Skip to main content
Gainsight Inc.

Top 3 Best Practices to Secure Your Gainsight PX Subscription

We should all protect what has been entrusted to us; that includes the powerful functionality and data accessible in your Gainsight PX subscription. This article outlines the top 3 best practices Gainsight recommends you take to secure your Gainsight PX subscription.


Securing your Gainsight PX subscription is a shared responsibility. Gainsight takes certain actions as outlined in our independently-audited SOC2 Type II report, and other steps require your action. Gainsight recommends beginning with the 3 best practices outlined in this article. 

Step #1: Enforce Multi Factor Authentication

Gainsight recommends you implement Multi Factor Authentication (MFA) to secure your PX subscription. Enforcing MFA is the most critical step for thwarting attackers from gaining access to your PX subscription. 

MFA is an approach to logging in which requires users provide something from at least two of the following categories:

  • Something the user knows, such as a password or PIN

  • Something the user has, such as a mobile phone

  • Something biologically unique about the user, such as a fingerprint or facial geometry

To implement MFA:

  • Ensure that your company provides a Security Assertion Markup Language (SAML) Identity Provider.

  • Ensure that the SAML Identity Provider mandates MFA for all Gainsight PX users. 

  • Configure SAML authentication in your PX subscription by referring to the article, Configure SAML Authentication.  

Step #2: Do Not Share Unnecessary Sensitive Data

To harness the power of the Gainsight PX platform, customers trust Gainsight with their data. Given the power of the platform, that makes sense. However, Gainsight recommends not sharing unnecessary sensitive data. For example, don’t send Gainsight Social Security Numbers, Protected Health Information, or credit card numbers if you don’t need to. Limiting distribution of sensitive data reduces the risk of its compromise. 

How to exclude and mask tracked data

For more information on how to do this, refer to the Exclude and Mask Tracked Data article.

Step #3: Restrict Permissions

All Gainsight users need the permissions to fully accomplish their jobs, making customers successful. However, they don’t need more permissions than necessary. Over-permissioned accounts are dangerous for two reasons.

  • If an over-permissioned account is compromised, the attacker can do more harm with it. 

  • An over-permissioned user can do more harm, either accidentally or maliciously.

How to restrict permissions:  

For how to restrict permissions in Gainsight PX, refer to the Role-Based Access Control article

Gainsight considers these the top three steps to securing a Gainsight PX subscription. Completing them will help you make your customers successful while thwarting attackers.

  • Was this article helpful?