Single Sign On Option for MFA

It would be great if we could have Constant Contact users authenticate using SAML. Right now, there's no way to enforce authentication policy (like MFA) to users with access to the account. Likewise, it would be helpful if we could auto provision/de-provision users using this integration

 

Hope you can look into adding this feature. 

5 Comments
Frankie_P
Employee

Hi @AMFYT

 

Thanks for sharing this feedback with us. What are some cases where the current authentication options we provide do not fit your needs? In the meantime we will continue to collect both requests along with use case examples. 

Frankie_P
Employee
Status changed to: Gathering Information
 
AMFYT
Brand Influencer

Sure, thanks for looking into this.

1. With the current setup, each individual user is responsible for enabling MFA for their individual user account. It’s not currently possible to A) enforce MFA across the constant contact account :sunglasses: determine if users have MFA enabled C) determine if the users password is compliant with org policy. The admin needs to “chase” the users to enable MFA, and the user then needs to maintain a separate form of MFA for Constant Contact. Likewise, there is no way to enforce a particular password policy to be compliant with the org’s standards. Additionally, the current setup requires that users must maintain a separate set of credentials, which adds complexity and complication to the existing setup and makes it more challenging for our users to adopt secure authentication practices.

 

With SAML Single Sign-On (SSO), users A) could be required to login through their Identity Provider (IdP) (Okta/Google Workspace, Azure AD etc.), :sunglasses: don’t need to maintain a separate username/password/MFA and C) admins can ensure/attest that their constant contact accounts are secured according to policy because authentication has been set at the IdP level.


2. With regards to auto provision/deprovision, the use case would be essentially A) Being able to auto create Constant Contact users based on role (so for example marketing group), and when they get provisioned with the IdP and go to login to Constant Contact their account gets created. :sunglasses: Being able to deprovision/delete users who are disabled from our IdP rather than having to log into the separate system and disable the user in both places.

Frankie_P
Employee

Hi @AMFYT

 

Thanks for following up with these details! While single sign-on or the option of enforcing or accessing the MFA of your sub-users are not available features we have tracked your feedback on this to the appropriate teams on your behalf.

Osman
Campaign Collaborator

We would love to see this as well. Also, for those who won't implement SSO, the option for the primary account to make MFA mandatory for users and specify the types available. (So that companies that cannot implement SSO can at least ensure a form of MFA is configured on every account on their instance and they can ensure the form that is implemented meets their security standards.)

Resources
Getting Started with Ideas

Welcome to Ideas! This board is dedicated to providing a space for our intrepid users to provide personal insight and feedback on additions and enhancements they’d like to see in your Constant Contact account.

Read more
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More