I’ve looked at the feature request for multi-user access. Which I believe is important and very necessary. I also think Partner accounts that give access to user accounts would be extremely helpful as well.
The problem I have is what is the best way to work it out. For example, should the Master account own the sub account? Or should it be modeled after Facebook’s business manager where people can share their accounts with multiple agencies?
My personal preference would be to model it after Facebook’s business manager, where a CF account could “grant access” to their I.T. company and their Web Design guy at the same time.
It would also be helpful if there was a log of changes made to keep people accountable.
In addition, you should be able to create new accounts from your “master” account that essentially give you access to the new CF account.
Thanks for sharing. I posted to the request topic earlier that I can now say publicly that it’s on the roadmap for this quarter. I’m still awaiting details on how it will work for different plans, but it’s coming. We understand that some people need very granular control and may want to extend different permission levels and access to different people. Keep checking back and we may have an external beta going very soon.
I’d like to see an MSP/Agency account. The members feature is great for what it is but still does not solve the problem of sharing one account which is a member of many other accounts with a team of people.
A) Option one is to share an account with team members
Obviously, there are many issues with this approach, such as highjacking or having to share a single device if you want to implement 2FA
B) I have my techs create there own CF accounts and then add them as members to each client site.
Very labor intensive and in the event of a termination, the amount of time it could take to remove that member from clients CF’s sites would take too long.
An MSP/Agency account would only need to add sub-users for that particular account. They wouldn’t be stand-alone CF accounts. This way the super-admin could add and delete sub-users instantly.
@ryan
Any update on this feature for MSP’s? The delegate access to other users (and enforcing 2FA) is a good start but it’s not very practical to manage, especially for an MSP.
We have multiple clients that have their own previously created Cloudflare account and when they onboard to us they can add myself as a delegated administrator to the account.
When I log into my account and then switch to the clients account I am unable to add the rest or delete my colleagues as administrators to the account. I can partly get round this by asking the client to add all of my techs when they onboard with us, but when we have personnel changes we have to notify all of our clients to add or delete the relevant tech. Not a very practical situation for adds/deletions.
Hopefully we don’t have too many deletions, adding techs means our business is growing and we get 2 factor for day to day administration but the current configuration is still a headache.