9.10 expands User Groups in Miva to make them more accessible and easier to use across all admin users. It is highly recommended that you follow the principle of least privilege when setting up your Miva users. This concept means you give each user the minimum permissions required to successfully do their job. For example, if you have an employee who job it is to process orders you only want to give them access to the order processing screens in Miva. Giving them access to do things beyond what their job requires opens additional security concerns.
Here is a overview of the changes to User Groups in Miva 9.10
Adding New Users
There are now 6 default User Groups with the correct permissions already pre-set. You can customize the permissions or create new User Groups, however the 6 default groups make is very simple to give each user the correct permissions at the time the user is created.
The 6 Default User Groups include:
Administrator users in Miva have the highest level privileges available. They can access all areas of the Miva admin and should only be given to the appropriate personnel on your team. Starting from 9.10 and moving forward all new administrator users created must have 2 factor enabled.
Creating new administrator users is now a 3 step process
Users without 2 Factor enabled will have the administrator setting disabled
If you are using a Miva Administrator User to push and pull data via any sort of integration including, Dynamic Order Export, Stone Edge, Shipstation, Shipworks, etc you will need to disable forced 2 factor for those users (assuming an administrator user is required for your integration). Please contact firstname.lastname@example.org and we will provide instructions on how to configure those users so that 2 factor authentication is not required.
Forced 2 Factor Authentication for Administrator Users is being rolled out in a couple phases. Miva 9.10 will introduce the new functionality to all stores however, it will only be enforced for new Administrator users created after 9.10 is installed. Forced 2 Factor will not automatically be activated for all existing administrator users until a future update. This phased roll out gives Miva Store owners the ability to go through their current administrator users and reduce their permissions to a lower level or configure 2 factor for each Administrator user.
Once the forced 2 factor for all administrator users is enabled and an administrator user attempts to login without 2 factor enabled they will be presented with this screen which will allow them to drop their permissions or enable 2 factor.