Managing Identity in Customer Service Operations: Allow Customer Service Agents to login as an end-user #40
Milestone
Comments
|
@iglazer, do you have any specific examples where "login as" is more appropriate than "on behalf of", and or what controls you think would offset the risk of not having a means to audit the true actor in a case where they are logging in as? |
|
I think we might have a terminological collision. In my mind, anything that enables a user to login as/on behalf of requires additional logging. The “upstream” user clearly needs to be clearly identified in durable logs.
… On Apr 26, 2021, at 10:06 AM, Jp Rowan ***@***.***> wrote:
@iglazer <https://github.com/iglazer>, do you have any specific examples where "login as" is more appropriate than "on behalf of", and or what controls you think would offset the risk of not having a means to audit the true actor in a case where they are logging in as?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#40 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANU2625P2NJECRFTNXZMATTKVXMZANCNFSM43RWA5FQ>.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I disagree with the hard assertion that you should not let an agent login as user. “Login As” has its place if it is balanced with appropriate controls. This depends, in some cases, whether the agent is external or internal facing.
The text was updated successfully, but these errors were encountered: