Settings

Authentication

The Managed Service Provider (MSP) Portal Authentication controls the authentication settings, with these configurations:

  • Multi-Factor Authentication

  • Enabling MFA

  • SAML Authentication

Multi-Factor Authentication

Multi-Factor Authentication (MFA) allows to force login with a two-factor authentication platform, such as Google Authenticator.

Enabling MFA

  1. Log in to the Avanan MSP Administrator Portal:

  2. Go to Settings.

  3. Expand Authentication Settings and click Configure MFA.

  4. Scan the QR code using an authenticator software, such as Google Authenticator.

  5. Enter the generated token.

  6. Click Continue.

SAML Authentication

For information on how to configure SAML authentication, see SAML SSO Integration.

User Management

User management allows MSPs to control their MSP Portal users. It is possible to add, remove and edit users according to needs. Top-Level MSPs can also manage Child MSP users.

All users are portal administrators and gain access to the managed tenants. Each user can be configured to log in with a password or with SAML (if available).

MSP Portal User Roles

MSP portal users can be assigned a role in the MSP Portal to view and control the customer portals they have access to.

There are two MSP Portal roles:

  • MSP Admin - Can access all the customer portals and have full access to the MSP portal settings and reporting.

  • MSP Help Desk - Can access only a set of customer portals and are not allowed to change the MSP portal settings.

Permissions for the different MSP Portal roles:

Feature

 

MSP Admin

MSP Help Desk
Managing MSP Portal User Management Can view and edit Cannot view
Branding Can view and edit Cannot view
Authentication Settings Can view and edit Cannot view
Other Settings Can view and edit Cannot view
Tenant Information Security Settings Can view for all the tenants Can view only for the assigned tenants
Usage Report Can view for all the tenants Cannot view
MSP Portal Notifications (if enabled) Can receive for all the tenants Can receive only for the assigned tenants
 

Tenant Actions

 

 

 Child MSP Actions Can do Cannot do

Create Child MSP

Can do

Cannot do

Delete Tenant

Can do

Cannot do

License Tenant

Can do

Cannot do

Audit

View Audit Logs

Can view

Cannot view

Assigning Customer Tenants to MSP Help Desk Users

To assign the customer tenants to a Help Desk user:

  1. Log in to the Avanan MSP Administrator Portal:

  2. Go to Settings > User Management.

  3. For the user you want to assign customer tenants, click Edit.

  4. Expand MSP Portal Settings.

  5. From the Role list, select MSP Help Desk.

  6. From the Tenant Access options, select one of these:

    • To allow access to all the tenants, select All tenants.

    • To allow access to all the tenants except some tenants, select All tenants except and then select the tenants that need to be excluded.

    • To allow access only to some tenants, select Only specific tenants and then select the tenants you need to include.

  7. Click Save.

Creating and Managing User

  1. Log in to the Avanan MSP Administrator Portal:

  2. Go to Settings.

  3. Expand User Management and click Create User.

    The Create User window appears.

  4. Specify these:

    1. MSP - Associate user with Child MSP (available for Top-Level MSP only).

    2. First Name

    3. Last Name

    4. Email address

  5. Expand User Settings in Customer Portal and from the Role list, select the role associated with the user in the managed tenants:

    1. Admin

    2. User

    3. Operations

    4. Read Only

  6. Select the checkbox:

    1. Allow drill-down into user data - To allow admin to view email content (on tenant portal). Viewing email content is audited.

    2. Send Alerts - To allow admin to resend alerts to users.

    3. Receive Weekly Reports - For admins to receive weekly admin reports from each tenant.

    4. Enable Password Login - For password authentication method.

    5. Enable SAML Login - For SAML authentication method.

  7. Click Save.

  8. To edit a user, from the actions column, click .

    The Edit User window appears.

  9. Make the required changes and click Save.

  10. To delete a user, from the actions column, click .

  11. To reset the password, from the actions column, click .

Notifications

Avanan MSP Administrator Portal allows sending email notifications when there are updates to the tenant license and managed organization updates.

