Skip to main content
Skip table of contents

Manage Administrator Accounts

Naturally, within MyQ different levels of user rights can be set as you choose, allowing some users only access to basic functions, while some are full administrators.

Getting these settings right is important, and extra guidance on how to do so is available here, though as a general rule we recommend granting administrator rights to as few users as possible, to prevent accidental changes.

However, even once you’ve carefully selected users who require administrator level access, there are further guidelines you can follow to ensure you’re MyQ account remains as secure as possible.

Administrator Accounts for Administrative Processes Only

In most deployment scenarios, your administrator-level users in MyQ will also, at times, be regular users, meaning sometimes they simply need to print a document, and sometimes they need to register 87 new users in your system.

We recommend that for these users, two separate accounts are created, one for everyday use, and another strictly for admin. For example, your IT Administrator, Tim, should have two accounts, tim.canterbury for when he needs to print or scan like any normal user, and tim.canterbury.admin for completing administrative procedures.

The normal user account assigned to admins should not have high level privileges set, only those required for everyday printing operations. There are a few reasons this is a more secure solution than allowing administrators to always use their admin level accounts:

  • The administrator account is not used for daily activities, minimizing the “attack surface”.

  • The principle of Risk-Based Authentication can be applied, and thus the administrator account might have higher requirements for authentication such as password length, multi-factor authentication, etc.

  • The distinction between accounts allows for more effective filtering in the MyQ Log and Audit Log.

Use the *Admin Account Only When Required

If you’ve already set up an instance of MyQ, you will know that by default your account is created with a *Admin user, with higher levels of privileges. While this account can be used in perpetuity for administrative purposes, doing so is not recommended for security reasons.

We recommend that after installing a new instance of MyQ you:

  1. Configure the *Admin password in Easy Config.

  2. Use this account to complete set up, synchronize or create users, and assign them rights.

  3. Create at least one new user with administrative rights, but assign the minimum rights needed to each user.

  4. Return to Easy Config and disable the *Admin account.

Once the setup is complete, use only the admin-level accounts you have created with the appropriate rights to administer your account.

Minimum Rights as Best Practice

As a general rule, any account in use (even by an administrator) should only have the rights scope which is necessary for the task being completed. Excess rights often lead to accidental error or weaker security in your account as a whole.

Selective rights can be granted to users with certain administrative tasks, such as the right to Manage Users or Manage Settings, while avoiding granting more users full Administrator rights. More information can be found on managing your user rights to create a functional and secure environment in User Rights.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close