When Elisity provisions Cloud Control Center for a new customer all the infrastructure, security, and high availability are already set up. However, there are some customer-specific configurations that should be made to ensure all Elisity features, and functionalities are fully operational.
This setup guide does not cover advanced settings - ONLY initial setup configurations. Learn about settings not covered in this article by reading the relevant knowledge base articles.
NOTE:
Elisity selects the latest stable version of Cloud Control Center for new deployments. If a different version of Cloud Control Center is required, please contact Elisity support.
TIP:
For the best user experience, Elisity recommends using Google Chrome as your web browser when accessing Cloud Control Center.
1. Cloud Control Center Access and User Management
Login with the user credentials provided to you by your Elisity representative and Cloud Control Center will force a password change.
After logging in, navigate to the Administration section of Cloud Control Center and select User Management. Here you can add new Cloud Control Center users to the local login database.
Select Add Local User to create a new user. A user can by assigned to any of the two default roles: Tenant Admin and Tenant User. The Tenant Admin role has read and write privileges while the Tenant User role has read-only privileges. Alternatively, a user can be assigned to a custom role with select privileges. Refer to the Role Based Access Control document for more details.
User Profile Settings
Clicking on the profile icon in the top right of Cloud Control Center shows the identity and role information about the current user, including a dark mode toggle and profile settings.
Profile Settings is where local users can Change Password and other attributes not derived from Single Sign On such as name, email address, description. For SSO Users, password cannot be reset from Cloud Control Center.
Users can upload a profile photo by clicking the icon and uploading a picture.
Changing your password while logged in requires entering your existing password. If you do not have your existing password, another Administrator in Cloud Control Center can send you a password reset email, where you can securely reset your password without your existing password.
There are also personalization options for Layout and Appearance in Cloud Control Center, such as Table Row Density and Table Text Size.
Below is an example of the Table Text Size customization, which slightly increases the size of text in tables throughout Cloud Control Center.
Configuring User Session Timeout and Lockout Policies
Elisity Cloud Control Center (CCC) provides administrators with the ability to configure user session policies to enhance security and manage user access effectively. The session policies include settings for failed login attempts, account lockout periods, and idle session timeouts.
Accessing Session Policy Configurations
To configure session policies:
- Navigate to the Settings tab in the left-hand sidebar.
- Go to the Admin dropdown menu.
- Select Session Policies.
Configurable Options
-
Max Number of Failed Login Attempts:
- This setting specifies the maximum number of failed login attempts allowed before the account is locked.
- Example: Setting this value to 5 means an account will be locked after five consecutive failed login attempts.
-
Admin Account Lockout Period:
- This defines the duration for which an admin account remains locked after reaching the maximum number of failed login attempts.
- Example: Setting this value to 60 minutes locks the admin account for one hour.
-
Idle Session Timeout:
- This setting determines the amount of inactive time after which a user session will be automatically logged out.
- Example: Setting this value to 15 minutes logs out the user if there is no activity for 15 minutes.
Saving Changes
After configuring the desired session policies, click the Submit button to save the changes. If you need to revert any changes, you can click the Reset button.
By configuring these session policies, administrators can enhance the security of the Cloud Control Center, ensuring that user sessions are managed effectively and reducing the risk of unauthorized access.
Managing Cloud Control Center Users
After users are created in Cloud Control Center, you can manage them through the same dashboard in several ways by clicking the options button to the far right of any user. SSO users also show up here, however SSO users cannot be modified from Cloud Control Center as they are a component of the integrated SSO provider.
Edit User: Change the user role (Tenant Admin, Tenant User or custom role) or change the User's name and description.
Delete User: Completely remove a user and delete them from the system.
Reset Password: You can now reset the password for any Cloud Control Center User as a Tenant Admin. This will send an email to the associated email address with instructions on how to reset the password.
Unlock Account: This allows you to unlock user accounts that have been locked due to too many unsuccessful login attempts, rather than waiting for the lockout timer to expire (according to your Account Lockout configuration.) You can also see the "Locked" status of users next to their email address to quickly identify which user accounts are locked.
2. Single Sign On (SSO)
Elisity offers SSO support for the common IDPs, enabling Role-based Access Control to Cloud Control Center using user group mappings from your SSO provider.
Click here for our Ping SSO Setup Guide.
Click here for our Microsoft Entra ID (Azure AD) SSO Setup Guide.
Click here for our Okta SSO Setup Guide.
3. Cloud Control Center Account Lockout
First review the Cloud Control Center security settings located at Settings > ADMIN > Account Lockout Policy. Here you can modify the lockout policy for failed local user login.
4. Support Alerting Configuration
This setting will configure Cloud Control Center to send email alerts for major events such as an Elisity Edge policy enforcement node losing connection to Cloud Control Center. Multiple individuals can be configured to receive these alerts.
Here is an example of an alert sent via Cloud Control Center after this feature was configured.
5. Logo Configuration
The last configuration option on the Cloud Control Center administration page is the Cloud Control Center logo. This logo appears on the top left of the Cloud Control Center user interface and allows a user to customize the Cloud Control Center UI with an organization-specific logo. You can configure different icons for light mode and dark mode.
Uploading a Light Mode logo will automatically add the same logo to Dark Mode. You can easilt delete and replace either logo by hovering over the logo and clicking the delete icon, replacing it with a new JPEG, PNG, GIF, or SVG file.
6. Integrations
Integrations are managed from the Cloud Control Center Settings Dashboard. This allows you to connect via API to various third party identity solutions, giving you the ability to enrich data within Cloud Control Center using external identity sources.
Here is a summary of some of the connectors and integrations that we support.
Microsoft Active Directory Integration
To integrate Cloud Control Center with Microsoft Active Directory, please follow the instructions here.
Claroty Integration
To integrate Cloud Control Center with Claroty, please follow the instructions here.
To integrate Cloud Control Center with Medigate, please follow the instructions here.
ServiceNow CMDB Integration
To integrate Cloud Control Center with ServiceNow CMDB, please follow the instructions here.
7. Suppression List
Cloud Control Center provides the ability to dynamically and manually suppress attach & identity events being generated by unstable devices in the network.
Manual Suppression
To suppress events from a specific IP or MAC Address, navigate to Settings > System > Suppression List. Here you can select + Add New Device to add either the IP address or the MAC address of the device you wish to suppress along with an optional description.
Once added, all events generated by device will be ignored by Cloud Control Center and the device will show as offline on the device list page.
Elisity recommends that you use MAC based static suppression as it has a more consistent behavior over IP based static suppression.
Dynamic Suppression
The Elisity Identity Engine continuously monitors attachment and identity events from devices on the network. It is equipped to dynamically mitigate the impact of unstable devices that fluctuate, potentially triggering a flood of events. This functionality safeguards the Cloud Control Center by preventing excessive, unnecessary computations.
Every 30 minutes, the system calculates statistics for all connected devices by counting the number of events for each device over the last 30 minutes and sorts them in descending order.
The following variables are used:
1. Maximum number of events allowed in a specific time = 200 Events.
2. The time period for counting events = 30 Minutes
3. The duration before a device is automatically removed from the suppression list = 30 Minutes
You can review which devices have been dynamically suppressed by navigating to the Suppression List.
Finally, every 30 minutes, the system reviews all devices on the suppression list and removes any whose expiry time has passed before adding new devices based on the current statistics.
In addition to the IP being in the Suppress List, a suppressed device will show up with a "Suppressed" label next to the Device Information page.
8. Welcome Message
The new Welcome Message feature in the Elisity Cloud Control Center (CCC) is designed to enhance security awareness among users by displaying customizable security banners upon login. This feature allows administrators to convey critical security information, reminders, and compliance notices directly to all CCC users, ensuring they stay informed and vigilant.
Accessing the Welcome Message Feature
To access this feature, navigate to the Settings tab located on the left sidebar of the CCC dashboard. From there, select the System option under the Admin dropdown. You will find the Welcome Message section, where you can create and manage your security alerts.
Creating a Welcome Message
Here's a summary of the fields and features when creating a welcome message.
Title: This field allows you to set the title of your security message. For example, "Security Awareness Alert" can be used as a standard title to draw attention to important security information.
Content: In this section, you can type the specific message you want to display to all CCC users upon login. The text box allows up to 500 characters, enabling you to provide detailed instructions or information.
Preview: Before saving your message, you can click on the PREVIEW button to see how it will appear to users. This ensures that the message is clear and formatted correctly.
Save, Delete, and Reset Options:
- Save: Once you are satisfied with your message, click the SAVE button to apply the changes. The message will then be displayed to users on their next login.
- Delete Welcome Message: If you need to remove the message, you can click the DELETE WELCOME MESSAGE button once a message has been saved.
- Reset: If you wish to discard any changes made before saving, click the RESET button to revert to the previous version.
These welcome messages can be used by administrators to maintain a high level of security awareness and ensure that users are consistently reminded of best practices and policies, contributing to a safer digital environment for everyone.
9. Notifications Pane
Clicking on the bell icon in the top right corner of Cloud Control Center reveals the notifications pane.
The Notifications Pane in the Elisity dashboard provides critical insights into two key areas: Activity and Alerts. It is designed to keep administrators informed about onboarding processes and the health of Elisity infrastructure components.
Notifications - Activity Section
The Activity section tracks and displays the status of ongoing operations, such as the Virtual Edge Node Onboarding processes. The details in this pane include:
- Complete: Shows operations that have finished successfully (e.g., successful onboarding of a Virtual Edge Node).
- In Progress: Displays activities currently in the process of being completed, with real time status updates for each step of the onboarding process.
- Error: Provides details of any failed operations, such as unsuccessfully deploying Virtual Edges or Virtual Edge Nodes.
For each activity, information such as the type of activity (e.g., Virtual Edge Node Onboarding), device name (identified by IP address), time of occurrence, and the current status (e.g., Complete) are shown. Clicking the drop down for each item in the list gives more details.
Notifications - Alerts Section
The Alerts section focuses on system health and infrastructure-related notifications. Alerts indicate the real-time operational state of the Elisity network, such as whether VEs/VENs are Online, Offline, or Degraded.
- Online: Indicates Virtual Edge Nodes that are functioning correctly.
- Offline: Indicates any nodes that are no longer operational (e.g., a node named C3650-1 is shown as offline).
These alerts help administrators promptly identify issues in the infrastructure and take immediate action. Alerts can also be filtered based on their state: Online or Offline.
Notifications - Additional Features
- View All Activity and View All Alerts buttons at the bottom of the pane allow users to access more detailed logs or an extended list of notifications.
- Administrators can mark all notifications as read to clear the current notifications.
This pane simplifies tracking infrastructure deployments and alerts administrators about network health, allowing for proactive system management.
10. Help Center
The Help Center in Cloud Control Center is accessed from the top navigation bar by clicking the question mark icon ?. It provides quick access to documentation, feature previews, and navigation tools.
- API Documentation: Direct link to Elisity’s API specification and reference guide. See our
- Knowledge Base: Launches the Elisity Support portal, where all articles and configuration guides are maintained.
- Demo Portal: Provides access to Elisity Beta features and technology previews within CCC. Learn more about the Demo Portal.
- What’s New: Opens the release notes for the currently deployed version.
- About: Displays the currently installed version and build date of Cloud Control Center.
-
Quick Command: Launches the Quick Command interface for keyboard-based navigation. Also accessible via
Ctrl + K.
See the screenshots below for examples of the Help Center menu and options:
- Help Center menu open, highlighting Quick Command
- Top bar with Help icon shown on the Overview screen
Quick Command Navigation
The Quick Command interface provides fast, keyboard-driven navigation across Cloud Control Center. It allows administrators to access recently viewed devices, policies, and pages, or jump directly to core areas of the platform.
Quick Command can be launched in one of two ways:
- Click the Help icon (
?) in the top navigation bar and select Quick Command. - Use the keyboard shortcut Ctrl + K (or Cmd + K on macOS).
Once opened, Quick Command displays:
- Recent Activity: Devices, Policies, and views you have recently accessed.
- Navigation Shortcuts: Direct links to Overview, Devices, Policy, Virtual Edge, Analytics, and other key sections.
You can scroll through the list using arrow keys or start typing to search by name. Press Enter to navigate to the selected item.
Settings Page Shortcuts
In addition to core platform pages, Quick Command includes navigation shortcuts to Settings configuration pages. When typing keywords related to a Settings page, Quick Command displays matching results, enabling direct navigation without manually opening the Settings menu.
The following Settings pages are accessible through Quick Command:
| Settings Page | Description |
|---|---|
| SSO Configuration | Single Sign-On provider setup and identity federation settings |
| Session Policies | User session timeout, lockout, and failed login attempt thresholds |
| Suppression List | IP addresses and ranges excluded from device discovery and tracking |
| Welcome Message | Customizable login page message displayed to users |
| Support Alerts | Alert notification configuration for support and operations teams |
| Upload Logo | Custom branding and logo upload for the Cloud Control Center interface |
| Advanced AD Users | Advanced Active Directory user discovery and attribute mapping |
| AD Advanced Settings | Active Directory integration configuration and advanced options |
| Microsoft Entra ID | Microsoft Entra ID (Azure AD) integration and user synchronization settings |
| Time-Based Settings | Scheduled policy enforcement and time-based access control configuration |
| Insights Settings | Configuration options for the Insights analytics and reporting module |
Quick Command shortcuts are available to all Cloud Control Center users. The Settings pages displayed in search results respect the user's assigned role and permissions. Quick Command is especially useful when jumping between workflows during troubleshooting or validation.
11. System On-Boarding Checklist
The System On-Boarding Checklist provides a guided framework for new Elisity deployments. The checklist organizes essential setup tasks into categories, helping administrators track their deployment progress and discover recommended platform capabilities. This feature accelerates platform adoption by providing clear next steps for configuring identity sources, establishing security policies, and deploying infrastructure components.
