In Administration under My Company, you maintain the system-wide basic settings of your ZEP tenant: appearance, email dispatch, company data for invoicing, bank details, letter paper and login/password policies. The box is available in all three product lines; individual sub-menu items appear depending on the licensed add-on modules.

You reach the area via Administration > My Company. The prerequisite is the Administrator role.

In the sub-menu General, you set the appearance of your ZEP, the default language, the number of items per table page and several system-wide security defaults.

You upload your Company logo (maximum 1 MB). ZEP displays it exclusively inside the web application: on the login page and in the top navigation of the running application. For display on printed reports, invoices and PDF exports, the Letter Paper is responsible — logo and letter paper are separate configurations.

Three color fields control the appearance of your ZEP. ZEP Color sets the primary accent color for buttons, highlights and header bars. App DarkMode Color sets the accent color for the mobile ZEP app in dark mode. Link color determines the color of links in texts.

You enter a hex color value or pick the color from the color palette. To return to the ZEP default color, clear the respective field completely and save again.

Via the checkbox Show ZEP logo in black and white, ZEP displays its own logo in monochrome instead of the ZEP default colors. Particularly helpful when you have stored a strong accent color as ZEP Color and Link color and the original ZEP logo colors no longer fit harmoniously into the overall design. The setting affects the web application, not the uploaded company logo.

You determine whether ZEP enforces an SSL-encrypted connection by default, offers it as an option, or excludes it. ZEP recommends SSL throughout. When switching from automatic redirect to a different setting, all users must manually delete their ZEP session cookie in the browser — otherwise a new login is not possible.

Controls whether the browser-native password storage is allowed. Activation eases the daily login on the same devices; deactivation makes sense on shared workplaces or under strict compliance requirements, so that login credentials do not end up in the browser cache.

You set the default language for ZEP. The language setting also includes the language-typical formatting of date, time and decimal numbers. ZEP supports seven languages: German, English, French, Spanish, Polish, Slovak and Turkish — plus several regional format variants such as Austrian German or British English formatting.

Employees, projects and contacts usually have the setting -Default- and therefore see ZEP in this global language. A different language can be set individually at three levels:

You determine how many rows ZEP displays per paged table (project administration, employee administration and comparable lists). The default is 15. High values are only comfortable on large monitors — otherwise an unpleasant interplay arises between table paging and browser scrolling.

The setting does not affect fully displayed report tables or popup lists. A page break also only occurs when the next page would contain at least four entries.

With this option you automatically display the stored company name in the header of every printed report — useful when the letter paper does not already transport the company details or when you want to distinguish tenants quickly.

With this checkbox you control whether ZEP keeps line breaks in multi-line text fields (for example project or task remarks) during the CSV export or replaces them by spaces. The default is oriented toward the fact that many spreadsheet tools (e.g. older Excel versions) interpret line breaks within a cell as a new data row — and thus the column structure of the export is lost. Activate the option when your target system can handle multi-line cells.

In the sub-menu Email, you determine how ZEP sends emails. The configuration screen is structured into three sub-areas: General (mail-server choice and configuration path), Settings for ZEP mail client and automatically sent emails and Display. Depending on the choice in the General area, two configuration paths are available: ZEP mail server with [email protected], ZEP mail server with your own email addresses, or a special outgoing mail server (your own SMTP server, optionally with OAuth).

In the General area, you choose which mail server ZEP uses for automatically generated emails: planned-hours warnings, overtime notifications, ticket-system emails and comparable collective mails. Two configuration paths are available. We recommend the ZEP mail server because it accepts mails immediately and processes them in a background queue. The ZEP entry does not wait for the dispatch. With your own mail server, ZEP has to hand the mails over synchronously, which can delay the entry by a few seconds depending on the provider (especially when saving time bookings that trigger follow-up mails).

Default configuration without additional effort. Under Mail server, select Use ZEP mail server; ZEP sends automatically generated emails with the fixed sender address [email protected]. This variant is the right choice when you do not need your own company domain as sender.

