Guest user account guidance

[hswerdfe]

Problem to solve

collaboration with those outside the home agency

Intended users

organizations who need to collaborate with outside users like provincial organizations, university researchers , or hospitals, etc..

Proposal

Currently guidance seems to be limited on the enabling of guest accounts currently in 01_Manage-Identity-Access mention exists of.

Disable guest user access by default. Add only the minimum number of accounts, if needed

I think some organizations are interpreting this as to never have guest accounts, when obviously being able to add guest accounts would greatly facilitate collaboration between organizations.
Adding Guidance about when to best utilize guest accounts and how to secure guest accounts would be great.
Guidance such as:

• Some mechanism exists for informing the other security breaches.
• organization has 2 factor authentication enabled
• giving guest account would greatly spead up collaboration
  etc...

Permissions and Security

unsure

What does success look like, and how can we measure that?

Success

• organizations understand when using guest accounts are good
• organizations start giving out guest accounts in appropriate situations
• there are not substantially more security breaches caused by guest accounts.