Tuesday, January 19, 2016

Mastering User Security While Providing Dashboard Access to Contractors and Clients

Mastering User Security While Providing Dashboard Access to Contractors and Clients

Often times you will need to provide restricted Dashboard access to an employee, contractor or client for many different reasons. This article will provide you the necessary information to provide the access you need while still providing a secure dashboard environment.

Scenario One: Providing Access to a Single User within a Client Company

In every company no matter how small, there is usually that one person designated as the “IT Person” to solve all the small issues that arise. Providing dashboard access to this person can often cut down on the number of hours you spend supporting the company. If you can provide this person with the tools in the dashboard such as Remote Desktop and Remote Background, it empowers them to solve simple user issues making your company more profitable.
The first thing to note is you are only charged per node, there is no additional charge to add users of any kind to your dashboard. This is a great value that is included in the platform fee.

Step One: Build a Client Group
In the dashboard click on Settings>Users>Client Groups

1.       Click Add Client Group
2.       Name the Group
3.       Select the Company
4.       Move it into the group.

Step Two: Build a Role to Restrict Access to the User:
In the dashboard click on Settings>Users>Roles and Permissions

1.       Add a new Role
2.       Name the Role
3.       Select Role template to base the new role on. Because this is a single client only, start with the Client Role to ensure they only see the data from the client in the Client Group you named above.* 
4.       Go through each and every Line item and select the appropriate access for that user.

Step Three: Create a User and Assign the Role and the Client Group:
In the dashboard click on Settings>Users>User Accounts

1.       Add user
2.       Enter the User’s email
3.       Select the Role
4.       Select the Client Group

Step Four: TEST…        TEST…TEST
1.    Be sure and log in as the user and confirm that you have all the proper security permissions in place.

Scenario Two: Providing Access to an Employee or Contractor
Often times it will be necessary to partner or work with another company or contractor. The Process is exactly the same as above. It may be necessary to provide access to one or more companies and there may be users with different roles and permissions within the same company. MAX Remote Management has the ability to accommodate any permissions scenario.

SECURITY BULLETIN: Secure your Agent Key:
You will eventually have to provide the agent key to someone to install an agent. Since the first user in the dashboard is assigned the Agent Key, you will ALWAYS want to create a second user for yourself that has SUPERUSER permissions. It is imperative that the second user has SUPERUSER rights or you will be contacting tech support at the end of this process.

1.       Rename the user that is assigned the Agent Key to something generic such as key@msp.com. It does not have to be a valid email address just in the proper email format.
2.       Create a user that has SUPERUSER permissions
3.       Set the password for the new user and set an Agent Key Password that you can remember.
4.       Unselect Enable Agent Key User Dashboard Access

IMPORTANT NOTE: Although this is outside the scope of this article please make note that when dealing with medical facilities where HIPAA regulations are in effect, your dashboard must be configured for Two Factor Authentication to be compliant. https://www.youtube.com/watch?v=rJj42OvxDHQ

* Comment on the roles: the Client Role is the only one that will 100% guarantee access to only one Client in your dashboard.  The Standard, Administrator, and SuperUser Roles are staff roles and as such are best for the multi-tenant design of your dashboard.