Searching...

Matching results

    Administration

    Administration activity helps you to view your account details, manage security options, administrators, users and user profiles, partnerships and connection to external accounts used for subscription management and SMS sending.

    Initializing Table Of Contents...


    Overview of Administration

    The activity is organized into sections designed to help you configure and manage your account:

    • Account details
    • Offers
    • Support
    • Users
    • Profiles
    • Partners
    • Renewals (ALMS with Pre-Paid Offers)
    • Security options
    • External accounts

    The Administration functionality is now part of My Account section, consolidating similar functionalities in one location. As such, it can be accessed from the AirVantage portal by clicking on the User Menu and selecting My Account:

    Account details

    The account details section displays:

    • the company name and address
    • the account type that reflects the offer you have subscribed
    • the status of the account
    • an optional picture for the company logo
    • the billing contact (depends on type and status of account)


    Offers

    The Offers section displays the offers that are set up in your AirVantage account. Offers define the services that are enabled on your systems.

    Click view systems… to open a Monitor > Systems page showing you all the systems in that offer.

    • Number of Systems: Displays the number of active systems. Click the Details offer icon to view details for an offer (see the AirLink Complete example below).
    • Type: Commercial, Trial or Prepaid. Commercial offers are aligned with a billing method. Trial offers are provided to customers when they are trialing our services, and are used temporarily. Prepaid offers last for a given period, after which systems are suspended.
    • Contract Period: Defines the commitment period for the offer.
    • Auto Activation Period: Length of time after system registration that the system can remain in an Inventory state. Once the auto activation period expires, the system is automatically activated in AirVantage on the offer selected during registration.
    • Bytes Limit: For a connectivity plan, this defines the monthly data limits (if any).
    • Early Terminate:
      • Allowed: You can terminate any system within contract period and remaining months due will be charged.
      • Not Allowed: You cannot terminate systems within the contract period, and terminate is only possible once the contract period is over.
    • Services: Defines the components of the offer and indicates whether the service supports Connectivity, DM (Device Management) or both. For AirLink routers, when the offer details are exposed, the Services will detail which router models are supported.


    Support

    The Support section contains all of the information on resources you might need, including:

    • Documentation: a link to the on-line documentation
    • The Source: A link to the Source, our technical support website
    • Contact us: Details on how to contact the technical support
    • Feedback: A link to User Voice, an on-line tool for submitting product enhancement requests.


    Address book

    The Address book section contains all delivery contacts that you may ship an order to. Those contacts don’t have an AirVantage account, they are only used for orders reception


    Users

    The Users section displays the list of users already created. It provides the following features (only administrators or users with the associated permission can take these actions):

    • Invite a user (click +)
    • Edit the profile of a user (or multiple users)
    • Delete a user from the current company

    You can select the following columns to view in the Users section:

    • Email
    • Last login
    • Name
    • Phone
    • Profiles

    Managing Users in ALMS

    Properly managing users and user accounts within ALMS is a critical element to managing the overall security of your ALMS account. Users with Administrative privileges are the only users that have the rights to create user profiles and manage users within the account.

    As user management is such a critical security issue, Sierra Wireless has directed its Customer Support organization to decline requests for day-to-day user management within the ALMS account. We have done this to reduce the risk of social engineering attacks on our Customer Support organization, and to ensure that our customers are fully in control of access to their account.

    We would request that our customers make changes like deleting the existing users, creating user profiles, adding Administrators and other changes that involve user management.

    It is inevitable that there will be situations where our Customer Support team will need to intervene to make user-related changes in the account. This might be a situation where a solo Administrator in the account may have left the organization and a new Administrator needs to be appointed. In these situations, our Customer Support team will assist, but will look for additional verification prior to making changes within a customer account.

    Documentation Resources:

    Recommendation: Sierra Wireless recommends that all customers maintain at least two users with Administrative privileges in the account at all times. This will allow customers to manage their account and make changes to user privileges and access rights as needed.

    Policy Clarification: Shared User Accounts

    Sierra Wireless recommends that all user accounts in ALMS be assigned to a named user with a unique email address and not to a shared account with shared credentials. While it is often convenient to have shared user accounts, this practice should be discouraged as it poses a security risk to the account.

    When you have shared user accounts you lose all transparency and auditability of the transactions that occur within ALMS. As the account credentials are shared, you can never know who specifically made a change to the devices in the account. To maintain proper audit capability, you should enforce the use of unique accounts tied to real people.


    Profiles

    Profiles define which system entities and features are accessible/available to a given user.

    Pre-defined profiles are available in the account, and administrators can create additional profiles.

    Administrators can create custom profiles that reflect user roles in their organization. Since users can now have multiple profiles, adding or removing a role becomes as simple as adding or removing the corresponding profile.

    Profiles are listed in the Administration > Profiles section and can be reviewed and edited from the Profile Details page.

    From the Profiles section you can:

    • Create a profile (only administrators can create a profile link)
    • View profile details
    • Edit profile

    For additional information see Managing Profiles.


    Partners

    Partners are other companies that are connected to you in some way. When a partner is added to your network, you select a profile to restrict access to all their users when they access to your company. It is possible to define a profile with No rights to a partner.

    The Partners section displays your list of partners. It provides the following features:

    • Edit partner: change the profile you give to the users of your partner in your company

    Renewals (ALMS with Pre-Paid Offers)

    The Renewals section is visible only to customers with pre-paid offers on their ALMS accounts. As Direct Billing offers invoice automatically every month, there are no “renewal” dates for these offers.

    The section shows you a list of renewal operations that occurred in your account.

