Any customer can find a Service Provider to help them manage their account. The customer might need long term help with the management and configuration of their account and security services, or they might only need someone to manage their account for a short period of time.
Account delegation can be temporary or it can be permanent (until revoked).
If a customer contacts you to request your help with the management of their account and you agree to do so, then they delegate their account to you. As the Service Provider, you must initiate the account delegation process with a request for account access.
You cannot manage a WatchGuard Cloud account that is in a different cloud region.
Request Account Access
To request access to manage an account, you generate a verification code in WatchGuard Cloud and send that verification code to the owner or administrator of the account.
The client uses this verification code to approve your account access request and delegate management of their account to you.
To request account access:
- Select Administration.
- On the Administration page, click Request Access to an Account or Request Access (if you already manage delegated accounts, the Manage Access tile is different).
- On the Managed Access page, click Request Account Access.
- For Timeframe, select Until Revoked to request ongoing account access. If you will only manage the account for a specific amount of time, select Set Expiration Date and specify the date and time for your access to the account to expire.
- Click Next.
- Click Copy to Clipboard to copy the verification code shown on the page. You must send an email with the verification code to the owner of the account. We recommend that you use the provided text as a template.
Only the verification code is copied when you click Copy to Clipboard. You must manually copy the provided email text if you intend to use it as a template.
- Send the verification code to the owner of the delegated account.
The client uses the verification code to give you access to their account. When they approve your request for account access, the account is shown as a delegated account on the Manage Access page.
See and Manage Delegated Accounts
Accounts that have been delegated to you are visible on the Subscribers and Service Providers pages with all of your other customer accounts. To identify a delegated account, look for a Delegated tag that appears next to the account name.
Only accounts that accept your access request appear on the Subscriber and Service Provider pages. Delegated accounts do not appear while the request is pending, and they are removed after your account access expires or is revoked.
You can also see all of the accounts that have been delegated to you on the Manage Access page.
You can log in to and manage a delegated account as if it were a customer account from the Subscribers or Service Providers page.
To log in to and manage a delegated account:
- From the navigation menu, select Subscribers or Service Providers based on the account type.
- Click the Name of the delegated account.
The Subscriber view opens for the account.
The same role mapping permissions apply when an operator from your account makes changes to a delegated account. To learn more, see Role Mapping.
Manage Account Access Requests
You can see and manage your pending access requests on the Manage Access page.
From the drop-down list in the Accounts section, select Pending to see your account access requests that have not yet been accepted. The Token ID column shows the relevant verification code and the Status column shows the date that the verification code expires.
Click to delete a verification code and cancel your account access request. When you delete a verification code, it is no longer valid and does not work if a customer tries to use it to give you access to their account.