Enter the Share Your Success Sweepstakes 2024 For the Chance to Win Great Prizes!

MFA implementation violates basic IT policy

SOLVED
Go to solution
CourtneyS00
Campaign Contributor
0 Votes

The implementation of CC's MFA makes it impossible to have two employees with global permissions on the account. This is very basic IT policy at most every organization. We ran into issues previously because of this poor implementation of allowing only one 'owner' and cannot take any chances on repeating the circumstance of an employee abruptly leaving while also being the only employee with global access to the CC account. Are there any plans to allow two 'owners' on an account? If not, this will be a CC deal breaker for us.

1 ACCEPTED SOLUTION
William_A
Administrator
0 Votes

Hello @CourtneyS00 ,

 

Each account is only ever allowed one account owner login with this much accessibility. Both this, and the MFA method, are done for the sake of account security - ensuring customers, especially those with large lists, don't get their accounts compromised. We do have existing feature requests on expanding the customization of users' permissions / adding more user levels, etc. - but nothing specific for allowing multiple logins with the ability to manage everything in the account.

 

While we wouldn't normally recommend it, if you're expecting to have more than one person that needs full access to everything on the account at all times (including the ability to view and edit billing info, the ability to manage and remove other users, etc.) then I'd advise the following setup:

  • Using the phone call MFA method and an office phone that any of the "owners" can easily access
  • Use an email address that any of the "owners" can easily access (something like IT@ or office@)

One thing to keep in mind is that if you're using a more generic email address that any applicable IT person in your organization could potentially access, that means you could also just have everyone but the true owner as Account Managers. Once the original owner leaves, it'd be a simple matter of the next-in-line "owner" resetting the MFA method from the login page using the generic email they already have access to. Then they could get their phone number and preferred MFA method associated with the credentials instead.

 

Again, while I wouldn't generally recommend this kind of setup for the sake of account security (you can always just go through a standard Account Ownership transfer if necessary), this is going to be the best way to setup the account for your preferred convenience, based on what you're describing.

 

See also:

Verifying addresses

Updating the account owner / main email address

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
William A
Community & Social Media Support

View solution in original post

1 REPLY 1
William_A
Administrator
0 Votes

Hello @CourtneyS00 ,

 

Each account is only ever allowed one account owner login with this much accessibility. Both this, and the MFA method, are done for the sake of account security - ensuring customers, especially those with large lists, don't get their accounts compromised. We do have existing feature requests on expanding the customization of users' permissions / adding more user levels, etc. - but nothing specific for allowing multiple logins with the ability to manage everything in the account.

 

While we wouldn't normally recommend it, if you're expecting to have more than one person that needs full access to everything on the account at all times (including the ability to view and edit billing info, the ability to manage and remove other users, etc.) then I'd advise the following setup:

  • Using the phone call MFA method and an office phone that any of the "owners" can easily access
  • Use an email address that any of the "owners" can easily access (something like IT@ or office@)

One thing to keep in mind is that if you're using a more generic email address that any applicable IT person in your organization could potentially access, that means you could also just have everyone but the true owner as Account Managers. Once the original owner leaves, it'd be a simple matter of the next-in-line "owner" resetting the MFA method from the login page using the generic email they already have access to. Then they could get their phone number and preferred MFA method associated with the credentials instead.

 

Again, while I wouldn't generally recommend this kind of setup for the sake of account security (you can always just go through a standard Account Ownership transfer if necessary), this is going to be the best way to setup the account for your preferred convenience, based on what you're describing.

 

See also:

Verifying addresses

Updating the account owner / main email address

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
William A
Community & Social Media Support
  • Avatar

    Featured Article

    Use Sections to Build Email Campaigns Faster and Improve Engagement Rates

    Using Sections while designing your marketing email not only increases your own efficiency but helps you to deliver a more friendly, organized message. Check out some of the key benefits of using sections in email.

    See Article
  • Avatar

    Featured Thread

    Casual Conversations: What's your go-to playlist?

    If you listen to music while you work, share your playlist below so we can be inspired and maybe find some new music!

    View thread
  • Avatar

    Featured Thread

    Share Your Success Sweepstakes

    Share a success story from the last year and be entered for a chance to win great prizes!

    Enter now!
Updates
Just Getting Started?

We’re here to help you grow. With how-to tutorials, courses, getting-started guides, videos and step-by-step instructions to start and succeed with Constant Contact.

Start Here

73% of SMBs express doubt that their marketing strategy is effective. Does this sound familiar? Read our Small Business Now Report to learn how you can tweak your strategy to see better results.

Go read our article
Upcoming Webinars
DEC 12
Ask Us Anything: Your Digital Marketing Questions Answered
2PM - 3PM EST