You choose Use your own mail server and store your SMTP server with the corresponding access data: Server, Port, Use secure connection, Username and Password. The sender address must belong to your domain — [email protected] is not allowed because our SPF record only allows ZEP systems to send.

For modern cloud mailers (Microsoft 365, Google Workspace), you secure the access via OAuth instead of username and password. ZEP supports three OAuth paths — details follow in the next area.

When you have chosen Use a special outgoing mail server and want to connect ZEP to a cloud mailer via OAuth, three paths are available: Microsoft OAuth Azure (classical SMTP dispatch with OAuth authentication), Microsoft Graph API (dispatch directly via the Graph API, without SMTP) and Google Mail.

For dispatch via Microsoft 365 by SMTP with Azure OAuth, register ZEP once as an app in Azure and store the access data in ZEP.

Steps in Azure:

Steps in ZEP under Administration > My Company > Email > Change settings: choose Use a special outgoing mail server and fill in the fields:

Click Save, then click the external-link icon — you are redirected to the Office 365 sign-in page. After a successful sign-in, you automatically return to the mailbox page in ZEP. Setup is complete.

Alternative without SMTP protocol: ZEP sends the mails directly via the Microsoft Graph API. This variant bypasses SMTP-specific restrictions of your Microsoft 365 environment and is often the preferred path under strict compliance requirements.

Steps in Entra ID (Azure):

In ZEP under My Company > Email > Change settings: choose Use your own mail server > Microsoft (Graph API) and transfer the following data from Entra ID:

For dispatch via Google accounts, register ZEP as an app in the Google Cloud Console. A detailed guide on the Google app registration is available at support.google.com/cloud/answer/6158849.

You register the ZEP mail dispatch as an app via cloud.google.com/console. There you obtain OAuth-ID and OAuth-Secret, which you enter in ZEP. The redirect URL is shown in the ZEP settings as soon as you switch to Google OAuth — usually https://www.zep-online.de/zepXXXXXXXXXX/view/oauth2smtp.php, where you replace your ZEP name.

Steps in ZEP under Administration > My Company > Email > Change settings:

After saving an arrow icon appears in a box. There you sign in to Google once and grant the required permissions via pop-up. Via the letter icon you then send a test mail for verification.

For emails that ZEP generates automatically (planned-hours warning, overtime notification, ticket updates, hour-report confirmation) you store Sender name, Sender address, Reply-to name and Reply-to address. Recipients see the following information in their mail program:

Since usually nobody is expected to reply to these automatically generated mails, a noreply reply-to address is often used. With an active special outgoing mail server, typical values are: sender name ZEP, sender address [email protected].

By default, ZEP opens the local mail client of the user (Outlook, Notes, Apple Mail) when an email address is clicked. Via the checkbox Use ZEP mail client, you alternatively activate the built-in ZEP mail client. Advantage: no length limit of the email, consistent surface independent of the local program.

Via the field Delimiter for e-mail addresses, you globally define whether a comma or a semicolon stands between multiple recipients — some mail programs only accept one or the other. As soon as employees have saved their own setting in their profile, the global default no longer applies to them.

In the Display area, you design header and footer of all ZEP-sent emails via the HTML editor in Mail-header and Mail-footer — typically logo, company information and legal footer. Both editors accept HTML including inline CSS for formatted display.

Via the checkbox Show e-mail in full width, you choose whether ZEP shows the mail template across the full browser width or centered with fixed width. Full width suits templates with wide tables, fixed width suits classical letter layouts.

In the sub-menu Company data, you store the master data of your company. ZEP uses these data as the invoice sender for ZUGFeRD and XRechnung creation, for the Swiss QR code, and as placeholder variables in your letter paper. If your company data changes (legal form, address, board members), maintain them here — the update is automatically applied to all letter paper templates that contain the corresponding placeholders.

Mandatory fields for every legally correct invoice output: Name, Address line 1, optional Address line 2, ZIP Code, Location and Country code. These data appear in the sender area of printed reports and in ZUGFeRD/XRechnung metadata. The country code additionally controls country-specific fields (for example Swiss-specific fields such as BESR-Id).

Fields for Phone, Fax, Email and Website. These data are available as letter-paper placeholders and are displayed on invoice PDFs, provided your letter paper references them. Once maintained, they appear automatically on every outgoing business document.

Optional PayPal.Me name available as a letter-paper placeholder. This lets you enrich invoices with a direct payment prompt via PayPal.Me — recipients click the link and land directly in the PayPal payment form of your company. The field appears as soon as the Invoicing module is licensed.

Via the field Shareholders/Directors/Board you store the legally required information on the management — depending on your legal form. The information typically appears in the footer of invoices and business letters as soon as you use the corresponding letter-paper placeholder.

Mandatory for invoice output to business customers: VAT No. (European VAT identification number), Tax no. (national tax number of your tax office) and, if applicable, the Economic identification number (W-IdNr.). All three values flow into the ZUGFeRD metadata and are available as letter-paper placeholders.

Fields for Commercial Register number and Responsible registration court. Mandatory information for registered corporations and partnerships under German commercial law. Like the management, the values appear as letter-paper placeholders in the footer of outgoing business mail and invoices.

Fields Global identification number and Global identification number type. For the type, you choose between GLN (Global Location Number) and DUNS (Dun & Bradstreet). Required for B2B data exchange and for certain XRechnung profiles in which a unique company identification is mandated.

You need the SEPA Creditor Identifier for SEPA direct debits from customers — you obtain the ID from the first-time issuer (for Germany: Deutsche Bundesbank). The BESR-Id is the Swiss payment-slip reference number for the Swiss QR code in Switzerland and only appears for country code CH.

When using the Departments module, you can store separate company data per department. Useful when departments act legally as separate companies or use different bank details for invoicing — ZEP automatically picks the matching data set based on the project's department assignment.

In the sub-menu Bank details, you store one or more bank details of your company. ZEP uses these data for ZUGFeRD and XRechnung invoices, for the payment QR code and as letter-paper placeholders. If a bank account changes (e.g. after a bank switch), maintain it here centrally — all letter-paper placeholders update automatically.

Per bank account, you maintain the following fields:

When several bank accounts are stored, you select the appropriate one per invoice. One bank account can be marked as default — it is then automatically transferred into new invoices, without employees having to select it manually per document.

If Name in the company data and a complete bank account (Bank, IBAN, BIC) are stored, ZEP can output a payment QR code (also called GiroCode or EPC QR code) on invoices. The QR code contains recipient, IBAN, BIC, amount, currency and purpose — customers scan it in their banking app and save themselves the manual transfer of the data into the transfer form.

The code does not appear in the invoice PDF automatically. You activate it via the placeholder %R_BEZAHLCODE% in the upper or lower invoice text (project or customer additional fields). For right-aligned output, the placeholder can be embedded in a table cell with right alignment.

When using the Departments module, you can maintain separate bank accounts per department. Useful when departments act legally as separate companies and customers should transfer to different accounts. ZEP automatically picks the matching bank account based on the project's department assignment and outputs it in invoice, dunning letter and letter paper.

In the sub-menu Letter Paper, you upload your own letter paper with logo, address, bank details and mandatory information for business mail. All PDF, Word and LibreOffice reports of ZEP are output on this letter paper. Without your own letter paper, ZEP uses a neutral standard template with company name and page number in the footer.

You store a separate letter paper for each report area:

ZEP provides a step-by-step guide for creating the letter paper in LibreOffice. The guide and a template are available for download directly in the letter-paper area. Detailed instructions on document variables, page templates, paragraph templates and layout can be found as a deep dive in the separate Supplementary article: Create and upload letter paper.

