Multi-Admin Control Panel Access and Audit Trail
Spam Experts provides a multi-level access structure: admin, sub-admin, domain, email user. An unlimited tier of sub-admins can be created, where each parent has full access to the underlying domains, sub-admins, and email users.
Only 1 username/password is supported for each admin account, domain, or email user. All activity is logged on the platform, including the (active) username and the IP address.
For larger organizations, a more complex structure may be preferred for audit capabilities. As sharing a password is not recommended from a security perspective, a simple Single-Sign-On (SSO) module is available via the API ("Authentication" section) to provide such access to integrate with your external control panel(s), billing system, or support system. For various third-party control panels an open source module is already available using this functionality. see Integrations.
In case your platform is not listed in the Integrations page, the link can be easily generated from the command line or any programming language, to be displayed to your customer or staff member for access. By passing the optional “identifier” variable, an audit trail related to that identifier will be recorded. Hence with this method you can for example easily identify which support staff member executed a certain action.
The simple API method to generate authtickets:
Method for authentication tickets generation. Such tickets can be used for webinterface access without the need to enter a username and the password. A new authticket can be used for several login attempts, however it expires after 15 minutes.
username (string): Username of a user to create authticket for
identifier (string): Custom identifier for client username in the API logging. -OPTIONAL
To get such ticket command line using Curl, you could execute e.g.:
adminusername: Replace with your Spam Experts admin access credentials, it will allow to generate an authticket for any related sub-admin, domain, or email user
password: Replace with your Spam Experts admin password
subadminexample: This would be the username you wish to grant access to
staffmembername: This would be the optional identifier for the audit trail, for example matching the username of the specific staff member that is granted access.
The command will return a string (e.g. “736586bf5983138a6408bb145a3fbc9985091bf7”), which you can use for the SSO URL and display in your control panel to the authorized user:
Ensure that the admin credentials in the script are secured, and not accessible externally. Additionally you need to ensure the authticket is only exposed to authorized users. A PHP example can be found here as well.