Release Notes: January 13, 2023

Receipt External Access Code

The Receipt External Access Code allows Administrators to safely and securely share receipt images with external users who do not have a Certify account.

Multiple Emburse Certify reports, including the Client Billable Report and Expenses with Receipts Report, include unique URLs to view the receipt images associated with a given expense. Some customers elect to share these reports with external users who do not have access to Certify, such as a partner, vendor, or client.

Going forward, external users who are given the unique receipt URLs will need to enter the company’s External Access Code to view the receipts. By implementing a second requirement for authentication, Administrators can rest assured that their receipts are secure and only being seen by the appropriate parties.

The Receipt External Access Code can be found on the Security Settings page, under Configuration.

Please Note: Previous customer messaging indicated that the access code could be found on the View and Edit Policy page.

On the Security Settings page, Administrators can retrieve their access code and share it with whichever external users need access to receipts.

Please Note: Having only the access code will not grant external users access to receipts. The external user must also have the unique receipt URLs, which can be found in several Certify Reports or in Custom Reports.

The code will automatically expire one year after creation. Administrators will be notified via email when a new code is generated.

Administrators can elect to regenerate their access code manually using the Regenerate Code option. If this is selected, the current code will expire immediately and any external user attempting to access receipts with the expired code will not be given access.

When an external user attempts to access a receipt URL, they will be greeted with an authentication screen to view the image.

The external user can either enter the External Access Code or authenticate with a username and password. The external user will only need to enter the access code once during their session.

For more information on the Receipt External Access Code, please refer to our Help Center Articles:

Sharing Receipt URLs with External Users

Locating the Receipt External Access Code

Password Reset and Multi-Factor Authentication Updates

At Emburse Certify we treat the security of our application as our highest priority. To improve the level of security around Password Reset and Multi-Factor Authentication, we are making the following updates to these flows: 

  • Security codes sent via email or text will now expire after 3 unsuccessful attempts, or after 30 minutes of issuance. In either case, a user trying to reset their password or log in using MFA will have to request a new code. 
  • Users that type the incorrect security code 3 times in either the Password Reset or login via MFA flow will be redirected to the Login page (

Was this article helpful?