When Elisity provisions Cloud Control Center for a new customer all the infrastructure, security, and high availability are already set up. However, there are some customer-specific configurations that should be made to ensure all Elisity features, and functionalities are fully operational.
This setup guide does not cover advanced settings - ONLY initial setup configurations. Learn about settings not covered in this article by reading the relevant knowledge base articles.
NOTE:
Elisity selects the latest stable version of Cloud Control Center for new deployments. If a different version of Cloud Control Center is required, please contact Elisity support.
TIP:
For the best user experience, Elisity recommends using Google Chrome as your web browser when accessing Cloud Control Center.
1. Cloud Control Center Access and User Management
Login with the user credentials provided to you by your Elisity representative and Cloud Control Center will force a password change.
After logging in, navigate to the Administration section of Cloud Control Center and select User Management. Here you can add new Cloud Control Center users to the local login database.
Select Add Local User to create a new user. A user can by assigned to any of the two default roles: Tenant Admin and Tenant User. The Tenant Admin role has read and write privileges while the Tenant User role has read-only privileges. Alternatively, a user can be assigned to a custom role with select privileges. Refer to the Role Based Access Control document for more details.
User Profile Settings
Clicking on the profile icon in the top right of Cloud Control Center shows the identity and role information about the current user, including a dark mode toggle and profile settings.
Profile Settings is where local users can change their password, or their name and description.
Changing your password while logged in requires entering your existing password. If you do not have your existing password, another Administrator in Cloud Control Center can send you a password reset email, where you can securely reset your password without your existing password.
Configuring User Session Timeout and Lockout Policies
Elisity Cloud Control Center (CCC) provides administrators with the ability to configure user session policies to enhance security and manage user access effectively. The session policies include settings for failed login attempts, account lockout periods, and idle session timeouts.
Accessing Session Policy Configurations
To configure session policies:
- Navigate to the Settings tab in the left-hand sidebar.
- Go to the Admin dropdown menu.
- Select Session Policies.
Configurable Options
-
Max Number of Failed Login Attempts:
- This setting specifies the maximum number of failed login attempts allowed before the account is locked.
- Example: Setting this value to 5 means an account will be locked after five consecutive failed login attempts.
-
Admin Account Lockout Period:
- This defines the duration for which an admin account remains locked after reaching the maximum number of failed login attempts.
- Example: Setting this value to 60 minutes locks the admin account for one hour.
-
Idle Session Timeout:
- This setting determines the amount of inactive time after which a user session will be automatically logged out.
- Example: Setting this value to 15 minutes logs out the user if there is no activity for 15 minutes.
Saving Changes
After configuring the desired session policies, click the Submit button to save the changes. If you need to revert any changes, you can click the Reset button.
By configuring these session policies, administrators can enhance the security of the Cloud Control Center, ensuring that user sessions are managed effectively and reducing the risk of unauthorized access.
Managing Cloud Control Center Users
After users are created in Cloud Control Center, you can manage them through the same dashboard in several ways by clicking the options button to the far right of any user. SSO users also show up here, however SSO users cannot be modified from Cloud Control Center as they are a component of the integrated SSO provider.
Edit User: Change the user role (Tenant Admin, Tenant User or custom role) or change the User's name and description.
Delete User: Completely remove a user and delete them from the system.
Reset Password: You can now reset the password for any Cloud Control Center User as a Tenant Admin. This will send an email to the associated email address with instructions on how to reset the password.
Unlock Account: This allows you to unlock user accounts that have been locked due to too many unsuccessful login attempts, rather than waiting for the lockout timer to expire (according to your Account Lockout configuration.) You can also see the "Locked" status of users next to their email address to quickly identify which user accounts are locked.
2. Single Sign On (SSO)
Elisity offers SSO support for the common IDPs, enabling Role-based Access Control to Cloud Control Center using user group mappings from your SSO provider.
Click here for our Ping SSO Setup Guide.
Click here for our Microsoft Entra ID (Azure AD) SSO Setup Guide.
Click here for our Okta SSO Setup Guide.
3. Cloud Control Center Account Lockout
First review the Cloud Control Center security settings located at Settings > ADMIN > Account Lockout Policy. Here you can modify the lockout policy for failed local user login.
4. Support Alerting Configuration
This setting will configure Cloud Control Center to send email alerts for major events such as an Elisity Edge policy enforcement node losing connection to Cloud Control Center. Multiple individuals can be configured to receive these alerts.
Here is an example of an alert sent via Cloud Control Center after this feature was configured.
5. Logo Configuration
The last configuration option on the Cloud Control Center administration page is the Cloud Control Center logo. This logo appears on the top left of the Cloud Control Center user interface and allows a user to customize the Cloud Control Center UI with an organization-specific logo. You can configure different icons for light mode and dark mode.
6. Integrations
Integrations are managed from the Cloud Control Center Settings Dashboard. This allows you to connect via API to various third party identity solutions, giving you the ability to enrich data within Cloud Control Center using external identity sources.
Here is a summary of some of the connectors and integrations that we support.
Microsoft Active Directory Integration
To integrate Cloud Control Center with Microsoft Active Directory, please follow the instructions here.
