Revolutionizing DMARC Solutions: Permission Management – Source: securityboulevard.com

EasyDMARC’s cloud-native platform has been evolving since we first made it in 2018, but our new Permission Management System is a huge change for customers with large infrastructures. As it’s a conceptual improvement, its impact will span through all our users and internal teams.

Most of all, the change is directed at our customers that work with many domains or have multiple clients – Enterprises and MSPs.

Why The Change?

We’ve conducted product discovery surveys and asked for customer feedback about our platform, and the data we received over a few months indicated a need for improvement. It’s no secret that bulk domain management and user access can become very cumbersome and tricky for larger organizations. Solving this issue for our customers has become imperative to make our platform more flexible and processes more organized.

The Hierarchy and Its Components

We’ve established a new way of managing user access and asset grouping within a given system. The concept of an Organization is at the top of everything in our new hierarchy. Upon registering in EasyDMARC, the system creates one under your account and assigns you as an Organization Owner.

You can own one Organization at a time. However, you can be invited to others as an Administrator or an Editor. A switcher will be available for easy management if you have User permissions in two or more Organizations.

Each Organization has the following components:

• Product Plan
• Users
• Domain Groups/Domains

Let’s introduce each component and what they entail.

Product Plans

A Product Plan is a set of features (paid or unpaid) that are applied to the Organization. Only one Product Plan can be assigned to an Organization. Upon registering, you automatically start a 14-day free trial in EasyDMARC’s system.

Once the trial ends, you can choose one of the available Product Plan tiers or continue using the platform for free if that’s what your organization needs. (Some small businesses sometimes need a DMARC service with no complicated features, and we understand that well – DMARC is a must-have for all domains.)

However, if your company has a lerge domain infrastructure, you can have it all, too. Depending on the number of domains and plan limits, you might need to contact our team to request custom pricing to enhance your experience.

Domain Groups/Domains

Any given Organization consists of Domain Groups. It’s a container that can include an unlimited number of Domains and have specific user roles assigned to them.

Once you create an Organization and add the first Domain, the system automatically creates a default Domain Group, which you can rename, add new Domains and user roles, or manage otherwise. The only exception for the default Domain Group is that you can’t delete it.

Our system also allows you to create unlimited Domain Groups to organize your work better.

Manually added Domain Groups are similar to the default one, except they can also be deleted in one stroke, regardless of whether they’re empty. Thus, we must warn you that deleting a Domain Group removes all the Domains from the Organization. However, you don’t have to worry, as we keep the Domain data, and if you decide to add it back at some point, we’ll match the data with the Domain, and you’ll be able to continue using the system as you did before.

A User can be invited to multiple Domain Groups. If an Administrator removes a User from the Organization and the User doesn’t have an account at EasyDMARC, we’ll create a fresh one for them.

Now, let’s come back to Domains for a second. As you might’ve already gathered, Domains are the lowest level of the hierarchy of EasyDMARC’s new Permission Management and can’t exist outside Domain Groups. You can add them to groups and manage User access on each one. However, please note that a given Domain can only be included in ONE Domain Group. Now, to make it easier to manage, we also created an easy way to move a Domain between Groups.

Our system treats Sending and Parked domains in different ways. While Sending domains have access to all the features on the platform, Parked ones can only use basic tools. They need to be set to “reject” and not have sending volumes. We still monitor parked domains and alert you in case they’re used to send illegitimate emails.

While we’ll have a separate article about this topic, it’s worth noting that Parked Domains will become more convenient to deal with due to the new Permission Management features. You just need to setup a group, assign a user to manage it, and keep an eye on the reports.

Real-Life Problems Solved for Enterprises and MSPs

Imagine a situation where an MSP manages 150 clients, and each of them has 3-10 domains. Managing this lot manually could take forever.

An MSP simply needs to categorize their accounts and grant the proper User permission to the client. Imagine how much more transparent the processes could be if the account manager from the MSP’s side and the client could see the infrastructure changes in one dashboard and receive the same reports.

