We were looking over another vendor’s RMM tool recently and liked one of it’s features. In order to make any changes to a machine running that vendor’s RMM tool, the technician has to enter a current MFA code.
Having some options to toggle something like this on/off in Syncro would be great. I don’t have an exact implementation in mind, but the general idea of needing to do some sort of additional authentication to be able to do something that “edits” the asset computer or “connects” to an asset computer seems like a good additional security step to implement.
So, thinking out loud ------->
In the admin console have security settings like:
Require a current MFA code to run or schedule a script ___Yes ____No
Timeout for Script MFA before requiring a new MFA code ________ (minutes)
Require a current MFA code to start a remote session (Splashtop or Background Tools) ___Yes ___No
Timeout for remote session MFA before requiring a new MFA code ________ (minutes)
Require a current MFA code before issuing a Reboot from the Asset’s Page ___Yes ___No
Timeout for reboot MFA before requiring a new MFA code _________ (minutes)
Require a current MFA code before editing a policy ____Yes ___No
Timeout for policy editing MFA before requiring a new MFA code ________ (minutes)
The idea here is that each type of editing could be customized by each MSP to require a new MFA authentication before being able to implement that type of task in Syncro. Then, the timeout setting could be adjusted to add some sanity to the mix and give a period of time during which the previous MFA authentication is accepted before requiring a new MFA code. The timeout would allow the MFA request to work like sudo does on a Linux machine.