• SaaSOps
  • Solutions
  • Customers
  • Resources
  • Company
    • PRODUCT
    • CUSTOMERS
    • COMPANY
    • RESOURCES
    • MONITOR
    • SUBSCRIBE
SUBSCRIBE
    • PRODUCT
    • CUSTOMERS
    • COMPANY
    • RESOURCES
    • MONITOR
    • SUBSCRIBE

Subscribe to the Monitor today!

Every weekday morning you’ll get IT news, tips and tricks, and SaaS updates delivered straight to your inbox. Join a community of over 45,000 IT professionals.

Thank you for Subscribing!

x

Product Tip Tuesday: Beware of Too Many Super Admins

Maddie Buyers | April 9, 2019
2 min read

This week’s product tip is one of our favorites—reducing unnecessary super admin privileges.

Super admins are users who have full access to all system administrative controls in native SaaS admin consoles. It’s like “God Mode” for SaaS apps.

Because super admins can access and manipulate every part of your organization’s SaaS applications, it’s important to keep the number of super admins in your environment to a minimum.

Implementing the principle of least privilege is a security best practice. It depends on the size of your org, but we generally recommend having a total of three super admins in order to mitigate risk. We’ve seen that most organizations actually have 13-19 super admins in each SaaS app. This is a security risk. Each additional super admin presents more entry points into your environment and more opportunities for dangerous human error.

The trouble with many SaaS applications is that they natively lack granular access roles, which contributes to the problem of having too many super admins. Very often, users will request elevated access for a task or project. They may not need super admin access, but IT often has no choice given the lack of granularity, and the user ends up retaining excessive access for longer than necessary. Luckily, BetterCloud gives you the tools to fight this problem.

The first step to remediation: assign granular access

BetterCloud allows you to delegate roles that are more granular than those available natively within the applications. This ensures that users only have the level of access they need and eliminates the problem of granting super admin access to anyone who needs a little more access.

What’s key is delegating the least amount of access people need to do their jobs—aka enforcing the model of least privilege. With BetterCloud, you can assign granular create/edit/delete/view privileges related to users, groups, OUs, files, calendars, and other SaaS data.

Taking it one step further: create an automated super admin policy

Beyond creating granular access roles, you can set up alerts that tell you when the number of super admins in your environment exceeds a set number, which then triggers a remediation workflow.

For example, this workflow below will automate the process of revoking super admin access from any users who have been granted those privileges and exceed the threshold of your alert. Once the privileges have been revoked, the primary IT admin will be notified via Slack. Here’s what this looks like in BetterCloud:

For more information on this use case, check out this article in our Help Center!

Posted in BetterCloud, Product TipsTagged Model of least privilege, Saas Management, super admin
Get the latest, most fascinating IT & tech news in your inbox daily

Thank you for Subscribing!

  • Product
  • Customers
  • Pricing
  • Security
  • Partners

SUPPORT

  • Help Center
  • Slack Community

MONITOR

  • Resources
  • Statement of Purpose
  • Academy
  • Modern Workplace Innovators
  • BetterIT

COMPANY

  • About Us
  • Leadership
  • Board
  • In the News
  • Careers

CONTACT

Headquarters

330 7th Avenue
14th Floor
New York, NY 10001

(888) 999-0805
info@bettercloud.com

Technology Office

Piedmont Center Six
3525 Piedmont Road
Atlanta, GA 30305
Copyright © 2021 BetterCloud Monitor | Privacy Policy | Master Subscription Agreement