Day 1 as a Tenant Admin
Outcome
By the end of your first day, you understand the configuration surface your tenant has, you have walked through the audit log, and you know which scope grants which capability so you can answer access requests from your team.
You are responsible for
- Adding payers, programs, contracts, and fee schedules so claims build with the right rates and rules.
- Authoring rules that scrub charges before submission and classify denials after remittance.
- Setting up ingestion feeds for inbound member rosters / charge files / EVV streams.
- Managing trading partner credentials for outbound EDI.
- Granting and revoking users and roles within your tenant.
- Watching the audit log for compliance and HIPAA accounting.
You are not responsible for the underlying infrastructure (database servers, deploys, network) — that's the platform admin's job, on MedSuite's side.
Your first day
Sign in at
<your-org>.rcm.medsuite.comwith the credentials your platform admin gave you, change your password, and enroll MFA.Tour the Configuration nav group. Each item maps to a chapter:
Nav item Chapter Payers 5.1 — Payers, programs & contracts Fee Schedules 5.2 — Fee schedules Rules 5.3 — Rules engine YAML Modifiers 5.4 — Modifier rules Ingestion 5.5 — Ingestion mappings and 5.7 — Feeds & Push API EDI / Trading Partners 5.6 — Trading partner credentials Everything in Configuration is hidden from non-admin staff by RBAC.
Confirm payers and programs are registered. Open Payers; for each payer you bill, confirm the programs (Medicaid waivers, commercial products) are present with the right
authorizationWorkflowandtimelyFilingDays. See 5.1.Confirm fee schedules attached. Open Fee Schedules; each contract should carry an active schedule. See 5.2.
Walk the audit log. Open
Configuration → Audit Log. Filter to your tenant's last 24 hours. Confirm that real activity is being recorded — claim builds, member edits, scheduled-email runs. This is your day-to-day compliance lens. See 6.3 — Audit log lookup (HIPAA pulls).Review users and their roles. The Users admin (under Configuration) shows everyone in your tenant. Confirm the role assignments are appropriate — billing clerks have
billing.*scopes, clinicians haveclinical.*, etc. The principle is least privilege.Skim the Issues queue at
/issuesand the Dashboard. Even on day 1, existing issues likely exist. Familiarize yourself with how they look so you can route them later. See 7.3 — Issues queue triage.
Common Day-1 onboarding tasks
| Task | Chapter |
|---|---|
| New payer just contracted | 5.1 — Payers, programs & contracts |
| New EVV vendor coming online | 4.3 — Manage EVV sources |
| New SFTP feed from a state | 5.7 — Feeds & Push API |
| New Push-API integration with an EHR | 5.7 — Feeds & Push API |
| New rule (e.g. a state requires a new modifier) | 5.3 — Rules engine YAML and 5.4 — Modifier rules |
| Add / remove a user | Users admin under Configuration |
| Annual fee-schedule update | 5.2 — Fee schedules (CSV import) |
What you should never do
- Bypass auth on a route. The platform refuses anyway; do not request an exception.
- Edit the audit log. The audit log is append-only; if a row appears wrong, file an issue.
- Share credentials. Each user gets their own account. Sharing breaks the audit trail.
- Disable RBAC for a "quick fix". Use scope grants narrower than full admin where possible.
Where to next
- New payer to add: 5.1 — Payers, programs & contracts.
- New rule to write: 5.3 — Rules engine YAML.
- Audit a HIPAA pull: 6.3 — Audit log lookup.