Staff Member Can't Have The Same Username As Client (Shared Account) ?

[gutterboy]

As per the title this is not possible right? Since we are integrating it with our main site and I have a user account on the main site I obviously will need a user (client) account on Blesta with the same username; does this mean I have to have a separate staff account with a different username as client accounts can't be added as staff accounts as well?

[Michael]

Nope they can't have the same usernames.

[gutterboy]

Ok thanks. That is a little annoying as now we have to make sure any usernames we used for staff accounts can't be used as usernames on the main site.

[Daniel B]

Why would you want your billing system usernames to be the same as publically visible usernames on your main site anyway?  Different usernames + different passwords = good billing system protection.

[gutterboy]

Why would you want your billing system usernames to be the same as publically visible usernames on your main site anyway?  Different usernames + different passwords = good billing system protection.

 

Because it is a SSO (single sign-on) system; don't think there are many sites that make you setup a separate user/pass so you can pay your bills.

[Daniel B]

Because it is a SSO (single sign-on) system; don't think there are many sites that make you setup a separate user/pass so you can pay your bills.

 

I can guarantee you that most sites out there don't use their admin accounts to pay said bills...they'd have a separate client account, so that analogy doesn't make much sense.  Not bashing you or anything, so hopefully you didn't take it like that...I just don't see the desire.

 

A single sign-on system could work for client accounts, but I don't see a need to include admin accounts into that unless you are actually building the management section of Blesta into your website (in which case possibly doing it in the reverse method?...have your Blesta info work on your website, rather than your website info work on Blesta?)

[gutterboy]

I can guarantee you that most sites out there don't use their admin accounts to pay said bills...they'd have a separate client account, so that analogy doesn't make much sense.  Not bashing you or anything, so hopefully you didn't take it like that...I just don't see the desire.

 

A single sign-on system could work for client accounts, but I don't see a need to include admin accounts into that unless you are actually building the management section of Blesta into your website (in which case possibly doing it in the reverse method?...have your Blesta info work on your website, rather than your website info work on Blesta?)

 

Oh ok, I misunderstood you. I thought you meant I should have different account names for clients as well as admins. I can see your point for admins though. But on that note, we do a lot more on actually preventing unauthorized users from actually accessing the admin login page so users knowing the possible admin usernames isn't as big a deal as it could be.

[Daniel B]

Oh ok, I misunderstood you. I thought you meant I should have different account names for clients as well as admins. I can see your point for admins though. But on that note, we do a lot more on actually preventing unauthorized users from actually accessing the admin login page so users knowing the possible admin usernames isn't as big a deal as it could be.

 

Yeah, on the scale of importance of security concerns, usernames are pretty much at the bottom for me...plenty of other things that control security better than keeping your username itself unknown...but every tiny little bit helps I guess.

 

Though I'm curious, why can't your staff accounts on your site just be related to the staff account on Blesta?  I guess I don't see why you are trying to associate a staff account on your site with a client account in blesta?

[Michael]

We use our business email addresses for admin usernames. You could do the same.

[gutterboy]

Yeah, on the scale of importance of security concerns, usernames are pretty much at the bottom for me...plenty of other things that control security better than keeping your username itself unknown...but every tiny little bit helps I guess.

 

Though I'm curious, why can't your staff accounts on your site just be related to the staff account on Blesta?  I guess I don't see why you are trying to associate a staff account on your site with a client account in blesta?

 

Well our system will automatically create a blesta account for said users on our site; so with the way it works at the moment we would have to restrict users on our main system from creating an account with the same username as we setup staff Blesta accounts for, otherwise we wouldn't be able to create a Blesta account for them (as our system wouldn't know the username has already been taken in Blesta) and hence would let them create the account unless we put controls in to disallow the usage of admin usernames in Blesta.

 

We use our business email addresses for admin usernames. You could do the same.

 

So if we setup our staff accounts to use an email as the login then it wouldn't matter about the username being duplicate?

[Michael]

Well our system will automatically create a blesta account for said users on our site; so with the way it works at the moment we would have to restrict users on our main system from creating an account with the same username as we setup staff Blesta accounts for, otherwise we wouldn't be able to create a Blesta account for them (as our system wouldn't know the username has already been taken in Blesta) and hence would let them create the account unless we put controls in to disallow the usage of admin usernames in Blesta.

 

 

So if we setup our staff accounts to use an email as the login then it wouldn't matter about the username being duplicate?

 

Username = front end

Admin username = email address

 

everything else can be the same.