Intuit Admins, Roles, and the "Primary Admin" Plot Twist

Editor’s Note: This article is part 3 of a 4-part series. To view all of Dan DeLong's Intuit series, click here: Dan DeLong Intuit Series

If Intuit access feels confusing, it is not because you are bad at technology. It is because you are trying to manage a modern identity system that is spread across multiple products, multiple portals, and multiple types of “admin.”

The cast of characters: users, roles, and permissions

Here is the simplest way to think about it:

• A user is a person with an Intuit account.
• A role is what a person is allowed to do inside a specific product.
• Permissions are the individual capabilities that come with that role.

The part that trips up firms is that these concepts are not always presented consistently across QuickBooks Online, Intuit Enterprise Suite, payroll, payments, and the various management sites.

Two different admin conversations are happening at once

When someone says, “Make me an admin,” they might mean one of two things:

1. Make me an admin inside QuickBooks Online (so I can do accounting work, manage users, change settings, connect apps, etc.).
   
2. Make me the top-level owner of the Intuit account relationship (so I can control the company’s identity, recover access, and approve certain high-impact changes).

Those are not the same request, and treating them like they are is how you end up with:

• A client who can invoice but cannot add a user
• A staff member who can add a user but cannot fix a login issue
• A firm that does the work but cannot regain control when the “wrong” person leaves

The “Primary Admin” plot twist

Most accounting professionals have a story that starts like this:

“I’m an admin in the file. Why can’t I do the thing?”

Welcome to the Primary Admin plot twist.

In many QuickBooks Online companies, there is a specific designation often called Primary Admin. This is the highest authority for certain actions. You can be an admin and still not be the Primary Admin.

That matters because some changes require the Primary Admin specifically, such as:

• Transferring the Primary Admin role
• Certain billing and subscription changes
• Some security and account recovery steps

The practical problem is not that Primary Admin exists. The practical problem is that clients often do not know who it is, and firms often inherit a file without a clean handoff. From Intuit’s perspective, the Primary Admin is the person who owns and manages the subscription. This can cause unnecessary conflict when the login tied to that role is not the intended individual. The situation is compounded when that person is no longer available.

Common real-world scenarios (and how to handle them)

Scenario 1: The client’s former bookkeeper is the Primary Admin

This is a classic. The former bookkeeper is gone, the client is locked out of key actions, and your firm was asked to fix it yesterday.

What to do:

• Confirm who is currently designated as Primary Admin.
• If the Primary Admin is not reachable, start the recovery path immediately, because it can take time.
• While recovery is in progress, make sure the client has at least one additional admin user with a known login.
• Intuit's Article Resource for changing the primary admin roles

Scenario 2: The owner uses “the company email” and everyone shares it

Shared logins are convenient until they are catastrophic.

What to do:

• Create individual user accounts for each person who needs access.
• Assign roles based on job responsibilities, not seniority vibes.
• Document who has what, and why.

Scenario 3: The firm is doing the work, but has no admin-level access

If you cannot manage users, apps, or key settings, you are one surprise payroll issue away from a very long day.

What to do:

• Ask for the level of access you need up front.
• Explain the business risk in plain language.
• Put the access requirements in your onboarding checklist.

Accounting firm personas: who should have what

Here is a practical way to think about role assignment in a firm environment. Adjust based on your services and your client’s risk tolerance.

• Client owner (or internal controller): should be Primary Admin, or at minimum should know who is.
• Firm owner/partner: should have admin-level access where appropriate, and should know the recovery path.
• Day-to-day bookkeeper: needs the least access required to do the job efficiently.
• Payroll specialist: needs payroll-specific permissions without being handed the keys to the whole kingdom.

The goal is not to make everything harder. The goal is to make it harder for the wrong person to do the wrong thing.

Where to confirm roles and access

Because Intuit’s ecosystem is broad, you may need to verify access in more than one place. Depending on the product and situation, you might find yourself checking:

• The company’s user management area inside QuickBooks Online
• The Intuit account and security area (for the user’s login and security settings)
• Firm tools and client access management portals (for accountant access and invitations)

If you are already thinking, “That is too many places,” you are correct. The best defense is a repeatable process.

A simple process to prevent admin chaos

Use this as a lightweight internal checklist for each client:

1. Identify the Primary Admin and confirm they are a real, reachable person.
2. Confirm at least two admin-capable users exist, with separate logins.
3. Remove shared logins and replace with named users.
4. Assign roles intentionally (least access needed).
5. Document everything in your client file: who, what role, why, and where it was confirmed.

This is not busywork. This is how you avoid losing half a day to “I swear I’m an admin.”

A quick note for Scaling New Heights attendees

If you are heading to Scaling New Heights, Carrie Kahn and I are co-facilitating a breakout session where we will dig into these access and admin issues in more detail, and we will have a checklist you can use with your clients.

Up next

In Part 4, we will move from “who has access” to “how to keep it safe,” including a practical security SOP you can use for a solo practice or a multi-staff firm.