Role Delegation Reference
- Account management is the day-to-day admin workflow inside My Verizon.
- Lines are provisioned, suspended, transferred and retired through the Wireless Lines module.
- Roles are assigned in the Administration module with scopes tied to sub-accounts.
- Invoice approvals flow through a Net-30 window with dispute-quarantine behaviour.
- Every action writes to the seven-year immutable audit trail.
What Sits Inside Account Management
Account management at Verizon Business is the label given to the routine administrative workflows a master admin and their delegates run inside the My Verizon portal. Five workflows dominate the day-to-day: adding and removing wireless lines as hires and departures happen; assigning and adjusting admin roles as the organisation structure changes; approving monthly invoices and routing disputes; resetting passwords and rotating API keys on the documented cadence; and reviewing the audit trail for unusual activity. Every other workflow — device orders, trouble tickets, SSO edits — attaches to one of these five flows.
The workflows are scoped by role. A finance secondary admin can approve an invoice but cannot add a line. An IT secondary admin can add a line but cannot approve an invoice. A read-only auditor can view both but cannot change either. A primary admin can do everything. Scope enforcement happens at the server, not the interface — the API rejects out-of-scope actions even when the UI is manipulated. That separation is what earns the SOC 2 Type II control letter that Platinum customers receive on request.
Line Provisioning & Retirement
Adding a wireless line through account management runs three steps. Open the Wireless Lines module, select the sub-account the line should attach to, and provide the device or eSIM profile. If the sub-account carries a default plan, the line inherits it; otherwise the admin selects the plan from the catalogue. Number porting from an external carrier adds a port-request step with a one-to-three-day turnaround depending on the losing carrier. Activation happens when the SIM is inserted and the device first attaches to the network, or immediately for eSIM profiles on compatible devices.
Retirement is the inverse. The admin opens the line record, triggers 'Retire Line', and confirms whether to port the number out or to release it. Retired lines move to a closed state and stop generating charges on the next billing cycle. Devices attached to the retired line can be returned under warranty terms if still current, or retained by the business for out-of-contract use. The billing portal shows any final proration owed on the retirement cycle.
Action, Required Role & Audit Behaviour
| Action | Required role | Audit entry |
|---|---|---|
| Add wireless line | Wireless Lines scope | Line ID, plan, cost-center, source IP |
| Retire wireless line | Wireless Lines scope | Line ID, reason, port-out flag |
| Assign admin role | Primary admin | Delegate email, new scope, prior scope |
| Approve invoice | Finance scope | Invoice ID, amount, approval timestamp |
| Open invoice dispute | Finance scope | Line-item, disputed amount, reason |
| Reset secondary admin password | Primary admin | Delegate email, reset link issued |
Role Assignment Mechanics
Role assignment starts in the Administration module. The primary admin opens 'Users', picks 'Create Admin', enters the email and assigns the scope from a fixed catalogue: primary admin, finance, wireless lines, Fios circuits, devices, tickets, read-only. Each scope can be bounded to one or more sub-accounts — a finance admin might cover all sub-accounts while a wireless-lines admin covers only a single branch. The scope is enforced at the API, and any attempt to act outside the scope returns a 403 with an audit-log entry.
Role rotation happens through the same module. The primary admin edits a delegate's record, changes the scope, and saves. The change propagates within thirty seconds and the delegate's next API call or dashboard action enforces the new scope. The previous scope and the new scope are both captured in the audit entry, along with the timestamp and the acting primary admin's User ID. Role removals — when a delegate leaves the business — trigger a session-termination flow that invalidates any active portal sessions within one minute.
Invoice Approval & Dispute Workflow
Invoices for a Verizon Business master account post to the billing portal on the first of each month. The finance-scoped admin reviews the invoice, allocates any ambiguous line-items to cost-centers, and takes one of three actions: approve in full for payment on the Net-30 cycle; route specific line-items into dispute while approving the remainder; or route the whole invoice into dispute. The Net-30 clock starts at invoice post, not at approval, so a delayed approval still charges interest if payment misses the due date.
Dispute handling quarantines the disputed amount. The line-items flagged for dispute are excluded from the payable total, the remaining balance is marked for payment, and the dispute ticket is routed to the Verizon Business billing-analyst team with a 10-business-day resolution target. Resolution either credits the disputed amount (and the quarantine is released as a credit), or confirms the charge (and the quarantine is released as payable with no additional interest for the dispute window). The FCC consumer-protection rules on telecommunications billing disputes provide the backstop framework for this workflow.
Password Reset & API Key Rotation
Password reset for a secondary admin runs through the primary admin. The primary opens the secondary's user record in Administration, triggers 'Reset Password', and the delegate receives a one-time reset link at the email on record. Customers on SAML SSO have no native password and the reset happens at the identity provider. Primary-admin password reset runs through the 24/7 business line at 1-855-228-8743 with EIN and tax-ID verification, as documented in the business account login reference.
API-key rotation is a quarterly maintenance task. The primary admin generates a new API key in the Administration module, updates the MDM integration (Intune, Jamf, Workspace ONE) or the custom automation with the new key, and revokes the old key after confirming the new key is live. Overlapping keys for the rotation window is supported — both keys authenticate for up to 24 hours. Audit entries capture the key generation, the consumer update timestamp and the old-key revocation.
Audit Trail Review
The audit trail is the compliance backbone of account management. Every administrative action writes a row into the immutable log: line adds and removals, role changes, invoice approvals, dispute opens and closes, device orders, MDM enrolments, API-key rotations, SSO configuration edits and sign-in events. Rows include the acting admin, the timestamp in UTC, the source IP, the user-agent string, the affected object and the before-and-after values. The log is append-only; no row can be deleted or edited by any role, including the primary admin.
Review happens at three cadences. Platinum-tier customers have quarterly review by the named account team. Enterprise-tier customers self-review quarterly using the CSV or JSON export. Smaller tiers review annually during the privacy statement alignment cycle. Unusual patterns — an admin adding twenty lines in ten minutes, a sign-in from a geography never used, a scope change followed immediately by a privileged action — are surfaced by an anomaly detector that runs on the live log and generates review flags for the primary admin.