To update notifications:

  1. Log in to the Avanan MSP Administrator Portal:

  2. Go to Settings.

  3. Expand Notifications and click Create User.

    The Create User window appears.

  4. Enable the appropriate toggle button:

    • Send a notification to all admins when a tenant license is created or updated by your organization

    • Send a notification to all admins when a managed organization updates or creates a tenant license

  5. Click Save.

Tenant Management

Managed Service Providers (MSP) onboard customers on a daily basis and need to keep track of the customer acquisition lifecycle. After the POC (trial period) ends, Avanan stops protecting users without a license.

The Tenant Management page allows administrators to configure automatic actions when a POC expires.

To view the Tenant Management page, go to Settings > Tenant Management.

When a POC expires:

  1. Go to the When a POC Expires section.

  2. To send email notifications to administrators when a POC expires, select the Notify Admins toggle button.

  3. To assign a license automatically after the POC expires, do these:

    1. From the License list, select the license.

    2. From the Add-ons list, select the add-ons.

      Note - You can select multiple add-ons.

    3. In the Maximum licensed users field, enter the number of licenses.

  4. Click Save.

When a license is assigned to a tenant:

  1. To send email notifications to administrators when a license is assigned to a tenant, select the Notify admins when the license is assigned by your organization toggle button.

  2. To send email notifications to administrators when a license is assigned to a tenant, select the Notify admins when the license is assigned by a managed organization toggle button.

  3. Click Save.

Customize Branding

As part of customized branding, you can replace the name and logo of Avanan with the name of your MSP. The name of your MSP appears in the restore requests and email notifications to Office 365 and gmail end-users.

The fields for customized MSP branding:

Customizable Field

Description
Provide Display Name MSP name to use instead of Avanan as the display name for emails to end-users.
Provide Information URL MSP website or MSP documentation site URL.
Provider Support Email MSP support email address.
Provider Logo MSP logo.
Restore Request Top Level Domain

Link used to submit restore requests to release emails from quarantine.

For example, if the default link is https://CompanyName.avanan.net/email_restore..., you can customize it to https://CompanyName.ProviderDomain.suffix/emai_restore.... For more information, see Configuring Request Top Level Domain.

 

For each customer tenant, a CNAME with the new custom URL needs to be created pointing at the original customer URL.

Configuring Customized Branding

  1. Log in to the https://portal.avanan.net.

  2. Click Settings.

  3. Expand Customize Branding and enter these:

    1. In the Provider Display Name field, enter the MSP display name.

    2. In the Provider Information URL field, enter the MSP information URL.

    3. In the Provider Support Email field, enter the MSP support email.

    4. From the Provider Logo field, select the MSP logo and click Upload.

    5. In the Restore Request Top Level Domain field, enter the MSP top-level domain name.

  4. Click Save.

Configuring Restore Request Top-Level Domain

Once you save the domain name in the Retore Request Top Level Domain, Avanan requests a certificate from AWS Certificate Manager for the domain to serve.

A validation DNS record is automatically generated in the Domain Certificate Validation Status modal. The modal shows the details of Certificate Validation Status, Record Name, Record Type, and Record Value.

Notes:

  • The MSP has to go to the DNS provider and create a record with the generated Record Name, Record Type, and Record Value from the modal. Once the record is completed, Avanan uses the custom domain in the notifications for end-user emails.

  • The MSP must add a record to their DNS provider for each of their Avanan tenants. The record should be a cname with the Avanan tenant domain name as the first part.

    For example, Avanan tenant abccompany.avanan.net should have a cname record abccompany.restorerequestdomain.com pointing to abccompany.avanan.net where restorerequestdomain.com is the MSPs custom restore request ID.

Examples

  • Customized DLP notification to end-users.

  • Customized link to request release from quarantine by end-users.

  • Customized restore request.