Admin Security Features like restricting access by IP, Time of Day and Password Force Change or Azure AD Single Sign On Integration
It would be good to have more options for system administrators to be able to lock down the system. At the moment there is a bit of logging for users but the system needs more functionality on this side of things. Such as logs for X amount of days that can be run off as reports.
Being able to specify IP addresses etc for access to a specific account would help unauthorised access. Also unauthorised access attempts at the system.
To add to this setting working hours that an account is able to login much the same as Windows Servers do would also help secure the system.
There is no way to force a user to change their password eg password expire setting so you have to trust a user has changed their password when you have asked them to. Having an option to set the time period that a password lasts for in the user interface for admin would solve this.
The best way to assist with single sign on would be to integrate with products such as Azure AD where we can integrate the authentication with existing secure accounts so when someone leaves or joins the business it is easier to be in control of security.
The product is great and great to work with but is pretty lacking at the moment in regards to any real security functionality.
Following on from Single Sign On (SSO) with Google and Microsoft, we added a bunch of additional features to help you bolster security at your business:
- Two Factor Authentication (2FA)
- Admins can reset other user passwords
- Owner users can reset everyone’s passwords
- Comprehensive action log
- See recent active sessions
- Reset user iCal feed links
To learn more, see: Secure your Current RMS system
We’ve not implemented restrictions based on IP addresses or time of day. Anytime, anywhere access is a core component of Current RMS and we’ve not seen much demand for these. If these are important to you, create a separate idea and we’ll keep an eye on how it’s tracking.
3 commentsComments are closed
Re Duncans comments, is there not an export data option within the menu? I checked there is, whilst it's not inbuilt and could be imrpoved, it may be worth factoing in a manual backup on a regular basis if you're worried about such a failure.
But I agree some extra redundancy and backup/security would be welcome.
Duncan Russell commented
Hi Grant, I totally agree and in this day and age being able to restrict access to specific IP addresses is the bare minimum that one would expect from a cloud based system.
In addition I would love to see some form of two factor authentication either based on SMS, Google Authenticator or a similar platform as a simple user and password is not really a way to secure business critical data.
My biggest concern is that in the instance of an account being compromised and data being deleted by accident or maliciously I have now just confirmed with the support team at current RMS there is no way at all of recovering the data and it is gone forever... not sure that the system is viable due to it being a single point of failure with such weak security.
Perhaps one of the team at Current RMS can shed some light on their thoughts on the security issues or if any form of backup is available to mitigate the risk. Thanks, Duncan
With all the hacking you hear about in the news, I feel that admins should have the option to enforce a password change policy. This is pretty normal with cloud based systems and would give business owners a feeling that the security of the system was the best it could be. Being able to set the password strenght options would be very useful