Feature Request: Additional agent account security
This is a request to look at implementing additional security on agent accounts. Specifically, preventing them from updating details like email addresses and phone numbers for their own accounts.
We had an issue where an agent changed the email associated on their account to the email address of what should have been a new end user. There were no repercussions from this thankfully, but this opened up the potential to allow someone external to our organisation to have access to all of our customer data.
I would propose making these fields editable for administrators only to prevent potential occurrences of this issue again.
That makes a lot of sense - We all make mistakes, but this could potentially be a huge problem if unwanted persons get access to your data. A setting making basic info uneditable for agents would be great.
Thanks so much for providing the feedback around locking down contact info for agents. While we don't currently have plans to address this, we are knee deep in understanding how to restrict and open up permissions within roles. I'm going to add this to our research to make sure it's not missed.
I am definitely interested in seeing a feature to add extra security for agent accounts like TFA or Mobile App Authentication from Zendesk App(s)
Please sign in to leave a comment.