Security

How to share access to your organization's domain, email, and passwords

Don't limit your organization to just one administrator. Share access to ensure continuity of control for your most important accounts.

andy1.jpg
Image: Andy Wolber / TechRepublic

When you have only one administrator, you have at least one problem: You're completely dependent on that person for access. An accident, emergency, or a job change may leave an organization without an administrator to manage an account. Many organizations struggle to access all sorts of accounts after an administrator leaves.

Here's how to share access to three important services—your domain name, your email, and your passwords. Of course, share access only with people you trust. And remember that, in some cases, it may make sense to share access with people who aren't employees (e.g., with an IT vendor, or with a board member in the case of a nonprofit organization.)

Screenshot of G Suite administrator roles (e.g., Super Admin, Groups Admin, User Management Admin, etc.)

A super administrator can assign administrative roles to users in G Suite.

Share administrative access

G Suite and Office 365 both allow more than one account to hold "super administrator" or "global admin" privileges, as they're called, respectively. A person with this type of administrator account holds the highest level of access to these systems.

A current super administrator or global admin can assign additional privileges to another person within G Suite (see Assign administrator roles to a user) or Office 365 (see About Office 365 admin roles). Both systems also offer administrator accounts with limited levels of administrative access, as well.

Screenshot of Domain Permission sharing option in Google Domains

Google Domains allows an administrator to give other people the ability to manage a domain. This can help an organization make sure that domain name registration renewal payments occur.

Share domain name control

Some domain name registrars support shared access. For example, in Google Domains, a domain owner can give another person full access to manage the domain's registration and DNS settings. These settings let you redirect email, point a domain to another web host, or pay to renew the domain name registration to keep control of the domain. (Other domain name registrars, such as GoDaddy.com, also offer similar shared access.)

To give another account administrative control within Google Domains, login at http://domains.google.com, then select settings (the sprocket-like icon). Under Domain permissions select Permissions, then enter the email address of another Google account. The person will receive an email with a link to Google Domains. It's like sharing a Google Doc, but with your domain.

Note: Sharing a domain doesn't change domain ownership, just as sharing a Google Doc doesn't change Doc ownership. You can transfer domain ownership to another Google account within Google Domains, or move a domain to another registrar with separate processes.

Screenshot of LastPass Emergency Access sharing form

Password management systems, such as LastPass, allow you to share passwords securely with your team and also provide for emergency access.

Share password access

Shared passwords allow multiple people to access sites and services. Ideally, all services would offer robust account management: The ability for multiple people to access services with varied levels of access. But since not all systems offer this, people share passwords.

And people are creative and share passwords in a range of ways. The simplest way to share a password is to document it somewhere, then share access to that document. I've seen passwords documented with notes on paper, in a shared Google Doc, and on a dry erase board in a server room.

A password management system offers two additional options: Shared passwords and emergency access. Shared password systems, such as 1Password for Teams, Lastpass for Teams, or Dashlane for Teams, allow different people to login to a site with the same password synced and shared across accounts. If one person changes the password, the change syncs, too.

Emergency access allows full access, as well, and can be configured to only allow access if the account holder doesn't respond. For example, in LastPass, you can add the email address of another Lastpass member to receive emergency access with a waiting period. When the person requests access, you choose a time period that needs to elapse before access is granted. The time period can vary from no time (i.e., immediate access) to 30 days. During the waiting period, the account holder can reject the request. Otherwise, they'll receive access. That way, in a situation when an account holder is no longer able to reject a request, another person can gain access to account passwords after a delay.

How do you handle administrative access to key accounts? How does your organization document and share access to important services? Let us know in the comments or on Twitter.

Also see

About Andy Wolber

Andy Wolber helps people understand and leverage technology for social impact. He resides in Ann Arbor, MI with his wife, Liz, and daughter, Katie.

Editor's Picks

Free Newsletters, In your Inbox