Administration activity helps you to view your account details, manage security options, administrators, users and user profiles, partnerships and connection to external accounts used for subscription management and SMS sending.
The activity is organized into sections designed to help you configure and manage your account:
The Administration functionality is now part of My Account section, consolidating similar functionalities in one location. As such, it can be accessed from the AirVantage portal by clicking on the User Menu and selecting My Account:
The account details section displays:
The Offers section displays the offers that are set up in your AirVantage account. Offers define the services that are enabled on your systems.
Click view systems… to open a Monitor > Systems page showing you all the systems in that offer.
The Support section contains all of the information on resources you might need, including:
The Address book section contains all delivery contacts that you may ship an order to. Those contacts don’t have an AirVantage account, they are only used for orders reception
The Users section displays the list of users already created. It provides the following features (only administrators or users with the associated permission can take these actions):
You can select the following columns to view in the Users section:
Properly managing users and user accounts within ALMS is a critical element to managing the overall security of your ALMS account. Users with Administrative privileges are the only users that have the rights to create user profiles and manage users within the account.
As user management is such a critical security issue, Sierra Wireless has directed its Customer Support organization to decline requests for day-to-day user management within the ALMS account. We have done this to reduce the risk of social engineering attacks on our Customer Support organization, and to ensure that our customers are fully in control of access to their account.
We would request that our customers make changes like deleting the existing users, creating user profiles, adding Administrators and other changes that involve user management.
It is inevitable that there will be situations where our Customer Support team will need to intervene to make user-related changes in the account. This might be a situation where a solo Administrator in the account may have left the organization and a new Administrator needs to be appointed. In these situations, our Customer Support team will assist, but will look for additional verification prior to making changes within a customer account.
Documentation Resources:
Recommendation: Sierra Wireless recommends that all customers maintain at least two users with Administrative privileges in the account at all times. This will allow customers to manage their account and make changes to user privileges and access rights as needed.
Sierra Wireless recommends that all user accounts in ALMS be assigned to a named user with a unique email address and not to a shared account with shared credentials. While it is often convenient to have shared user accounts, this practice should be discouraged as it poses a security risk to the account.
When you have shared user accounts you lose all transparency and auditability of the transactions that occur within ALMS. As the account credentials are shared, you can never know who specifically made a change to the devices in the account. To maintain proper audit capability, you should enforce the use of unique accounts tied to real people.
Profiles define which system entities and features are accessible/available to a given user.
Pre-defined profiles are available in the account, and administrators can create additional profiles.
Administrators can create custom profiles that reflect user roles in their organization. Since users can now have multiple profiles, adding or removing a role becomes as simple as adding or removing the corresponding profile.
Profiles are listed in the Administration > Profiles section and can be reviewed and edited from the Profile Details page.
From the Profiles section you can:
For additional information see Managing Profiles.
Partners are other companies that are connected to you in some way. When a partner is added to your network, you select a profile to restrict access to all their users when they access to your company. It is possible to define a profile with No rights to a partner.
The Partners section displays your list of partners. It provides the following features:
The Renewals section is visible only to customers with pre-paid offers on their ALMS accounts. As Direct Billing offers invoice automatically every month, there are no “renewal” dates for these offers.
The section shows you a list of renewal operations that occurred in your account.
Renewal Information displays your upcoming renewals:
Last Renewal Operations displays the most recent renewal activity:
The security options described hereafter are based on user or device connection restrictions. Those options are configurable per company. These restrictions help protect your data from unauthorized access and phishing attacks. The security section also covers the management of company administrators.
To access the security section, from My Account click on Administration > Security:
The Two-Factor Authentication (2FA) option enables two-stage verification to double check the identity of a user trying to login to ALMS. It combines the standard login based on a user name and password (“something the user knows”) with an additional factor “something the user has”.
When this option is activated, after entering credentials on the login page, the user will have to provide the 6-character code (a one-time password) the user will receive in a SMS on their phone. The SMS is sent by ALMS to the phone number configured in the user’s detail form. This 2FA will be required at every log in for every user of the company.
For the 2FA feature to operate correctly, all users in the company MUST have a phone number in their user profile. In additon, once 2FA is activated in the company, all new users will require a phone number.
Two-Factor Authentication is a feature licensed as part of AirLink Complete or AirLink Premium services packages. To access this feature, all devices in the account must have AirLink Complete or AirLink Premium and cannot be on AirLink Basic. If you have devices on AirLink Basic in the account, you will be asked to upgrade them prior to the feature being enabled.
To enable Two-Factor Authentication in your company, please contact your reseller or our support team.
The User IP Filtering option enables you to restrict users login based on the IP addresses they are logging from. You can therefore use this option and configure it with your organization trusted IP Range.
As input, you can provide:
Once option is activated, a user trying to log from an IP address not in the authorized list will be denied access to AirVantage.
The Device IP Filtering option enables you to filter devices access based on the IP addresses they communicate from. You can therefore use this option and configure it with your organization trusted IP Range.
As input, you can provide:
If your devices are communicating through a VPN to AirVantage, you should use the range “10.191.0.0” to “10.191.255.255” for NA and “10.193.0.0” to “10.193.255.255” for EU to ensure every device communication comes from within the VPN.
If you are not using a VPN to AirVantage, you can still use this option. As the IP address allocated to devices depend on your operator, to help you with the configuration of the option, you can find the external IP address detected by AirVantage for each system in the timeline of this specific System.
Once option is activated, a device trying to communicate from an IP address not in the authorized list will be denied access to AirVantage.
Single sign-on (SSO) refers to the ability for AirVantage users to log in with their enterprise credentials to get access to AirVantage seamlessly as they do for most applications they are using in their day to day work. SSO solves key problems for the business by providing:
Single Sign On is a feature licensed as part of AirLink Complete or AirLink Premium services packages. To access this feature, all devices in the account must have AirLink Complete or AirLink Premium and cannot be on AirLink Basic. If you have devices on AirLink Basic in the account, you will be asked to upgrade them prior to the feature being enabled.
The SSO option requires your identity provider to support OpenID Connect (OIDC) as authentication protocol. To enable single sign on in your account, please contact your reseller or your Sierra sales representative.
Once single sign on option is enabled in your account, you can refer to the How to configure SSO for my account?
Company administrators are the only ones who can edit the security configuration, create new users or profiles.
An administrator can promote any user from the company, and also add users from partner companies to the role of company administrator: choose the partner click in the Administrators field to select users from the partner.
AirVantage requires the user to authenticate with the system to provide access. As part of the standard security options AirVantage prevents users from making multiple erroneous login attempts. The system requires a user to wait a random amount of time between two login attempts. This prevents automated systems from attempting to brute force user passwords.
The External Accounts section is where you can configure connectors to operator and SMS accounts.
Operator accounts are used for 3rd party subscription management. It holds the company configuration and credentials to access the 3rd party subscription management platform. Depending on the integration implemented with the given operator, you’ll be able to do the following actions on the declared 3rd party subscription: synchronize status from the operator network, suspend or resume the subscription, activate or terminate a subscription. An operator account can be associated with SMS accounts that can be used when AirVantage send an SMS to a subscription of this account.
When using Sierra SIMs, the operator accounts are automatically added and configured in this section.
Both sections provide the following features to :
This section provides you with helpful procedures for common tasks.