How to Securely Add a Social Media Company to Your Meta Business Suite (Without Granting Messaging Access for E-commerce Businesses)

For e-commerce businesses, messaging is a crucial touchpoint for handling customer inquiries, processing orders, and managing support. When hiring a social media agency, it’s important to grant them access to manage content and ads without allowing them to handle direct customer messages.

This guide will walk you through how to securely add a social media company to your Meta Business Suite while ensuring they cannot access Facebook Messenger and Instagram DMs.

Why Restrict Messaging Access?

Granting a social media company access to your Meta Business Suite without proper restrictions can lead to:

• Customer data privacy risks (agencies seeing order details, conversations, or payment inquiries)
• Unauthorized interactions (sending messages or responding incorrectly to customers)
• Loss of control over customer service quality

By limiting messaging access, you ensure that only your internal team handles sensitive customer communications.

Step-by-Step Guide to Securely Adding a Social Media Company Without Messaging Access

Step 1: Verify Your Business Setup in Meta Business Suite

1. Go to Meta Business Suite and log in.
2. Click Settings in the left sidebar.
3. Navigate to Business Settings > Accounts to check if your Facebook Page, Instagram Account, and Ad Account are linked.

If your business is not yet set up, follow the on-screen steps to create and link your assets.

Step 2: Request the Agency’s Business Manager ID

To securely add an agency, you should add them as a Partner instead of inviting individual users.

Ask the agency to provide their Meta Business Manager ID by:

1. Logging into their Meta Business Manager.
2. Going to Business Settings > Business Info.
3. Copying their Business Manager ID (15-digit number).
   
   

Step 3: Add the Social Media Company as a Partner (Without Messaging Access)

Now that you have the agency’s Business Manager ID, follow these steps:

How to Add an Agency as a Partner:

1. Go to Meta Business Suite > Settings.
2. Click Business Settings > Partners.
3. Click Add and select Give a Partner Access to Your Assets.
4. Enter the agency’s Business Manager ID.
5. Choose which assets they can access:

• Facebook Page (For content posting & analytics)
• Instagram Account (For content scheduling)
• Ad Account (For running ads)
• Pixels & Catalogs (If needed for ad tracking)

Restrict Messaging Access by selecting only:

• Editor (Can create and manage posts but not access messages)
• Advertiser (Can create and manage ads without accessing Page inbox)
• Analyst (Can view analytics only)

Click Confirm to send the request.

Once the agency accepts, they will not have access to customer messages in Facebook Messenger or Instagram DMs.

Step 4: Double-Check Messaging Restrictions

Even after assigning restricted roles, you should manually verify that the agency cannot access messages.

How to Restrict Messaging in Meta Business Suite:

1. Go to Business Settings in Meta Business Suite.
2. Click on Pages under the Accounts section.
3. Select the Facebook Page you shared with the agency.
4. Under People & Partners, click on the agency's name.
5. Ensure that Messaging Access is Disabled (If enabled, change their role to Editor or Advertiser).
   
   

Step 5: Restrict Access to Instagram Direct Messages

To prevent the agency from seeing Instagram DMs:

1. Go to Instagram Settings in Meta Business Suite.
2. Click Permissions > Message Control.
3. Set Who Can See & Reply to Messages to Only Business Admins.

This ensures that only your internal team handles direct messages on Instagram.

Step 6: Enable Two-Factor Authentication (2FA)

To prevent unauthorized access, require all team members (including agencies) to enable 2FA.

How to Enable 2FA in Meta Business Suite:

1. Go to Business Settings.
2. Click on Business Info.
3. Scroll to Two-Factor Authentication.
4. Select Everyone or Admins Only.

This adds an extra layer of security, preventing unauthorized logins.

Step 7: Regularly Audit and Monitor Access

Even after setting restrictions, you should routinely check who has access to your Meta Business Suite.

How to Review Agency Access:

1. Go to Business Settings > Partners.
2. Click the agency’s name and review their assigned roles.
3. If necessary, remove them from Page Management to further restrict their access.

Additionally, monitor the Security Center for any suspicious activity or unauthorized logins.

Step 8: Set Up a Secure Offboarding Process

If you decide to stop working with the agency, remove their access securely.

How to Remove an Agency from Meta Business Suite:

1. Go to Business Settings > Partners.
2. Find the agency and click Remove Partner.
3. Revoke access to any connected Ad Accounts, Pixels, or Instagram accounts.

If they created ad campaigns or assets under their account, request ownership transfer before removing them.

Final Security Tips

• Never share your personal Facebook login with the agency.
• Use Meta Business Suite for access management instead of adding individuals.
• Limit Admin access to only trusted partners.
• Check Business Settings regularly to ensure security policies are enforced.
• Train your internal team on handling sensitive customer conversations.

If you need professional social media management without compromising security, MarketDragon can help. Get a free consultation today!