This is an automated archive.
The original was posted on /r/sysadmin by /u/Slight_Diamond_796 on 2024-01-22 02:53:54+00:00.
Our last congressional administrator mostly worked from home, though with some days in the building. She was the admin for Google Workspace, Constant Contact, Stripe, is the main user on Quickbooks online (this may change somewhat, but she will still have access) and has online access to all of the banking info. And now would also be an admin for Planning Center (which supports SMS and something like Google authenticator)
We set her up with a cheap church owned cell phone for MFA, supposed to be left at the office, but after she left, the team discovered she was using her personal cell phone. (Her supervisor was aware but wasn’t willing to force the issue). Due to being between ministers, she was supervised by volunteers, until we got a new minister recently.
So, my question is, how do we keep all of those accounts secure and still be able to revoke access if our next CA leaves suddenly, while allowing her access from home.
I’m the tech coordinator but not a security expert as my day job by any means.