In Gainsight CS when support needs access to an instance all a user has to do is go to their profile check the radio button that says “Grant access to Gainsight Support” and then provide the duration of how long support should have access. Support can then access the instance as that user and check out whatever they need to check out. The access is then automatically revoked after the time frame has expired. Can you please implement that for PX as well? Current any time support needs to access a PX they ask us to manually create a shared admin account which they use to log in.
From support:
“We do not have access to your Gainsight PX instance, so could you please add the user email px-success-user@aptrinsic.com and send us the invite with full admin access to check the issue further.”
PX is a tool which ties into all of your products in all development environments and allows anyone who has the rights to display content directly to your customers via engagements. Having a shared account with unrestricted access sitting around only protected by a password is a major security concern. Now I said its only protected by a password because if you enable this account for support you have to leave local password access (“SAML and Password” option under Login Settings) enabled so support can access your instance. There is no MFA and you can’t set this up using your IDP because then you would be exposing another system to a shared account. Please help us protect our products by improving the security around how Gainsight Support accesses this product.
With all that said the support folks which I have worked with have all been willing to do screen shares to resolve any issues, so I an appreciative of their willingness to be flexible but they wouldn't need to do this if they could access PX the same way they access CS.