The checklist is role-based and displays only the tasks and configuration elements that align with each user's assigned permissions. Users with limited access will see a subset of tasks relevant to their role, while administrators with broader permissions will see the complete checklist.
| Benefit | Description |
|---|---|
| Structured Guidance | Organizes deployment tasks into logical categories, reducing configuration errors and ensuring critical steps are not overlooked |
| Visual Progress Tracking | Displays completion percentage for each category, providing visibility into deployment status and remaining work |
| Faster Time to Production | Reduces onboarding time by guiding administrators through recommended workflows in the optimal sequence |
| Capability Discovery | Introduces administrators to recommended features and integrations they may not be aware of during initial setup |
Accessing the On-Boarding Checklist
The System On-Boarding Checklist is accessible from the Cloud Control Center notification panel. A notification icon appears in the top-right corner of the Cloud Control Center interface, next to the help, notifications, and user profile icons. Clicking the checklist notification icon opens the on-boarding panel.
The checklist automatically appears for new deployments and displays the current completion percentage. Administrators can dismiss the checklist at any time and re-open it later by clicking the notification icon again.
Understanding Checklist Structure
The on-boarding checklist organizes tasks into four primary categories. Each category represents a key deployment phase and contains multiple sub-tasks that guide administrators through specific configuration steps.
| Category | Description |
|---|---|
| System Setup / Infrastructure Deployment | Initial platform configuration including connector setup, Virtual Edge onboarding, and Virtual Edge Node deployment |
| Device Discovery / Classification | Asset discovery, Policy Group creation, and device verification tasks to establish baseline identity and classification |
| Policy | Security policy configuration including traffic analytics review, policy simulation, and troubleshooting workflows |
| Operations | Operational setup including Role-Based Access Control, logs and audits configuration, and reporting capabilities |
Each category displays a completion percentage and can be expanded to reveal the individual tasks within that category. The overall checklist progress is calculated based on the completion status of all tasks across all categories.
Completing Checklist Tasks
Tasks within each category can be accessed by expanding the category to view the full list of sub-tasks. Clicking on any task navigates to the relevant configuration page or workflow in Cloud Control Center.
Task Status Workflow
Each task progresses through the following states:
Pending: The task has not yet been initiated. Tasks appear in pending state when first displayed in the checklist.
In Review: The task automatically changes to "In Review" status when either of the following occurs:
- An administrator clicks on the task from the checklist, navigating to that configuration section
- An administrator navigates directly to the configuration section in Cloud Control Center (for example, going to Virtual Edges and configuring a Virtual Edge)
Tasks in "In Review" status do not increase the completion percentage for the category or overall checklist. This status indicates that work has been initiated but not yet validated as complete.
Task Complete: Tasks must be manually marked as complete by checking the completion checkbox. Marking a task as complete:
- Increases the completion percentage for that category and the overall checklist
- Provides stakeholder validation that the configuration element meets deployment requirements
- Confirms that the task has been reviewed and approved by the responsible administrator
This manual completion approach ensures that tasks are not automatically marked as done simply by visiting a configuration page, requiring explicit confirmation from administrators or stakeholders that each deployment phase is properly completed.
Task Navigation
Clicking on a task name navigates directly to the relevant configuration page or initiates the recommended workflow. If the task references an Insights-based workflow (such as Policy Group recommendations or Policy suggestions), the system will navigate to the appropriate Insights section when Insights is enabled. For tasks without dedicated workflows, administrators are directed to the relevant configuration section in Cloud Control Center.
Best Practices
Follow Recommended Task Order: Complete tasks in the order presented within each category. The checklist organizes tasks to minimize configuration dependencies and rework. For example, completing system setup tasks before device discovery ensures proper authentication and user permissions are in place.
Use Checklist for Team Coordination: In multi-administrator environments, use the checklist to coordinate deployment efforts across team members. Assign different categories to different team members based on their expertise and responsibilities. Regularly review the checklist completion status during deployment planning meetings.
Do Not Rush Task Completion: The "In Review" status allows administrators to work on tasks without prematurely marking them complete. Take time to validate configurations, test functionality, and gather stakeholder approval before checking tasks as complete. This ensures deployment quality and reduces the likelihood of configuration errors.
Review Completed Checklist Periodically: Even after reaching 100% completion, the checklist remains accessible for reference. Use it to onboard new team members, audit deployment configurations, or verify that recommended platform capabilities have been properly configured.
Document Custom Configurations: If your deployment includes configurations outside the standard checklist tasks, maintain separate documentation to supplement the on-boarding checklist. This ensures complete deployment records for future reference and troubleshooting.