Two Factor Authentication - Partner Support

Hi all,

 

This is a timely posting as we are underway with planning out the changes to the functionality surrounding PartnerSupport so let me update you on those plans.

 

Firstly, why are we making the changes?

1. Based on the feedback you have provide that it is extremely challenging only having a single PartnerSupport login when there are several times during a client lifecycle where multiple consultants may need to access the system at the same time.
2. Having all support users access the client system through PartnerSupport is an issue from an auditing and traceability perspective as there is a loss of clarity on who is doing what
3. Managing the PartnerSupport login across multiple sites is a challenge when you need to change passwords etc which again raises a security issue

So, what are we doing?

1. We are moving to a scenario where a partner can have multiple PartnerSupport licensed user accounts within a client system.
2. These accounts will be named user accounts linked to the MYOB IDS authentication solution which is used for the 2 factor authentication. This means that:
   1. A consultant will only have one set of credentials which can provide them access to all clients systems and their own internal / demo system
   2. 2 factor authentication will be required for accessing systems
   3. Changing an individual password is done once and does not have to be done at a site level.
3. Providing a facility to deactivate an account across all sites should the need arise. Initially this will require MYOB to carry out the process through a logged ticket, however, we will look to ultimately make this available to partners to manage.

How is it going to work?

1. The core principles that the process will work on is as follows:
   1. A user that is assigned a PartnerSupport license will be able to create additional PartnerSupport licensed users
   2. A user that is an admin of a site, but not assigned a PartnerSupport user license (i.e client admin users) will not be able to create additional PartnerSupport license users, but will be able to disable PartnerSupport licensed users and prevent them form being able to access the system.
2. For a new site that is provisioned, the system will create the first named user account with a PartnerSupport license based on information provided when a new site is requested. The specific user will receive an email invite, login to the site and associate their IDS details to the user account created (this is an automatic process which happens behind the scenes). From there they will be able to invite additional PartnerSupport users.
3. For sites that are being upgraded, the first consultant to login with the existing “PartnerSupport” login will need to go through the process of registering and creating the first named user PartnerSupport licensed account and from there will be able to invite other ParnerSupport licensed accounts.
4. MYOB will be extending the monitoring of the use of PartnerSupport licensed user accounts
5. Should a consultant leave, an automated process will be available to remove their access from all sites. This will require a ticket to be logged with support to action the process.

If you have any queries or feedback with the above approach, please let me know so we can review any requirements.

 

I will update the posting with timeframes when we have greater clarity on that

 

Regards

James