As an administrator, your MoEngage account security should be a top priority for you. Here are some steps we recommend for you when you create an account with MoEngage:
Strong Authentication Practices
- It is important to ensure that a Two Factor Authentication (2FA) system has been enabled for all MoEngage account users, without exception. This will help restrict suspicious logins by verifying the identity of the user and making sure that access to the platform is secure. Please refer to our guide on Two Factor Authentication for a better understanding. We recommend you share the guide with the relevant users in your organization.
- Make sure to enable Single Sign-On (SSO) access to the MoEngage Platform, organization-wide. To know how you can set up and enable SSO for your organization, click here.
You might need help from your IT support team to set up SSO. MoEngage supports SSO using SAML 2.0 and acts as a service provider (SP) for SSO.
Granular Access Controls
- MoEngage lets you provide customized Access, Permissions, and Privileges for different team members. This helps in restricting every team member from having access to the complete dashboard/database and gives you more control over the information/data distribution.
- Implement Campaign Approval Workflows to have better control over the campaigns that are going live. This can help ensure a more secure campaign workflow, and avoid breaches in quality and policies.
- Enable IP Whitelisting in your SaaS Application Account to ensure user authentication from whitelisted IP only.
- You can whitelist your VPN IP to ensure MoEngage SaaS Application access is only enabled using a trusted network of your choice.
- If your organization currently does not use a VPN solution, look into adopting Open Source options such as OpenVPN, Pritunl, etc.
- The IP Whitelisting feature on the MoEngage Platform/SaaS Application is only available to organizations using an Enterprise license. Please connect with your Customer Success Account Manager for more details.
Regular User Access Audits
- Audit the access of all MoEngage account users at least once every 2 weeks.
- Look into revoking the access of all unused, unwanted, or off-boarded users.
- Audit the access, permissions, and privileges of all users from time to time. If it is not required, we recommend you change roles to a lower permission level wherever possible.
- Keep users with “Admin” and “Manager” roles to a minimum. We recommend you keep only one admin role per account.
MoEngage automatically logs you out of your session if your account does not have any activity for one day. If you wish to customize the time of your session, please reach out to firstname.lastname@example.org
For more information and a better understanding of implementing secure access controls, please contact your MoEngage Customer Success Manager.