5acjt (5acjt) asked a question.
Hello there.
I want to find out the general workflow for using shared logins for services like Instagram, Facebook and Twitter.
Our company has a login for each of these social platforms and we have a social media team here but we don't want to give out the credentials as every time a team member leaves we have to change the password.
Using OKTA with SWA works perfectly if 2FA is turned off for Instagram, Facebook and Twitter.
My question is, Is turning 2FA off for Instagram, Facebook and Twitter a security risk when using OKTA SWA.
What is the alternative? I don't want to add every single user's device to the 2FA so that every time one of them tries to log in they all get pinged with a code.
There must be a workflow to do this?
Any ideas would be amazing. Thank you.
Hello,
You would likely find a better answer asking in the SSO channel as Workflows is a specific product. The one portion I can answer with certainty is the following:
>My question is, Is turning 2FA off for Instagram, Facebook and Twitter a security risk when using OKTA SWA.
The simple answer is it does increase exposure and ultimately overall risk since only one factor (a password) would be required to access the services. As suggested above, I would repost your question into a group that has more expertise with SSO scenarios. However, if there isn't a perfect fit for your scenario this may come down to your organization needing to determine the value for the shared account and weighing it against the amount of risk you are willing to accept.