Cloudflare allows only Super Administrators to edit/manage account members. The numfocus account currently only has one Super Admin.
Expanding the number of Super Administrators on the account and deprecating the use of the current Super Admin account would streamline membership management. Right now, the current Super Admin account is a single point of failure (if NumFOCUS somehow loses access to that account, it might require us to switch to a new Cloudflare account and reconfigure everything). In addition, because that account is not tied to a specific person, there is less accountability when changes are made.
@bryevdv previously raised the concern that almost all of the members on the CloudFlare account are Administrators (who can access and change everything on the account except for billing and membership management) and do not have two factor authentication enabled. It would be best to require two factor authentication for all Administrators and restrict most members to the one or two domains that they might actually need to manage.
Cloudflare allows only Super Administrators to edit/manage account members. The numfocus account currently only has one Super Admin.
Expanding the number of Super Administrators on the account and deprecating the use of the current Super Admin account would streamline membership management. Right now, the current Super Admin account is a single point of failure (if NumFOCUS somehow loses access to that account, it might require us to switch to a new Cloudflare account and reconfigure everything). In addition, because that account is not tied to a specific person, there is less accountability when changes are made.
@bryevdv previously raised the concern that almost all of the members on the CloudFlare account are Administrators (who can access and change everything on the account except for billing and membership management) and do not have two factor authentication enabled. It would be best to require two factor authentication for all Administrators and restrict most members to the one or two domains that they might actually need to manage.