You store separate templates per language and area. ZEP supports seven languages: German, English, French, Spanish, Polish, Slovak and Turkish. Based on the project language, ZEP automatically selects the matching template. This way, invoices to international customers can be generated in the desired business language, without employees having to assign a template manually per invoice.

When using the Departments module, you can store separate letter papers per department — useful when departments appear under their own letterhead or act as separate legal entities. ZEP automatically picks the matching template based on the project's department assignment.

In the sub-menu Login, you control how employees log in to ZEP — classically by username and password, alternatively via OAuth (Google, Microsoft Azure, Keycloak, Okta, generic OAuth provider) or via LDAP directory service.

Via the checkbox Use IP address authentication, you restrict ZEP access to specific IP addresses — for example to the corporate network or the VPN gateway. Enter the permitted addresses separated by spaces. Logins outside this IP list are rejected, even if username and password are correct.

Via the option Enable login via OAuth, you activate sign-in via external identity providers. Employees then see an OAuth login button on the ZEP sign-in page and can authenticate with their Google account, Microsoft account, Keycloak account or a generic OAuth provider, provided the email address in the OAuth account matches the one stored in ZEP.

Register ZEP as an app in the Google Cloud Console. You receive Client ID (Google: Client ID) and Client Secret (Google: client secret) and enter the glogin.php URL of your ZEP under the authorized redirect URIs. Employees then need the field Google ID in the ZEP user profile, containing the email address of their Google account. The sign-in starts via the link Sign in with Google on the ZEP login page.

In the Microsoft App Registration Portal (aka.ms/appregistrations) you register ZEP, store name and redirect URL and create a client secret under Certificates & Secrets. Enter the value in ZEP under Client Secret, the application ID under Client ID. For a restricted tenant, additionally the Tenant ID.

Complete procedure:

Further Microsoft documentation: docs.microsoft.com — Active Directory v2 Registration Portal.

Besides Google and Microsoft, ZEP also supports Keycloak, Okta and Generic OAuth2 as identity providers. These variants are not offered to all customers automatically — to use one of them, please contact the ZEP support at [email protected].

Per provider the following fields are maintained:

Via the checkbox Lock normal ZEP Login, you deactivate the username-password sign-in — useful when your organization exclusively uses OAuth or LDAP. When the lock is active, the multi-select list Who is allowed to unlock ZEP login via email? appears additionally. Enter here all administrators or a specific address list. These persons receive an unlock link via email when the lock is triggered and can re-enable the classical login if needed.

In the tab LDAP, you choose the sign-in method via the field Login via (Standard, LDAP or BIND-LDAP) and connect ZEP to an LDAP directory service. ZEP validates the access data against the LDAP server afterwards.

For classic LDAP, you maintain the following fields:

For BIND-LDAP, additionally maintain Hosts (space-separated), Port, Protocol Version, Bind DN, Bind Password and one or more Search DN entries. ZEP tests the connection before saving — on error, nothing is persisted.

In the sub-menu Password, you maintain quality criteria for the passwords used in ZEP. The settings apply to all employees who sign in classically by username and password.

You specify a Minimum length for the password (at least 4, at most 30 characters). The requirement is enforced when creating or changing a password — shorter passwords are rejected with a validation message.

Via the checkboxes under The password must contain at least the following characters, you activate the complexity requirements — individually selectable as one lowercase, one uppercase letter, one digit and one special character. Multiple checkboxes are cumulative; employees must then cover all activated classes.

In the field Expiration days, you specify how many days a password is valid. After expiry, employees are prompted to set a new password on the next login. 0 means no expiry.

In the field Permitted failed attempts, you limit how often a wrong password entry is accepted before the account is locked for renewal. A reasonable default prevents brute-force attacks without immediately blocking legitimate typos.

If a user has forgotten their password or exceeded the permitted failed attempts, ZEP automatically offers a reset form on the login page. Username or email address is sufficient — ZEP sends a link for setting a new password to the email address stored in the employee profile.

The basic settings from My Company take effect across the entire application. Important contact points: