Elisity Cloud Control Center Configuration Guide

When Elisity provisions Cloud Control Center for a new customer all the infrastructure, security, and high availability are already set up. However, there are some customer-specific configurations that should be made to ensure all Elisity features, and functionalities are fully operational.

 

This setup guide does not cover advanced settings - ONLY initial setup configurations. Learn about settings not covered in this article by reading the relevant knowledge base articles.

NOTE:

Elisity selects the latest stable version of Cloud Control Center for new deployments. If a different version of Cloud Control Center is required, please contact Elisity support.

TIP: 

For the best user experience, Elisity recommends using Google Chrome as your web browser when accessing Cloud Control Center.

1. Cloud Control Center Access and User Management

Login with the user credentials provided to you by your Elisity representative and Cloud Control Center will force a password change.

 

After logging in, navigate to the Administration section of Cloud Control Center and select User Management. Here you can add new Cloud Control Center users to the local login database.

 

 

Select Add Local User to create a new user. A user can by assigned to any of the two default roles: Tenant Admin and Tenant User. The Tenant Admin role has read and write privileges while the Tenant User role has read-only privileges. Alternatively, a user can be assigned to a custom role with select privileges. Refer to the Role Based Access Control document for more details.  

 

Configuring User Session Timeout and Lockout Policies

Elisity Cloud Control Center (CCC) provides administrators with the ability to configure user session policies to enhance security and manage user access effectively. The session policies include settings for failed login attempts, account lockout periods, and idle session timeouts.

Accessing Session Policy Configurations

To configure session policies:

  1. Navigate to the Settings tab in the left-hand sidebar.
  2. Go to the Admin dropdown menu.
  3. Select Session Policies.

Screenshot 2024-05-24 144646.png

Configurable Options

  1. Max Number of Failed Login Attempts:
    • This setting specifies the maximum number of failed login attempts allowed before the account is locked.
    • Example: Setting this value to 5 means an account will be locked after five consecutive failed login attempts.
  2. Admin Account Lockout Period:
    • This defines the duration for which an admin account remains locked after reaching the maximum number of failed login attempts.
    • Example: Setting this value to 60 minutes locks the admin account for one hour.
  3. Idle Session Timeout:
    • This setting determines the amount of inactive time after which a user session will be automatically logged out.
    • Example: Setting this value to 15 minutes logs out the user if there is no activity for 15 minutes.

Screenshot 2024-05-24 160911.png

Saving Changes

After configuring the desired session policies, click the Submit button to save the changes. If you need to revert any changes, you can click the Reset button.

By configuring these session policies, administrators can enhance the security of the Cloud Control Center, ensuring that user sessions are managed effectively and reducing the risk of unauthorized access.

 

Managing Cloud Control Center Users

After users are created in Cloud Control Center, you can manage them through the same dashboard in several ways by clicking the options button to the far right of any user. SSO users also show up here, however SSO users cannot be modified from Cloud Control Center as they are a component of the integrated SSO provider. 


Edit User: Change the user role (Tenant Admin, Tenant User or custom role) or change the User's name and description.

Delete User: Completely remove a user and delete them from the system.

Reset Password: You can now reset the password for any Cloud Control Center User as a Tenant Admin. This will send an email to the associated email address with instructions on how to reset the password.

Unlock Account: This allows you to unlock user accounts that have been locked due to too many unsuccessful login attempts, rather than waiting for the lockout timer to expire (according to your Account Lockout configuration.) You can also see the "Locked" status of users next to their email address to quickly identify which user accounts are locked.

 

2. Single Sign On (SSO)

Elisity offers SSO support for the common IDPs, enabling Role-based Access Control to Cloud Control Center using user group mappings from your SSO provider. 

Click here for our Ping SSO Setup Guide.

Click here for our Microsoft Entra ID (Azure AD) SSO Setup Guide.

Click here for our Okta SSO Setup Guide.

 

3. Cloud Control Center Account Lockout

First review the Cloud Control Center security settings located at Settings > ADMIN > Account Lockout Policy. Here you can modify the lockout policy for failed local user login. 

 

 

4. Support Alerting Configuration

This setting will configure Cloud Control Center to send email alerts for major events such as an Elisity Edge policy enforcement node losing connection to Cloud Control Center. Multiple individuals can be configured to receive these alerts.

 

Here is an example of an alert sent via Cloud Control Center after this feature was configured.

 

5. Logo Configuration

The last configuration option on the Cloud Control Center administration page is the Cloud Control Center logo. This logo appears on the top left of the Cloud Control Center user interface and allows a user to customize the Cloud Control Center UI with an organization-specific logo. You can configure different icons for light mode and dark mode.

 

6. Integrations

Integrations are managed from the Cloud Control Center Settings Dashboard. This allows you to connect via API to various third party identity solutions, giving you the ability to enrich data within Cloud Control Center using external identity sources.

 

Here is a summary of some of the connectors and integrations that we support.

 

Microsoft Active Directory Integration

To integrate Cloud Control Center with Microsoft Active Directory, please follow the instructions here.

Claroty Integration

To integrate Cloud Control Center with Claroty, please follow the instructions here.

Medigate Integration

To integrate Cloud Control Center with Medigate, please follow the instructions here.

ServiceNow CMDB Integration

To integrate Cloud Control Center with ServiceNow CMDB, please follow the instructions here.

 

7. Suppression List

Cloud Control Center provides the ability to dynamically and manually suppress attach & identity events being generated by unstable devices in the network.

 

Manual Suppression

To suppress the events navigate to Settings > System > Suppression List. Here you can select + Add New Device to add either the IP address or the MAC address of the device you wish to suppress. Once added, all events generated by device will be ignored by Cloud Control Center and the device will show as "offline" on the device list page.

Elisity recommends that you use MAC based static suppression as it has a more consistent behavior over IP based static suppression. 

Dynamic Suppression

The Elisity Identity Engine continuously monitors attachment and identity events from devices on the network. It is equipped to dynamically mitigate the impact of unstable devices that fluctuate, potentially triggering a flood of events. This functionality safeguards the Cloud Control Center by preventing excessive, unnecessary computations.

Every 30 minutes, the system calculates statistics for all connected devices by counting the number of events for each device over the last 30 minutes and sorts them in descending order.

The following variables are used:

1. Maximum number of events allowed in a specific time = 200 Events.
2. The time period for counting events = 30 Minutes
3. The duration before a device is automatically removed from the suppression list = 30 Minutes

You can review which devices have been dynamically suppressed by navigating to the Suppression List. 

 

Finally, every 30 minutes, the system reviews all devices on the suppression list and removes any whose expiry time has passed before adding new devices based on the current statistics.

 

In addition to the IP being in the Suppress List, a suppressed device will show up with a "Suppressed" label next to the Device Information page. 

 

8. Welcome Message

The new Welcome Message feature in the Elisity Cloud Control Center (CCC) is designed to enhance security awareness among users by displaying customizable security banners upon login. This feature allows administrators to convey critical security information, reminders, and compliance notices directly to all CCC users, ensuring they stay informed and vigilant.

Accessing the Welcome Message Feature

To access this feature, navigate to the Settings tab located on the left sidebar of the CCC dashboard. From there, select the System option under the Admin dropdown. You will find the Welcome Message section, where you can create and manage your security alerts.

Screenshot 2024-05-23 012913.png

 

Creating a Welcome Message

Here's a summary of the fields and features when creating a welcome message.

Title: This field allows you to set the title of your security message. For example, "Security Awareness Alert" can be used as a standard title to draw attention to important security information.

Content: In this section, you can type the specific message you want to display to all CCC users upon login. The text box allows up to 500 characters, enabling you to provide detailed instructions or information.

Preview: Before saving your message, you can click on the PREVIEW button to see how it will appear to users. This ensures that the message is clear and formatted correctly.

Screenshot 2024-05-23 012928.png

 

Save, Delete, and Reset Options:

  • Save: Once you are satisfied with your message, click the SAVE button to apply the changes. The message will then be displayed to users on their next login.
  • Delete Welcome Message: If you need to remove the message, you can click the DELETE WELCOME MESSAGE button once a message has been saved.

Screenshot 2024-05-23 012955.png

  • Reset: If you wish to discard any changes made before saving, click the RESET button to revert to the previous version.

These welcome messages can be used by administrators to maintain a high level of security awareness and ensure that users are consistently reminded of best practices and policies, contributing to a safer digital environment for everyone.

Was this article helpful?
1 out of 1 found this helpful