CONTROLLING AND GRANTING ACCESS

It’s no secret that I love a good tip, trick, or hack. That's why today I’m giving you a trick for controlling and granting access to information.

When onboarding new clients (and honestly, even new team members), one of the biggest sticking points is getting access. Sometimes this is because no one knows where the access information is, which is especially common with hosting and websites.

But sometimes it’s also a problem with not being sure how to grant access, who has access, or just even gathering that information together and then wondering how best to communicate it. (Side note here: please never, and I mean never, send passwords via email.)

Isn’t that crazy that the hardest part of a project can be just getting people access to the information they need to do the project?

IF GRANTING ACCESS WAS EASY

What if granting access wasn’t a sticking point? Wouldn’t it be great to live in a world where granting and controlling access was easy? I don’t know about you, but in my experience, despite best efforts, sometimes relationships don’t end well, and we want to make sure that there isn’t any temptation for a disgruntled partner or former employee to tamper with business resources.

The whole point of controlling and granting access is, you know, to let the right people in and keep the wrong people out and make sure that everything is private and secure. The challenge with security and privacy is if we plot it on a spectrum, security would be one end of the spectrum and convenience would be the other end.

Just by the nature of what it is, the more secure anything is, the less convenient it is. Therefore, we don’t necessarily want to hack our way around things being secure. We want them to stay secure, but we also want to remove the friction of getting the right people access. It also needs to be easy to remove that access when it is no longer needed. The secret to streamlining access is to have a process around it. I know, bor-ing!!

The reality is that every app, software, or platform has different access requirements. Inside of large organizations, they use?single sign-on (SSO)?or?Microsoft’s Active Directory?to try to solve the issue of access. Great, but that’s not usually an option for small businesses.

HOW TO BUILD YOUR PROCESS

So process it has to be. But don’t worry; it doesn’t have to be crazy. And it can be as simple as just using a template and having a checklist for when new accounts are created and when access is granted. It might look like something like this:

Let’s say you’ve just set up a new service like?ActiveCampaign. In this case, you will want to find out if you can have multiple user accounts in ActiveCampaign. Individual user accounts are the most secure way to grant access because then you can remove access user by user and no one has a shared password. The downside to this is that if a user leaves, there can be more to unwind when deleting a user account. ActiveCampaign can, in fact, have multiple users. Sometimes there are limitations on how many users you can have.

Continuing with our example, when setting up ActiveCampaign, we would have a document template that that has:

1. The access URL
2. How access is granted; in this case, it would be by individual user account
3. A list of users is also helpful,?not?usernames and passwords, but just a list of users or roles that need access and what access level they require
4. And for bonus points, you can include a link to the ActiveCampaign instructions on how to add a user

For systems where there can be only one user, or apps where all admin changes are under a single user, then I recommend using credential sharing via a password manager like?LastPass. LastPass allows you to share credentials for use without revealing the password. In LastPass, you can share individual credentials, or you can have folders of shared credentials.

PROCESSES MAKE ALL THE DIFFERENCE

That’s all. That’s it. See, nothing crazy. If you want to get more advanced, you can have a master document that has these pieces of information for every system you have. The point of writing down the information is that now when granting access, you can look at the platforms where access is needed and quickly know where and how to do it.

And then you can use these documents when you off-board someone. It’s easy to see what systems they need to be removed from and know how to remove them. If you take just 10 more minutes when setting up a new account to put this information into a resource document, you will save yourself countless hours of tracking down who still has access and be able to more easily grant access to get vendors or new employees on board and start experiencing their value more quickly.