Feb 5, 2013

MailChimp v8: Multi-User Accounts and Permissions

mailchimp-acl-v8

On Monday, February 18, we’re launching MailChimp v8. Now, eight is pretty significant as far as version numbers go, so we figured we better give our customers a pretty big feature to match: multi-user accounts (yes, finally). This means you’ll be able to set up a MailChimp account as an "Admin," then grant permission to "Authors" who are allowed to design templates and create campaigns, or invite people in your organizations who can only view reports, and so on.

This upgrade made us change a lot of code in a lot of places, and is forcing us to kill a feature you may be using right now (Account Keys), so we should discuss v8 in detail.

The Four Permission Levels

We have over 2.5 million users. And you’re all different. Aaaaaand you all want completely different ways to assign users and permission levels. We know this because we’ve collected all your email feedback over the years that contain keywords like "access control, permissions, multi-user accounts, ACL, workflow, etc.," then read through and grouped them all into categories (with the help of an intern), then determined the levels of permission that would work for the most users. Our intent was to optimize this functionality for larger organizations, and/or creative agencies who work with those larger organizations.

Here are the account types we came up with:

  1. Admin: Highest level access to everything in MailChimp. Most importantly: account settings, billing info, the ability to shut down the account, and the ability to add other user types.
  2. Manager: Most of the essential functions of a MailChimp account (creating and sending campaigns, viewing lists and reports). Basically, managers can’t access account settings, change billing, export lists, or invite other users.
  3. Author: Can create campaigns and edit templates, but cannot send them. You might give this access to an in-house designer or writer, or even to an outside design agency.
  4. Viewer: Only has the ability to view campaign reports. Grant this to someone in the company who needs to see campaign results, but doesn’t need to be creating campaigns or fiddling with lists. If you used our VIP Reports feature in the past, you could invite people as Viewers instead, so you don’t have to share reports each time you send a campaign.

For a detailed look at what each account type can do, here’s a KB article.

We could’ve added a million other sub-levels and super granular permissions management for individual features, but that would’ve added too much overhead to our code. If there’s one thing we at MailChimp work hard to avoid, it’s overhead. Overhead (like processeez, forked code, bureaucracy and wrapping "if-then" logic around every feature we code) kills innovation. And innovation is priority #1 for self-serve SaaS businesses like MailChimp (imho). We may add more granular permissions down the road, but iteration is another important principle for us: We just need to get this live, then refine more as time goes by and as customers send feedback.

 

Interface Changes

For such a large project, the interface changes coming in v8 are surprisingly subtle. In fact, you probably won’t notice any changes to the interface at all, unless you actually add more users to your account.

Logging in

Let’s say you’re a designer, and you’ve been granted "Author" permission for multiple companies that use MailChimp. After you log in with your universal MailChimp username and password, you’ll get a screen where you choose the account you need to work in:

select-acct

 

Switching accounts

Once you’re inside MailChimp, you can switch to different accounts that you’ve been granted permission for, by using the navigation at the top right of the screen:

switch-acct

 

You may also notice that we display your name and company up there now, as opposed to just your username. This helps better distinguish all your different accounts in MailChimp.

 

"I’m finished. Can you send it now?"

If you’re an Author, you can create campaigns, but you can’t send them. So on the final pre-delivery checklist, you won’t get the buttons to "Send Now" or "Schedule for Later." Instead, you’ll get a button that says "I’m Finished," which will allow you to send a note to Managers and Admins so that they can log in and deliver the campaign.

all-done

 

Extra security controls

Admins are the only accounts that can invite other users. Paranoid Admins can also enable extra security notifications and require sub-accounts to use two-factor security.

security

Inviting new users

When you invite a user, they’ll receive an email:

email-invite

 

Clicking "Join Account" will take them to account setup:

acct-creation

Authors, who are restricted to creating campaigns, don’t get the MailChimp Dashboard when they sign in. They just get the Campaigns screen. Similarly, Viewers just get a list of Campaign Reports. There are elements here and there where you’ll notice some links have gone away. Only Admins have permission to export lists, so any link to that area will be hidden.

 

Ramifications You’ll Need to Wrap Your Head Around

Cool so far? Okay, now it’s time to put down the coffee mug and lean closer to the screen because it’s about to get hard. Wait—go ahead and take one more sip first. Okay, here goes…

Account Keys converted into Admin-level users

Now that we’re launching multiple accounts, what do we do with our old Account Keys feature? If you’ve ever granted an Account Key to someone, you know that it was basically like giving them a set of keys to your house. Sure you can change your locks (or revoke an Account Key) if something went wrong, but you tend to only give keys to people you really know and trust. Since Account Key holders are equivalent to "Admins" for your account, they’ll all be converted over to Admin level users. This is to prevent interruptions for anyone out there that’s used to a certain level of access to your account. So now’s a good time to sign in to your MailChimp account and revoke any keys that aren’t being used anymore. Or, when v8 is live and propagated to all servers (by the end of next week, if all goes well) you should sign in and change permission levels for any users that you don’t want to be an Admin.

MailChimp’s API, OAuth and mobile apps not converted yet

We’re not 100% finished yet. There will be places in MailChimp where only Admin level access works: the MailChimp API, our mobile apps (which use the API), and third-party integrations that use our API. All this means is that if you try to use something that accesses MailChimp through the API, only Admin credentials will work. Non-Admins will get errors.

Security considerations

Admins can enable our free two-factor authentication security service (Alter Ego) to add an extra layer of security to sub-accounts:

alter-ego-required

If you’re not familiar with AlterEgo, it’s something we built a couple years ago in response to some high-profile security breaches around the internet, where people were re-using passwords across multiple services. We looked into different two-factor security options out there, and felt that most were overly rigorous or too expensive for the average MailChimp user. So we created our own service that we think is a good blend of security, usability, and price. We recently started offering a "safe sender discount" of 2% to all accounts that have enabled two-factor security.

 

Other changes in v8

AlterEgo Upgrades

Since an Admin can require AlterEgo with the check of a box, we decided to make AlterEgo a lot easier to use for Managers, Authors, and Viewers. You can now choose to have AlterEgo send a text message to your smartphone whenever someone logs in with your credentials. You’d reply with a "Y" or "N" to grant access. It’s a little faster than opening the app and generating a code.

"Golden Monkeys –> VIP" nomenclature change

A little while back, we launched a mobile app called Golden Monkeys. The idea was that you could mark certain subscribers on your list as "Golden Monkeys" (an extremely rare, hard to find monkey) and then if/when they opened or clicked one of your campaigns, you could get a real-time alert on your smartphone. It’s a nice app. You should try it. Anyway, we’re keeping all this functionality, and we’re keeping the Golden Monkeys mobile app, but we’re changing "golden monkey" to "VIP" inside the MailChimp web app. In other words, you’d "Mark a subscriber as a VIP in MailChimp, then use our Golden Monkeys app to know when they open."

Security Questions

We used to ask security questions upon new account creation. Yes. We know security questions are infuriating. But they’re necessary. To make them slightly less infuriating, we’ve changed them so that they ask you and your users at another, hopefully more convenient, time than during account creation.

 

More power to more users

V8 should help larger organizations give more of their staff the ability to get behind the wheel and use MailChimp’s power features.

And with that, I fiiiiiiiinally have an excuse to use this footage: