Acoustic Campaign clients are responsible for the provisioning and management of their user accounts and client-managed security configurations such as IP restrictions. These internal processes and controls, and others, must be managed by your organization according to your organization's policies and procedures.

For your protection

In the interest of protecting the security your organization's accounts, the security privacy of your data and your brand reputation, Acoustic does not enact any security-related changes to your account unless your organization is incapable of accessing, or restoring access to, an org admin account in your organization. If your organization has at least one active and enabled org admin account, your organization must take all available internal measures, such as accessing the user's email account to retrieve a password-reset or IP Validation email, to restore access independently.

What support can do

If your organization has exhausted all internal measures to restore access or all org admin accounts are technically incapable of accessing the organization due to controls enforced by Acoustic Campaign, for example, no active and enabled org admin account exists or IP restrictions are misconfigured, the Client Support team can provide assistance by enacting one of a limited set of permitted changes (e.g., adding a single IP address or changing the notification email on a single org admin account) only after following Acoustic Campaign's internal process, which includes specific security protocols to ensure a requested change will not result in unauthorized access to your organization and data.

This process includes having a member of your organization that is in a position of authority provide written approval, from their corporate email account, of the specific change to be enacted; persons with such authority include an org admin (provided the corporate email address that is used for the approval matches the notification-email address on an active, enabled org admin account) or an officer that can run legally binding agreements on behalf of your organization (examples include the client user contact or client billing contact listed on the contract or recent order form, legal counsel, or a member of executive management). The written approval is then forwarded to the Acoustic Campaign Security team for review and validation.

Recommendations

As this process may result in delays, it is in your organization's best interest to have and maintain multiple active, enabled org admin accounts, and to have multiple personnel with the org admin privileges to provide adequate coverage in the absence of the primary org admins to prevent potential delays in accessing your accounts.

The use of token-based, multi-factor authentication, which provides extra assurance that an account can be accessed by only the authorized user, is also highly recommended. Using two-factor authentication in place of IP restrictions ensures that the authorized user is still able to access the account even if your organization's IP address changes or your corporate network/VPN is unavailable. Two-factor authentication is available as an optional feature and can be provisioned on a user-by-user basis, so it can be enforced for only a single org admin account, all org admin accounts, or any combination of user accounts.