KSeF for Accounting Firms: Handling 30 Clients Without 30 Logins

You do the books for 30 companies. Every morning you open the KSeF Taxpayer App — KSeF (Krajowy System e-Faktur) is Poland's mandatory national e-invoicing system — switch the context to your first client, pull their invoices, switch to the second, pull again, switch again. Thirty times over. That isn't work. It's a penalty for having clients. Since 1 April 2026, KSeF has been mandatory for nearly every company in Poland, so this stopped being a big-corporation problem — it's every accounting office's daily reality. The good news: you don't need 30 separate accesses. The bad news: the free government tool wasn't built for someone juggling thirty NIPs (Polish tax IDs) at once. This guide covers why logging in client-by-client is a dead end, how the one-certificate-per-firm model works, and how to serve every client from a single dashboard.

6 min read 72 views
KSeF for Accounting Firms: Handling 30 Clients Without 30 Logins

Why you log in 30 times (and why it isn't your fault)

KSeF has no concept of "an accounting firm with thirty clients." It knows taxpayers — and each taxpayer is a separate NIP and a separate working context. When you issue or download an invoice, you do it on behalf of one specific NIP, and the system has to know whose invoice it is handling each time.

That's where your daily rhythm comes from: open the Taxpayer App, set the context to client one, pull documents, switch to client two, pull, switch. Call it logging in or call it context switching — the effect is identical. Thirty clients means thirty manual passes, every single day.

This isn't a flaw in how you organize your work. It's a direct consequence of how authentication is designed in KSeF: an identity always operates within a single NIP. The question isn't "how do I log in faster," it's "how do I stop doing this by hand 30 times."

One certificate instead of 30 tokens

Here's the part that changes everything: you don't need 30 separate accesses. You need one — issued against your firm's NIP.

In KSeF 2.0, the accounting firm generates its own KSeF certificate on its own NIP, and each client grants the firm permissions inside the system, pointing to the firm's NIP. That single certificate then serves every client who granted those permissions. The certificate doesn't say "this is Company X's invoice" — it says "this is firm NIP Y, authorized to act on behalf of Company X." The permissions do the rest.

For contrast, here's how a token is built — and why it's being retired:

20260315-EC-A1B2…-NN | nip-1234567890 | F9E8…
                       ^^^^^^^^^^^^^^^^
                       a token is pinned to ONE NIP

A token is an application password tied to a single NIP. Thirty clients on tokens means thirty separate strings to generate, store, and babysit. A certificate has none of that overhead: one key, many companies. It's free, valid for up to 2 years, and changing a client's permissions doesn't force you to regenerate it.

What the Taxpayer App won't do for you

If one certificate is enough, why does it still hurt? Because the free Taxpayer App solves authentication but not scale.

The app is built around one context at a time. It's perfect when you're a single company handling one NIP. When you're a firm with thirty, each client is a separate entry, a separate switch, a separate manual download. There's no single "all invoices for all clients today" view. No automatic background fetching. No queue, no alerts for new documents, no shared task list.

It's a tool for the taxpayer, not for the firm — and that's fine. The Ministry shipped a free compliance gateway, not a client-portfolio management system.

Serving 30 clients from one dashboard

This is where software that uses your single certificate to pull every client into one interface comes in.

Instead of 30 passes, you get one dashboard showing new sales and purchase invoices across all clients at once. The system fetches documents from KSeF automatically, in the background, for every NIP you hold permissions for. You filter, review, and export to your accounting software — without a single "log out, log in."

Illustrative scenario: picture a firm handling 28 limited-liability companies and 9 sole proprietorships (JDG). In the manual model that's roughly 37 context switches a day just to check whether new invoices arrived. In the one-dashboard model, it's a single glance in the morning. The rest of the day goes to bookkeeping, not clicking.

Tokens retire at the end of 2026 — so a certificate is the plan, not a choice

There's one more reason to standardize on a certificate now. Per the KSeF 2.0 Handbook, tokens and certificates run in parallel only until 31 December 2026. From 1 January 2027, only KSeF certificates remain (alongside a qualified signature or seal).

For a firm, this means one thing: if you build your 30-client process on tokens, you'll be rebuilding it in December 2026 under time pressure — at the peak of year-end close. A certificate is something you set up once, calmly, and forget until the next change in permissions.

Checklist — setting up multi-client access in KSeF

  1. Generate a KSeF certificate on the firm's NIP (recommended — one key for all clients). A company (spółka) needs a certificate on its NIP; set up an account administrator first. A sole proprietorship (JDG) can use a certificate on either NIP or PESEL.

  2. Ask each client to grant your firm permissions in KSeF, pointing to the firm's NIP — for issuing and/or receiving invoices. A bookkeeping contract alone grants no access.

  3. For the first user at a client company without a qualified seal, permissions are set up via the ZAW-FA form (the form that designates the first authorized person).

  4. Connect the certificate to software that aggregates clients in one view (a KSeF integrator), instead of working through the Taxpayer App client by client.

  5. Enable automatic invoice fetching for every NIP — so documents flow to you instead of you chasing them.

  6. Don't adopt client tokens as your target model — they expire on 31 December 2026.

  7. Review your list of active permissions and revoke them when a client relationship ends.

Wrapping up

The "30 logins" problem isn't a login problem. It's a tooling problem — software that makes you handle clients one at a time, even though authentication is already solved by a single certificate. The fix lives in the software layer: one key, one dashboard, every company.

We built Biurko around KSeF certificates for exactly this — so a firm connects once and sees every client's invoices in one place, with no context switching. Try it across your own client portfolio: 14-day free trial at biurko.io.


FAQ

Does an accounting firm need a separate KSeF login for each client? No. One KSeF certificate on the firm's NIP, plus permissions granted by each client, gives access to all of them. The free Taxpayer App only forces you to switch context client by client — integrator software shows every client in a single view.

How many KSeF certificates does a firm serving many clients need? One — issued against the firm's NIP (recommended). It serves every client who granted the firm permissions. The certificate is free and valid for up to 2 years, and changing a client's permissions doesn't require regenerating it.

Do KSeF tokens still work for accounting firms in 2026? Yes, in parallel with certificates, but only until 31 December 2026. From 1 January 2027 only certificates remain (alongside a qualified signature or seal). A token is pinned to a single NIP, which makes it impractical for many clients.

How does a client grant permissions to a firm in KSeF? In the Taxpayer App (Permissions module), the owner or administrator points to the firm by its NIP and sets the scope: issuing, receiving, or managing permissions. Signing a bookkeeping contract grants no access on its own.

Is the free KSeF Taxpayer App enough for a firm with 30 clients? Technically it keeps you compliant, but it works one context at a time — no shared view and no automatic fetching across companies. With 30 clients, an integrator that aggregates everyone into one dashboard is far more practical.

Tags

#KSeF
Share

Previous article

KSeF Login via Profil Zaufany: A Step-by-Step Guide Without the Jargon

Next article

KSeF Is Down — Now What? Offline24 Mode Explained Calmly

Stay in the Loop

Get notified when we publish new articles. No spam, unsubscribe anytime.

We respect your privacy. Unsubscribe at any time.

Cookies

We use cookies to keep the service running and — with your consent — to improve it. You can accept all, reject the optional ones, or customize your choices. Cookie Policy