Skip to main content
New Idea

Provide Support Access in PX the Same Way Support Accesses CS

Related products:PX Admin & Security
  • March 14, 2024
  • 1 reply
  • 12 views
  • mmue
    mmue
  • Nina

  • Contributor ⭐️
  • 2 replies

In Gainsight CS when support needs access to an instance all a user has to do is go to their profile check the radio button that says “Grant access to Gainsight Support” and then provide the duration of how long support should have access. Support can then access the instance as that user and check out whatever they need to check out. The access is then automatically revoked after the time frame has expired. Can you please implement that for PX as well? Current any time support needs to access a PX they ask us to manually create a shared admin account which they use to log in. 

From support:
“We do not have access to your Gainsight PX instance, so could you please add the user email px-success-user@aptrinsic.com and send us the invite with full admin access to check the issue further.”

PX is a tool which ties into all of your products in all development environments and allows anyone who has the rights to display content directly to your customers via engagements. Having a shared account with unrestricted access sitting around only protected by a password is a major security concern. Now I said its only protected by a password because if you enable this account for support you have to leave local password access (“SAML and Password” option under Login Settings) enabled so support can access your instance. There is no MFA and you can’t set this up using your IDP because then you would be exposing another system to a shared account. Please help us protect our products by improving the security around how Gainsight Support accesses this product.

With all that said the support folks which I have worked with have all been willing to do screen shares to resolve any issues, so I an appreciative of their willingness to be flexible but they wouldn't need to do this if they could access PX the same way they access CS.

1 reply

Stuart
Forum|alt.badge.img+3
  • Helper ⭐️⭐️
  • 144 replies
  • March 15, 2024

Completely agree, and I guess the disparity between CS and PX support access methods is because they are completely different products in their backend architecture.

 

In saying that, user impersonation is far from an ideal solution for support (or a TAM, or COM) to access CS, as any actions are logged against your own user; with change tracking in CS already being somewhat poor, it makes it very difficult (and in some cases impossible) to discern what actions GS have taken within your instance.  Adding a Gainsight email into CS as a user also wouldn’t work because iDp routing is based on domain, and without a domain match for gainsight.com it would default to email + password.

 

Given the nature of the products and the sensitive data they contain, Gainsight need to step up here with an Enterprise solution for accessing customer instances across products.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings