Users adding themselves to Glip

  • 0
  • 1
  • Question
  • Updated 4 weeks ago
  • Answered
I had an interesting experience the other day with a user that was new to our organization came into my office, saying that I should check the security settings of our Glip site because he was able to create his own account and "Get in".

This caused me a bit of panic until I discovered the following:
  • Because his e-mail was associated with the same domain as mine, when he created his ID, Glip recognized that we already had a Glip instance configured and it added him to it.  To its credit, Glip confirms the user's "legitimacy" by making them click on a link in an e-mail that gets sent to their supplied address before activating the account.
  • While he was able to get in, he was able to get into the "Organization-wide" team, but none of the individual teams that we had configured.
  • He was able to see/IM others in the organization.
I suppose it could be argued that this is a great feature that simplifies administration/rollout of the product but I don't really believe that - I can think of many scenarios where organizations might want to restrict who is allowed to use the app.

Has anybody else stumbled across this "feature"?  What are your thoughts?

I'd be particularly interested in hearing RingCentral's position on this. 
Photo of Keith Lazarus

Keith Lazarus

  • 900 Points 500 badge 2x thumb
  • puzzled

Posted 1 month ago

  • 0
  • 1
Photo of Cecile Glassy

Cecile Glassy, Champion

  • 21,366 Points 20k badge 2x thumb


USA-based acct | 2287 Users | 3800 DID lines | 28 sites | all Polycom VVX500 phone handsets

2019-09-20   This was one of the reasons we banned use of Glip in our organization, due to lack of Enterprise level security controls on who can add themselves, who can create teams, who can message to all users without any moderation whatsoever.


Join our unofficial RingCentral Admins User Group
http://ringcentraladminusersgroup.org/index.html

Photo of Keith Lazarus

Keith Lazarus

  • 900 Points 500 badge 2x thumb
I should have mentioned in my original post that, worst of all, as an administrator, I don't get any notification that the user has added themselves so that I can either address the issue, or add the users to to the appropriate teams.
Photo of Mark Bartoszek

Mark Bartoszek

  • 1,036 Points 1k badge 2x thumb
I don't quite understand the situation here. Did he or did he not have a RC account? If he did, then it's understandable why he was able to log into Glip. Are you trying to restrict RC users from accessing Glip unless you let them?
Photo of Keith Lazarus

Keith Lazarus

  • 900 Points 500 badge 2x thumb
No - he didn't have a RC account - not to begin with.  He simply went to the RC/Glip website, selected "Create new user", entered his details with an email address corresponding to our domain, and he became part of our Glip instance.
Photo of Mark Bartoszek

Mark Bartoszek

  • 1,036 Points 1k badge 2x thumb
Got it! Upon further review of the Administration settings in Glip, there is a setting that allows employees to sign up without being invited. I would turn that off if you don't want users to add themselves. I'm actually going to do that myself. It's strange that it would be turned on by default.


Photo of Keith Lazarus

Keith Lazarus

  • 900 Points 500 badge 2x thumb
Mark,  Thank you very much for posting that.  Interestingly, I'm not seeing it either in the Admin settings on my Glip client or my Glip web accounts.  I'm *guessing* that it's only there in the paid version (we're in the process of transitioning to that).  

I'll update my original post once I've gotten to the bottom of why I'm not seeing it.

Thanks again!