Skip to main content

I had an interesting experience the other day with a user that was new to our organization came into my office, saying that I should check the security settings of our Glip site because he was able to create his own account and "Get in".


This caused me a bit of panic until I discovered the following:

  • Because his e-mail was associated with the same domain as mine, when he created his ID, Glip recognized that we already had a Glip instance configured and it added him to it. To its credit, Glip confirms the user's "legitimacy" by making them click on a link in an e-mail that gets sent to their supplied address before activating the account.
  • While he was able to get in, he was able to get into the "Organization-wide" team, but none of the individual teams that we had configured.
  • He was able to see/IM others in the organization.

I suppose it could be argued that this is a great feature that simplifies administration/rollout of the product but I don't really believe that - I can think of many scenarios where organizations might want to restrict who is allowed to use the app.


Has anybody else stumbled across this "feature"? What are your thoughts?


I'd be particularly interested in hearing RingCentral's position on this.



USA-based acct | 2287 Users | 3800 DID lines | 28 sites | all Polycom VVX500 phone handsets

2019-09-20   This was one of the reasons we banned use of Glip in our organization, due to lack of Enterprise level security controls on who can add themselves, who can create teams, who can message to all users without any moderation whatsoever.


Join our unofficial RingCentral Admins User Group
http://ringcentraladminusersgroup.org/index.html


I should have mentioned in my original post that, worst of all, as an administrator, I don't get any notification that the user has added themselves so that I can either address the issue, or add the users to to the appropriate teams.
I don't quite understand the situation here. Did he or did he not have a RC account? If he did, then it's understandable why he was able to log into Glip. Are you trying to restrict RC users from accessing Glip unless you let them?

Reply