Claroty Integration
To integrate Cloud Control Center with Claroty, please follow the instructions here.
To integrate Cloud Control Center with Medigate, please follow the instructions here.
ServiceNow CMDB Integration
To integrate Cloud Control Center with ServiceNow CMDB, please follow the instructions here.
7. Suppression List
Cloud Control Center provides the ability to dynamically and manually suppress attach & identity events being generated by unstable devices in the network.
Manual Suppression
To suppress the events navigate to Settings > System > Suppression List. Here you can select + Add New Device to add either the IP address or the MAC address of the device you wish to suppress. Once added, all events generated by device will be ignored by Cloud Control Center and the device will show as "offline" on the device list page.
Elisity recommends that you use MAC based static suppression as it has a more consistent behavior over IP based static suppression.
Dynamic Suppression
The Elisity Identity Engine continuously monitors attachment and identity events from devices on the network. It is equipped to dynamically mitigate the impact of unstable devices that fluctuate, potentially triggering a flood of events. This functionality safeguards the Cloud Control Center by preventing excessive, unnecessary computations.
Every 30 minutes, the system calculates statistics for all connected devices by counting the number of events for each device over the last 30 minutes and sorts them in descending order.
The following variables are used:
1. Maximum number of events allowed in a specific time = 200 Events.
2. The time period for counting events = 30 Minutes
3. The duration before a device is automatically removed from the suppression list = 30 Minutes
You can review which devices have been dynamically suppressed by navigating to the Suppression List.
Finally, every 30 minutes, the system reviews all devices on the suppression list and removes any whose expiry time has passed before adding new devices based on the current statistics.
In addition to the IP being in the Suppress List, a suppressed device will show up with a "Suppressed" label next to the Device Information page.
8. Welcome Message
The new Welcome Message feature in the Elisity Cloud Control Center (CCC) is designed to enhance security awareness among users by displaying customizable security banners upon login. This feature allows administrators to convey critical security information, reminders, and compliance notices directly to all CCC users, ensuring they stay informed and vigilant.
Accessing the Welcome Message Feature
To access this feature, navigate to the Settings tab located on the left sidebar of the CCC dashboard. From there, select the System option under the Admin dropdown. You will find the Welcome Message section, where you can create and manage your security alerts.
Creating a Welcome Message
Here's a summary of the fields and features when creating a welcome message.
Title: This field allows you to set the title of your security message. For example, "Security Awareness Alert" can be used as a standard title to draw attention to important security information.
Content: In this section, you can type the specific message you want to display to all CCC users upon login. The text box allows up to 500 characters, enabling you to provide detailed instructions or information.
Preview: Before saving your message, you can click on the PREVIEW button to see how it will appear to users. This ensures that the message is clear and formatted correctly.
Save, Delete, and Reset Options:
- Save: Once you are satisfied with your message, click the SAVE button to apply the changes. The message will then be displayed to users on their next login.
- Delete Welcome Message: If you need to remove the message, you can click the DELETE WELCOME MESSAGE button once a message has been saved.
- Reset: If you wish to discard any changes made before saving, click the RESET button to revert to the previous version.
These welcome messages can be used by administrators to maintain a high level of security awareness and ensure that users are consistently reminded of best practices and policies, contributing to a safer digital environment for everyone.
Notifications Pane
Clicking on the bell icon in the top right corner of Cloud Control Center reveals the notifications pane.
The Notifications Pane in the Elisity dashboard provides critical insights into two key areas: Activity and Alerts. It is designed to keep administrators informed about onboarding processes and the health of Elisity infrastructure components.
Activity Section
The Activity section tracks and displays the status of ongoing operations, such as the Virtual Edge Node Onboarding processes. The details in this pane include:
- Complete: Shows operations that have finished successfully (e.g., successful onboarding of a Virtual Edge Node).
- In Progress: Displays activities currently in the process of being completed, with real time status updates for each step of the onboarding process.
- Error: Provides details of any failed operations, such as unsuccessfully deploying Virtual Edges or Virtual Edge Nodes.
For each activity, information such as the type of activity (e.g., Virtual Edge Node Onboarding), device name (identified by IP address), time of occurrence, and the current status (e.g., Complete) are shown. Clicking the drop down for each item in the list gives more details.
Alerts Section
The Alerts section focuses on system health and infrastructure-related notifications. Alerts indicate the real-time operational state of the Elisity network, such as whether VEs/VENs are Online, Offline, or Degraded.
- Online: Indicates Virtual Edge Nodes that are functioning correctly.
- Offline: Indicates any nodes that are no longer operational (e.g., a node named C3650-1 is shown as offline).
These alerts help administrators promptly identify issues in the infrastructure and take immediate action. Alerts can also be filtered based on their state: Online or Offline.
Additional Features
- View All Activity and View All Alerts buttons at the bottom of the pane allow users to access more detailed logs or an extended list of notifications.
- Administrators can mark all notifications as read to clear the current notifications.
This pane simplifies tracking infrastructure deployments and alerts administrators about network health, allowing for proactive system management.