MFA implementation violates basic IT policy

CourtneyS00
Campaign Contributor
0 Votes
The implementation of CC's MFA makes it impossible to have two employees with global permissions on the account. This is very basic IT policy at most every organization. We ran into issues previously because of this poor implementation of allowing only one 'owner' and cannot take any chances on repeating the circumstance of an employee abruptly leaving while also being the only employee with global access to the CC account. Are there any plans to allow two 'owners' on an account? If not, this will be a CC deal breaker for us.
1 REPLY 1
William_A
Administrator
0 Votes

Hello @CourtneyS00 ,

 

Each account is only ever allowed one account owner login with this much accessibility. Both this, and the MFA method, are done for the sake of account security - ensuring customers, especially those with large lists, don't get their accounts compromised. We do have existing feature requests on expanding the customization of users' permissions / adding more user levels, etc. - but nothing specific for allowing multiple logins with the ability to manage everything in the account.

 

While we wouldn't normally recommend it, if you're expecting to have more than one person that needs full access to everything on the account at all times (including the ability to view and edit billing info, the ability to manage and remove other users, etc.) then I'd advise the following setup:

  • Using the phone call MFA method and an office phone that any of the "owners" can easily access
  • Use an email address that any of the "owners" can easily access (something like IT@ or office@)

One thing to keep in mind is that if you're using a more generic email address that any applicable IT person in your organization could potentially access, that means you could also just have everyone but the true owner as Account Managers. Once the original owner leaves, it'd be a simple matter of the next-in-line "owner" resetting the MFA method from the login page using the generic email they already have access to. Then they could get their phone number and preferred MFA method associated with the credentials instead.

 

Again, while I wouldn't generally recommend this kind of setup for the sake of account security (you can always just go through a standard Account Ownership transfer if necessary), this is going to be the best way to setup the account for your preferred convenience, based on what you're describing.

 

See also:

Verifying addresses

Updating the account owner / main email address

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
William A
Community & Social Media Support
Updates
Just Getting Started?

We’re here to help you grow. With how-to tutorials, courses, getting-started guides, videos and step-by-step instructions to start and succeed with Constant Contact.

Start Here
Upcoming Webinars
Mar 28
Making it to the Inbox in 2024: What’s changed and what hasn’t
2PM - 3PM EST