    Renewal Information displays your upcoming renewals:

    • Your account renewal date
      • Identifies the earliest renewal date for devices in your account. Where there are multiple devices that have varying renewal dates, Sierra Wireless will provide a consolidated renewal that amalgamates your renewal to a single date.
    • Total devices to be renewed at the renewal date
      • This number reflects all active devices in your account. These could have expirations well beyond the 3-month period.
    • Total devices with accounts that will expire within three months
      • Identifies the devices that are closest to expiration.

    Last Renewal Operations displays the most recent renewal activity:

    • Renewal Date
    • Renewal Period
    • Offers for the devices that were renewed
    • State of the operation (Scheduled, In progress, or Finished)
    • The number of systems renewed
      • Click View details to see operation details, including a list of the devices that were renewed.

    Security Options

    The security options described hereafter are based on user or device connection restrictions. Those options are configurable per company. These restrictions help protect your data from unauthorized access and phishing attacks. The security section also covers the management of company administrators.

    To access the security section, from My Account click on Administration > Security:

    Two-Factor Authentication

    The Two-Factor Authentication (2FA) option enables two-stage verification to double check the identity of a user trying to login to ALMS. It combines the standard login based on a user name and password (“something the user knows”) with an additional factor “something the user has”.

    When this option is activated, after entering credentials on the login page, the user will have to provide the 6-character code (a one-time password) the user will receive in a SMS on their phone. The SMS is sent by ALMS to the phone number configured in the user’s detail form. This 2FA will be required at every log in for every user of the company.

    For the 2FA feature to operate correctly, all users in the company MUST have a phone number in their user profile. In additon, once 2FA is activated in the company, all new users will require a phone number.

    Two-Factor Authentication is a feature licensed as part of AirLink Complete or AirLink Premium services packages. To access this feature, all devices in the account must have AirLink Complete or AirLink Premium and cannot be on AirLink Basic. If you have devices on AirLink Basic in the account, you will be asked to upgrade them prior to the feature being enabled.

    To enable Two-Factor Authentication in your company, please contact your reseller or our support team.

    User IP Filtering

    The User IP Filtering option enables you to restrict users login based on the IP addresses they are logging from. You can therefore use this option and configure it with your organization trusted IP Range.

    As input, you can provide:

    • A range of IP
    • And/Or a list of IP

    Once option is activated, a user trying to log from an IP address not in the authorized list will be denied access to AirVantage.

    Device IP Filtering

    The Device IP Filtering option enables you to filter devices access based on the IP addresses they communicate from. You can therefore use this option and configure it with your organization trusted IP Range.

    As input, you can provide:

    • A range of IP
    • And/Or a list of IP

    If your devices are communicating through a VPN to AirVantage, you should use the range “10.191.0.0” to “10.191.255.255” for NA and “10.193.0.0” to “10.193.255.255” for EU to ensure every device communication comes from within the VPN.

    If you are not using a VPN to AirVantage, you can still use this option. As the IP address allocated to devices depend on your operator, to help you with the configuration of the option, you can find the external IP address detected by AirVantage for each system in the timeline of this specific System.

    Once option is activated, a device trying to communicate from an IP address not in the authorized list will be denied access to AirVantage.

    Single sign on (SSO)

    Single sign-on (SSO) refers to the ability for AirVantage users to log in with their enterprise credentials to get access to AirVantage seamlessly as they do for most applications they are using in their day to day work. SSO solves key problems for the business by providing:

    • Greater security and compliance as users only have to remember their company credentials
    • Improved usability and employee satisfaction with seamless login
    • Reduced IT costs related to users provisionning and deprovisioning upon departure

    Single Sign On is a feature licensed as part of AirLink Complete or AirLink Premium services packages. To access this feature, all devices in the account must have AirLink Complete or AirLink Premium and cannot be on AirLink Basic. If you have devices on AirLink Basic in the account, you will be asked to upgrade them prior to the feature being enabled.

    The SSO option requires your identity provider to support OpenID Connect (OIDC) as authentication protocol. To enable single sign on in your account, please contact your reseller or your Sierra sales representative.

    Once single sign on option is enabled in your account, you can refer to the How to configure SSO for my account?

    Company administrators

    Company administrators are the only ones who can edit the security configuration, create new users or profiles.

    An administrator can promote any user from the company, and also add users from partner companies to the role of company administrator: choose the partner click in the Administrators field to select users from the partner.

    Other Native security features in AirVantage

    Account timeouts on incorrect user authentication

    AirVantage requires the user to authenticate with the system to provide access. As part of the standard security options AirVantage prevents users from making multiple erroneous login attempts. The system requires a user to wait a random amount of time between two login attempts. This prevents automated systems from attempting to brute force user passwords.


    External Accounts

    The External Accounts section is where you can configure connectors to operator and SMS accounts.

    Operator Accounts

    Operator accounts are used for 3rd party subscription management. It holds the company configuration and credentials to access the 3rd party subscription management platform. Depending on the integration implemented with the given operator, you’ll be able to do the following actions on the declared 3rd party subscription: synchronize status from the operator network, suspend or resume the subscription, activate or terminate a subscription. An operator account can be associated with SMS accounts that can be used when AirVantage send an SMS to a subscription of this account.

    When using Sierra SIMs, the operator accounts are automatically added and configured in this section.

    More information on Subscription Management

    SMS Accounts

    Both sections provide the following features to :

    • Create: configure a connector to access an operator or SMS gateway account
    • View account details
    • Edit account

    More information on howto configure an SMS account


    How-Tos

    This section provides you with helpful procedures for common tasks.

    TOP