AppDirect Marketplace Security

Recommended Security Steps -- Adding Additional Layers of Protection to Marketplace

AppDirect has recently taken additional measures to enhance the security of our platform. This includes requiring AppDirect employees to complete two-factor authentication for marketplace access to better safeguard against possible unauthorized users or activity. We strongly recommend that our valued channel partners take these measures to ensure optimal security of their AppDirect hosted apps marketplaces.

Best Practices:

1. Enable 2-factor authentication for marketplace managers
   • While enabling this feature is always a best practice, it is particularly important for Marketplace Managers (Channel Admins) and Company Admins of the marketplace management company who have special privileges. (Use Google Authenticator instead of SMS).
2. Allow company email addresses only
   • Don't allow users to sign up with non-company email addresses as an added layer of protection. Conduct an audit of the user emails currently in the system to ensure they are legitimate.
3. Set up strong password policies
4. Disable open registration so user registration is by invitation only
5. Use marketplace SMTP settings instead of overriding them with your own SMTP settings
6. Frequently review who has privileged roles in your channel
7. Only allow assisted sales for infrastructure products
• If you're selling Infrastructure products like Azure or AWS, you should not enable self service orders for these products, and only allow assisted sales. This step helps deter fraudulent orders from users with no intent to pay later for service provided.
8. Force re-authentication on the marketplace when a user performs a sensitive action as an additional layer of security.

Please reach out to your Platform Success Manager for support with these security measures.