 and OpenID Connect (OIDC).
Tested identity providers: Microsoft Entra ID (Azure AD), Google Workspace, Okta, OneLogin, JumpCloud, Auth0.
SCIM 2.0 provisioning: Automated user create/update/deactivate when employees join, change roles, or leave.
JIT provisioning: First-time SSO login auto-creates the user with default role mapping you configure.
Bypass for break-glass account: The Owner retains a password+2FA login outside SSO for emergency recovery.

Notification preferences

Settings → Notifications gives each user granular control over what HIBR sends them. 40+ notification types across 4 channels.

Channel	Available on	Use cases
In-app	All tiers	Default for everything; nothing missed.
Email	All tiers	Daily digests, weekly reports, anything you may want to forward.
WhatsApp	Pro + Enterprise	Urgent alerts: integration failures, tax-deadline countdown, large payments received.
SMS	Enterprise	Critical-only: workspace lock, security incident, FTA submission failure.

Each notification type has 4 controls: channel routing, severity threshold, frequency (immediate / daily / weekly), and quiet hours. Defaults are reasonable; tune them to your reality.

Quiet hours respect UAE working week. Default quiet hours (set per user) silence non-critical notifications outside 08:00—19:00 UAE time, and all day Friday + Saturday. Critical alerts (security incident, FTA failure) always punch through quiet hours.

Audit log

Settings → Audit Log is the immutable record of every meaningful action in your workspace. It is retained for 7 years per FTA Federal Decree-Law 7/2017 (Tax Procedures Law) record-keeping requirements.

Captures: invoice created/voided/modified, payment recorded, journal entry posted, user added/removed, permission changed, integration connected/disconnected, tax filing submitted, data exported, login (success + failed).
Each entry includes: timestamp (UTC + UAE time), user, IP address, user-agent, the before/after diff of the changed record.
Filters: by user, module, date range, action type, severity, IP address.
Export: CSV or JSON. The full export is also pre-formatted for auditor review (PWC, EY, KPMG, Deloitte, BDO templates).
Tamper-proof: append-only. No role — not even Owner — can edit or delete audit entries. Underlying storage uses content-addressed hashes.

Workspace + company profile

Settings → Company controls the legal-entity profile that appears on every invoice, tax filing, and report.

Company name — English + Arabic. The Arabic name is rendered correctly on Arabic invoices and FTA submissions.
TRN (Tax Registration Number). Validated against the FTA public registry on entry.
Corporate Tax Reference Number. Validated against FTA records.
Trade License + expiry. HIBR alerts you at D-90 / D-60 / D-30 before renewal. See the Trade License Renewal cornerstone blog.
Free Zone status + QFZP claim. If applicable per Cabinet Decision 100/2023, HIBR routes your Corporate Tax computation through the QFZP rules.
VAT period. Auto-detected (monthly or quarterly); editable if FTA changes your assignment.
Logo + brand colors. Applied to invoices, quotes, statements, and customer-portal pages.
Banking details. Default bank + IBAN that appears on invoices. Multiple bank accounts supported per workspace.

Multi-entity & multi-branch

If you run multiple legal entities or multiple branches under one entity, HIBR supports both shapes:

Multiple legal entities — each entity is its own workspace. Consolidated reporting available on Enterprise. Common for groups with separate TRNs (e.g., trading + services).
Multiple branches under one entity — single workspace, multiple branches. Branch-level P&L, branch-level inventory, branch-level POS. Common for retail chains and F&B operators.

Billing & subscription settings

Settings → Billing is Owner-only. The page shows your current plan, next renewal date, payment method, and the full invoice history.

Change plan. Upgrade (Lite → Pro → Enterprise) takes effect immediately with prorated charges. Downgrade takes effect at next renewal with appropriate feature-gate warnings.
Update payment method. Card, direct debit (UAE banks), or invoice (Enterprise). Cards are tokenized via Stripe; HIBR never stores raw card data.
Add seats. Pro tier: 50/user/month additional. Enterprise: contact your account manager.
Cancel subscription. Self-serve. Cancellation is honored at the end of the current billing period; you keep full access until then.
Billing contact. A non-Owner can be set as billing recipient (invoices go there); Owner still authorizes plan changes.

For the full billing reference, see the Billing & Subscriptions help article.

Data export & account closure

Your data is yours. PDPL Federal Decree-Law 45/2021 Articles 12 & 13 (right to access + right to erasure) are honored without bureaucratic friction.

Export anytime. Settings → Data Export. Choose format (CSV / JSON / SQL dump / PDF financial pack). Full export including audit log usually completes in under 30 minutes.
Cancel subscription. Triggers a 90-day read-only retention window. Export at your pace.
Day 91: permanent deletion. Unless an Enterprise data-handover SOP is in progress, all workspace data is permanently deleted from primary storage and replicas on day 91. Backups age out on the standard 35-day retention cycle.
Immediate erasure. Owner can request immediate erasure ahead of day 91 in writing. HIBR honors PDPL Article 13 within 30 days regardless of subscription state.

Audit-friendly record retention. Even after account closure, HIBR can provide a one-time downloadable archive of your records for FTA 7-year retention purposes. This is included free on all paid tiers up to 90 days post-cancellation; available as a one-time service after.

HIBR Account & Settings

Your account vs your workspace

User management

Inviting a user

Removing or suspending a user

Default roles

Owner

Admin

Accountant

HR/Payroll Officer

Sales User

Warehouse User

Cashier

Viewer

Custom roles (Enterprise)

Two-factor authentication (2FA)

Single sign-on (SSO)

Notification preferences

Audit log

Workspace + company profile

Multi-entity & multi-branch

Billing & subscription settings

Data export & account closure

Related help articles