Firm credentials
The firm credentials vault is your firm’s shared password manager. Store the logins for IRS e-Services, your tax software (Lacerte, ProConnect, Drake), state e-file portals, payroll providers, and anywhere else your team needs to sign in.
Passwords are stored securely and only revealed when a teammate with permission asks. Every reveal is logged so you can see who used what.
Stop sharing IRS PINs in Slack.
Open Settings → Firm credentials to see your firm’s vault. Credentials are grouped by category. Each card shows the name, username, and a button to reveal or copy the password.
Where the vault lives
The vault appears in three places, each with a narrower audience:
| Scope | Where you find it | What’s there |
|---|---|---|
| Firm-level | Settings → Firm credentials | Shared firm-wide logins |
| Client-level | Inside a client profile, the Vault tab | Logins specific to one client |
| Engagement-level | Inside an engagement, the Vault tab | Logins for one engagement |
This page covers the firm-level vault. The client and engagement vaults work the same way, but only people with access to that client or engagement can see them.
Categories
Credentials are grouped by category:
| Category | Examples |
|---|---|
| IRS | e-Services PIN, EFIN, ITIN renewal portal |
| State portal | Oregon DOR, California FTB, New York DTF logins |
| Financial | Bank logins for reconciliation, Stripe dashboard |
| Payroll | Gusto, ADP, Paychex admin accounts |
| Tax software | Lacerte, ProConnect, Drake, UltraTax |
| Custom | Anything firm-specific — your CPA society portal, your e-fax service |
Pick a category when you add a credential. You can re-categorize anytime.
Add a credential
Click + Add credential. Fill in the form:
| Field | Required? |
|---|---|
| Name | Yes |
| Category | Yes |
| URL | No |
| Username | No |
| Password | No, but you probably want one |
| Notes | No |
| Custom fields | No — for security questions or secondary PINs |
Click Save. The password is stored securely. The username and URL stay in plain text so the team can find the right login at a glance.
[Screenshot: Add credential dialog with fields filled in]
Reveal a password
On any credential card, the password is hidden as ••••••••. Click the Reveal icon to show it for about 30 seconds, after which it auto-hides.
Every reveal is recorded in the activity log, for example:
May 22, 4:12 PM Jane Chen revealed "IRS e-Services"The firm owner can see this log.
Copy without revealing
Click Copy instead of Reveal. The password is copied to your clipboard but never shown on screen. The activity log records the copy.
If you use a password manager like 1Password, copying is the better choice — you go straight from the vault to the target form without ever seeing the plaintext.
Edit a credential
Click the pencil on a card. The dialog re-opens with the current values filled in.
To change the password, you have to type the new one in full. There’s no “edit everything except the password” option — this prevents accidental edits to the stored password.
Delete a credential
Click the trash icon. Confirm the prompt:
Delete “IRS e-Services”? This is irreversible.
Confirming removes the credential permanently. Even Assure Pro can’t recover a deleted password.
What’s hidden vs visible
| Hidden until revealed | Visible to anyone with vault access |
|---|---|
| Password | Name |
| Custom field values | URL |
| Notes (when marked sensitive) | Username |
| Category | |
| When it was added or last changed |
The rule: anything that would help an attacker is hidden. Usernames and URLs are useful but not catastrophic.
Multi-factor codes (MFA)
| Type | How to handle it |
|---|---|
| Authenticator app (Google Authenticator, Authy) | This version doesn’t generate codes for you. Use the Notes field to point teammates to where the shared secret lives — for example, “Authy account, chenadvisory.gmail.” |
| Push approval (Duo, Okta) | The teammate with the device approves on their phone when someone else attempts a sign-in. Not vault-managed. |
| SMS codes | Avoid these — use an authenticator app instead. |
A built-in code generator is on the roadmap.
Activity log
Every interaction with a credential is recorded:
- Created
- Updated (password changed or fields edited)
- Revealed or copied — by whom
- Deleted
Click the clock icon on a card to see its history. The firm-wide activity log shows the same events across all credentials.
Common gotchas
- MFA still applies on the destination. Assure Pro can store your password for the IRS portal, but if the portal requires a code from your phone, you still need that phone.
- Don’t store client Social Security numbers here. Those live on the client record. The vault is for logins.
- Don’t store Assure Pro API keys here. Those have their own home at API keys.
- Rotate when staff leave. Anyone who had vault access and then leaves can still remember the passwords they saw. Change the passwords on the external services and remove the person’s Assure Pro account on offboarding.
Security details
| Detail | How it works |
|---|---|
| Stored securely | Passwords are encrypted with a per-firm key, kept in a separate secure store. |
| In transit | Always over an encrypted connection. |
| Key rotation | Annual, transparent — your credentials re-protect themselves with the new key without anyone re-entering passwords. |
| Backup | Encrypted copies are backed up. Recovery requires both the backup and the secure store. |
| Activity log retention | 7 years. |
| In-memory | The password sits in memory only during a reveal, then is discarded. |
The vault is not intended for your end-clients’ portal passwords — those live in the client portal sign-in system separately. The vault is for your firm’s logins to external systems.
Who can use the vault
| Action | Who can do it |
|---|---|
| View the vault list | Anyone with View vault |
| Reveal or copy a password | Anyone with View vault |
| Add, edit, or delete | Anyone with Manage vault |
| View the audit log | Owner only |
Anyone with View vault can reveal any credential in their scope — there’s no per-credential lock. If you need narrower sharing, use a client-level or engagement-level vault instead.
Client and engagement scopes
For the narrower vaults, you need standard access on top of vault permission:
| Scope | Who can see |
|---|---|
| Firm-level | Anyone with View vault |
| Client-level | Anyone with View vault plus access to that client |
| Engagement-level | Anyone with View vault plus access to that engagement |
By default, View vault and Manage vault are granted only to owners and admins. Add View vault to staff teams who need shared logins — for example, tax preparers using a shared Lacerte license. Keep Manage vault restrictive.
Next
- Team and permissions — granting vault access to teams.
- Clients — where client-scoped credentials live.
- Engagements overview — engagement-scoped credentials.