As businesses and corporations grow, different departments within the organization require access to its domain names for several different reasons. Whether it’s the marketing team initiating the purchase of a domain for a product launch, or the finance department accounting for the different expenses incurred through domain management activities — several people, probably more, within a large organization will need access to its corporate domain portfolio.
Generally, there are two ways in which a corporation grants access to its domain name portfolio. A corporation may decide to grant unrestricted access to designated individuals across various departments and have those employees share log-in credentials. Alternatively, an organization may decide to restrict domain portfolio access to a single team, typically IT, but sometimes legal or even marketing. While granting equal access allows individuals across different teams to work quickly and efficiently, sharing log-in credentials significantly increases the risk posed by internal tampering.
The latter model is more secure than sharing log-in credentials across an organization or departments, restricting access to a single team can lead to bottlenecks and inefficiencies that can make it difficult for members across your organization to process registrations, connect domains to external services, access invoices, among other tasks, in a quick and timely manner.
With Webnames Corporate’s advanced management tools, corporations can empower different departments and personnel by granting them specific permissions and pre-defined user roles that allow them to independently manage the domain assets they need to access, simultaneously increasing efficiency and eliminating the security risks posed by sharing log-in credentials and granting account-wide access.
This is achieved by employing three features within the Webnames Advanced Domain Management suite: Account Activity Tracker, Parent/Child Controls and Multi-User Access Accounts. Let’s take a closer look at what these features are, how they function, and discuss the benefits of an approach that utilizes all three tools together.
Account Activity Tracker
One of the most important features available within the advanced domain management tools is the Account Activity Tracker. Through the Account Activity Tracker, organizations can maintain precision oversight over all actions taken within a domain name portfolio. Every action can be filtered by domain, username, timestamp, and invoice number, among other details. Each entry includes comprehensive system notes updated in real-time for maximum transparency, facilitating troubleshooting, attribution, and security.
Parent/Child Role Functionality
Parent/Child roles are available by request for all managed, premier, and reseller accounts. The Parent/Child role functionality allows for one account (the parent) to assume management functionality over one or more child accounts.
Parent accounts can manage all aspects of a child account without requiring a password. They may also configure a child account to either utilize regular account pricing, or align the child account’s pricing to that of the parent account to simplify accounting across teams. The primary benefit of this feature is to grant teams their own sandbox account with unique login credentials, allowing them to access and manage their own departmental domains while also having the ability to oversee and manage that account if required. For example, a company may wish to give their marketing team access to a list of domains that have been registered for campaigns and allow them to self-manage those domains in a child account, while keeping business-critical brand domains separate in a parent account with highly restricted access.
The value of the Parent/Child account functionality, however, becomes even more powerful when used in tandem with Account Roles.
Account Roles
In addition to implementing secondary child accounts for business units that need to access and manage specific domain names under a broader corporate portfolio, accounts can also be assigned different user roles with defined permissions based on their use cases and domain management requirements. Permissions can be broken down into 4 distinct categories: Account Management, Product & Service, Billing, and Other. Within each category there are several permissions – and requisite capabilities – that vary across each role. There are 6 unique roles that can be assigned to members in your team:
- Account Owner: Limited to just a single account, the Account Owner role has unrestricted access and capabilities within the corporation’s domain portfolio. This is the only role that is capable of viewing and modifying account settings, contact preferences, domain name settings, financial information and more
- Account Super User: The Account Super User role offers the most access among non-owner roles, allowing super users to view and manage account settings, products, services, billing, and other users within the organization.
- Account Domain Admin User: Account Domain Admin users have many of the same permissions as super users. Domain Admin users can view and edit all products and services, in addition to being able to view account payment methods. What differentiates Domain Admins is that they are unable to manage other users within the organization and make bill payments.
- Account Billing Admin User: Within account permissions, Billing Admins cannot alter other user accounts, the account lock safelist, or registrants. What distinguishes Billing Admins from other administrative roles is that they are restricted to managing account payment methods, making bill payments, downloading invoices, and other financial-oriented tasks. Billing Admins cannot make any changes to the products and services within a portfolio.
- Account Technical User: Technical users can manage the account lock safelist, general portfolio characteristics, and most products and services. However, technical users do not have access to TMCH enrollment, GTLD Watchlist, and are not authorized to complete purchases or renewals.
- Read-Only User: Read-Only Users have access to view most areas of the domain portfolio (products, services, and billing) but they are unable to make any changes. Read-Only Users do have the ability to initiate purchases, but they cannot complete them.
Forming a Hierarchy with Parent/Child Functionality & Account Roles
While our advanced management tools provide an effective solution for maintaining a high standard of security and efficiency when managing a corporate domain portfolio, how the parent/child functionality and account roles synergize is what truly forms the foundation of an incredibly robust domain name management structure. By deploying account roles for unique users in tandem with parent/child functionality, organizations can grant specific access to a domain portfolio to several unique users, while also creating a hierarchy to establish visibility across numerous business units.
