No matter how mission critical a website is for a company, security should always be paramount. This article explains user maintenance and provides a tip on optimizing security-related details through regular reviews of the user accounts in your XperienCentral installation.
The Authorization panel
In the Workspace, you can find the Authorization Management panel by navigating to Configuration > Authorization. In this panel you can manage all user accounts:
There are 3 types of global accounts:
- System accounts. These are the ‘Administrator’ and ‘Developer’ accounts and are necessary for the correct functioning of XperienCentral and the coupling of external functionalities. GX Software manages these accounts. Never delete these accounts or reset the passwords for them.* GX Software displays a note next to these accounts in the list in order to make it abundantly clear what they are.
- GX Software user accounts. These are (most of the time) temporary accounts that are created for GX Software employees. GX Software often creates these accounts during the preparations for a website that is about to go live so that engineers, consultants and/or architects can create and set up content. It is a good idea to keep these accounts.* The password for these accounts may be reset, however.
- GX Software displays a note next to these accounts in the list (‘GX account’).
- Regular user accounts. These accounts are for the employees of your company and/or third parties such as designers and the hosting entity. It is best to not delete these accounts.* The password for these accounts may be reset, however.
*The reason to not delete these accounts is that if the user ever created content in XperienCentral, then all references from the content to these accounts are lost which can have its disadvantages.
Periodic maintenance from GX Software
Periodically — 2 times per year at any rate — GX Software conducts a security check which consists of the following:
- GX Software changes the passwords for system accounts to one that meets our password strength requirements. The new passwords are kept in our secure GX Software client information system. Only our Customer Services department and GX Software architects have access to these passwords.
- GX Software changes the passwords for all GX Software user accounts and does not keep a record of the changes which means GX Software can no longer log in using these accounts.
Extra maintenance performed by the customer (tip)
This is a simple tip: Set up a mechanism whereby you do your own checks/clean up at the same time that GX Software does its maintenance on the user accounts in your installation. Go through all your user accounts and perform the following steps:
- Check whether the person tied to each user account is still in your service and/or whether they still need log in access and/or the role that is assigned to their account. If not, change the password for their account to one that is non-reproducible and do not save it anywhere else. A simple trick is to blindly enter a number of characters using upper and lowercase letters and one or more special characters. We do not recommend using a password generator but if you do, be sure that you do not keep any record of the new password anywhere else.