Managing Sending and Parked domains becomes easy with the new system as well. Enterprise customers can categorize them into separate Domain Groups and monitor each one separately. It’s also possible to group domains by teams or departments for more granular visibility across the organization.

Users

At the time of writing, the system allows two User roles. Administrators and Editors can be assigned to Organizations, Domain Groups, and Domains. Hence the new Permission Management System’s six User Roles:

• Organization Owner: An account created by default upon signup. This User has access to every platform module, can terminate the Plan or the account, or request ownership transfer.
• Organization Administrator: This User has access to all the platform features without an option to terminate the service plans and the account itself.
• Domain Group Administrator: This User can manage the Domain Group and invite new users to the Group.
• Domain Group Editor: This User can manage the Domains within the Group but can’t invite new Users.
• Domain Administrator: This User can manage selected Domains within the Domain Group and invite new Users to handle the Domain.
• Domain Editor: This User can manage selected Domains but can’t invite new users.

We’ll add the Viewer role to this mix in the coming weeks. Please note that anyone with Viewer permission currently in your system will be granted Editor privileges for a short time until we add the feature.

FAQ About Permission Management

What is EasyDMARC’s Permission Management hierarchy?

The hierarchy consists of the Organization, Domain Groups, and Domains. Each Organization has one Product Plan applied, and respective Users can manage Domains and Domain Groups.

Can I have multiple Product Plans under one Organization?

No, each Organization can only have one Plan applied.

Can I be invited to another Organization and switch between them?

Yes, each User can have Administrator and Editor roles in multiple Organizations, The exception is the Owner role – you can only be an Owner in One Organization.

What are Domain Groups and how can I manage them?

Domain Groups are virtual containers for Domains. You can add, manage, remove Domain Groups, populate them with Domains, and assign User permissions.

Can Administrators create a Custom role with selected permissions and policies?

Not yet. Custom roles will be available with further fixes.

Do I have to use new permission management features on the platform?

The change is global, and the Permission Management System is there for you to use upon signup. However, if you don’t have multiple Domains or don’t need additional user roles, you won’t have to use the features.

Can I manage more than 1 Domain Group? How many Domain Groups can I have at a time?

Yes, you can manage unlimited Domain Groups.

Can I invite external people to access a specific Domain Group or Domain?

Yes. As Organization Owner or Administrator, you can decide to which Domain Groups or a single domain users have access to, no matter if the User is internal or external.

Can a Domain belong to multiple Domain Groups?

No, One Domain = One Domain Group.

What happens with the User that is removed from the Domain Groups or Organisation?

We create an empty Organization for them with free Product Plan and no Domains.

How Will This Change Affect You?

EasyDMARC’s New Permission Management aims to improve User access and Domain management to a point where larger accounts can set up their system, assign people, and reach granular control over each Domain and its data. Smaller Organizations shouldn’t be affected by this change too much.

Here’s what to expect:

• We’ll be merging multiple paid EasyDMARC accounts into one to improve your experience with our system.
• For Users with paid and free accounts, we’ll move free Domains into the paid version within the allowed Domain limit of the Product Plan. For the remaining Domain(s), you can still purchase additional seats or remove them from the platform. No information associated with these Domains will be lost; adding the Domain back will restore the data.

In addition to the improved Domain and user management for our customers, our new Permission Management System paves the way for more significant and better updates in the future. The upcoming Alerting, DNS Timeline, White Labeling, and other features will enrich EasyDMARC’s customer experience, making it easier for Enterprise and MSP customers to manage their workflows and teams.

You won’t have to wait longer – the new and improved Cloud Native DMARC experience is just around the corner!

Contact us today if you have any questions regarding the changes in the system, and if you’re a new user considering our platform, our sales team is ready to help.

The post Revolutionizing DMARC Solutions: Permission Management appeared first on EasyDMARC.

*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Hasmik Khachunts. Read the original post at: https://easydmarc.com/blog/easydmarcs-new-permission-management/