A user management is also available for the portal of the icom Connectivity Suite. The Users tab displays all users assigned to this account. Further users with different rights can be added.
Note regarding the user interface!
The entire user management is currently only possible on the classic user interface. See this note.
Adding an user
When adding a user, different user roles with different rights are available:
Account-Admin: Has all rights including user management. An account administrator can be specified as contact partner. He will then receive system messages via e-mail. Already existing users will be classified as account administrators. The user on which the account has been registered will be taken over as contact person.
Read-Only: Can view all list views in the menus and download VPN log files, but cannot make settings or download certificates or configurations.
Users can be added in the classic user interface by clicking on the Add new user button on the Users tab.
The Role allows to specify which rights the new user will have.
The Form of address specifies whether the user is addressed as Mr. or Mrs. in automatically generated e-mails.
Name and First name are also used for addressing in the correspondence.
E-mail is used to specify the e-mail address used for the correspondence with the user.
The User name and the Password are used by the user to login to the icom Connectivity Suite. It is recommended that a new user changes the password to a new secret password upon first login.
Managing the users
The Users tab shows a list of all added users. The users can be managed here.
The Add new user button allows to add another user.
The Download user list button allows to download a list of the added users.
The Manage button allows to edit the data of this user. The two-factor authentication can also be enforced for this user here.
The Delete button allows to delete this user.
The Contact Partner column allows to specify the contact partner for this account. Users who have read-only rights cannot be specified as contact partner. Users that are specified as contact partner cannot be deleted.
The Role column indicates the user role assigned to this user.
The Form of address column indicates the form of address specified for this user.
The Last name column indicates the last name specified for this user.
The First name column indicates the first name specified for this user.
The Contact E-mail column indicates the e-mail address specified for this user. The whole correspondence with this user will take place using this address.
The User name column indicates the user name specified for this user.
The Created by column indicates which user has added this user.
The Created at column indicates when this user has been added.
The Last password change column indicates the date when the password of this user has been changed for the last time.
The Require 2FA column indicates, whether two-factor authentication is enforced for this user to login to the portal.
Downloading the User List
The Users tab displays a list of all added users. This list can be downloaded as CSV file. The CSV file contains the columns analogue to the user list, separated by = (equal sign).
A click on Download user list downloads the user list.
Two-factor authentication for a user to login to the portal
The two-factor authentication (2FA) adds another security level to the login via user name and password by requiring the additional input of a one-time password to login to the portal of the icom Connectivity Suite. The password will be generated by an app on a separate device (e.g. smartphone) via the TOTP (Time-based One-time Password) algorithm. The user account of the icom Connectivity Suite must be registered one-time in the app for this. TOTP is an open standard and a variety of apps are available for various platforms such as the Open Source software FreeOTP. Since the one-time passwords are generated time-based and only valid for a limited time, it is necessary that the time on the separate device is accurate and synchronised regularly.
There are two options for setting up 2FA for a user:
By the user himself on the My VPN Hub tab.
By an user with administrator privileges on the Users tab. This will override the the setup by the user himself.
Setting up 2FA by the user
A user that is logged in to the icom Connectivity Suite can setup two-factor authentication for himself as follows.
Click on the My VPN Hub tab on the Setup two-factor authentication for this user button.
Scan the displayed QR code using the TOTP app.
Generate the one-time password in the app and enter it into the icom Connectivity Suite.
Click on Setup one-time password.
You have set up the two-factor authentication for this user and will be requested for a one-time password with each further login.
Proceed as follows to disable the two-factor authentication for the user logged in.
Please note!
You cannot disable 2FA it is required by an administrator in the user settings (see next paragraph)
Click on the My VPN Hub tab on the Disable two-factor authentication for this user button.
You have disabled the two-factor authentication for this user again and will not be requested for a one-time password during next login.
Proceed as follows to renew the two-factor authentication for the user logged in. This may be necessary for example if you want to use two-factor authentication for another mobile phone than the one for which two-factor authentication has been set up originally.
Click on the My VPN Hub tab on the Renew two-factor authentication for this user button.
Generate the one-time password in the app and enter it into the icom Connectivity Suite.
Click on Setup one-time password.
You have renewed the two-factor authentication for this user with this.
Please note!
If a two-factor authentication has been renewed for a user, it is not possible any more to generate a code with the app set up originally.
Requiring 2FA for an user
A user with administrator privileges can enforce two-factor authentication for each user that is set up.
The two-factor authentication will be enforced by clicking on the Manage button behind the respective user and checking Require two-factor authentication.
If this user logs in for the next time, a QR code will be displayed that must be scanned by the user using the TOTP app to set this up for two-factor authentication.