Account and Organization Management

 

Contents

Configuring SAML, OAuth2, or OpenID Login in ETM Dashboard

Single Sign-On (SSO) provided by an Identity Provider (IdP) is an increasingly common, security-focused practice.

Single Sign-On (SSO) is common in Zero-Trust Network Access security policies because It enables the admin to:
  • Centralize control of user login policies & credentials.
  • Consolidate user accounts that require access to multiple cloud-based services.
  • Enforce stringent password policies and multi-factor authentication
  • Simplify user login to reduce password fatigue.
  • Reduce the threat of data breaches by moving authentication off-site.

ETM Dashboard supports login using SAML, OAuth2, or OpenID federated accounts. You must have an existing account with an Identity Provider (or IdP) such as Okta, Duo, or OneLogin to use these options.

Single Sign-on is configured in My Organization > SSO.

Who is affected?

  • The account owner.
  • Anyone who has been invited to manage the account as a user.

Before you Begin

The Organization Name attribute identifies and initiates this specific SAML or OAuth2 login process; you can think of it like a username. It can include letters, numbers, or punctuation. You can use capital letters when configuring the Organization Name, but it is not case-sensitive at the point of login. For example, you could enter "Example Company" as your organization and still log in with "example company".

Your Organization Name must be unique. You will receive an error message if a given name is not available for use.

This Organization Name is specific to this SSO option and does not need to match the name associated with your ETM Dashboard organization.

Configuring SAML Login

Set the Organization Login Type to "SAML".

Provider attributes

The attributes found under the Configuration heading inform ETM Dashboard how to connect to and authenticate against your SAML provider.

The Login URL, Entity Id, and Encryption Certificate fields are required. The Signing Certificate field is only used when you are given a different certificate by the provider.

Testing SAML login

The Test SAML button becomes available once you have saved your settings. This will validate that ETM Dashboard is able to connect to your provider.

Downloading SP Metadata

The Download SP Metadata button becomes available once you have saved your settings. The resulting data is uploaded to your Identity Provider to authorize ETM Dashboard to use their SSO login.

Removing SAML

Click the Delete button to remove this configuration. You can use this option to make changes to the SAML connection or switch to a different provider.

If you want to completely disable this authentication method, set the Organization Login Type to "Disabled" instead.


Configuring OAuth2 / OpenID Login

Set the Organization Login Type to "OAuth2 / OpenID".

Provider attributes

The attributes found under the Configuration heading inform ETM Dashboard how to connect to and authenticate against your Oauth2 or OpenID provider.

All fields are required.

Sign-in redirect URIs

If your OAuth2 provider requires sign-in redirects, they can be found below the configuration fields. Those URIs are also provided here, for your convenience:
  1. https://launchpad.edge.arista.com/account/sso
  2. https://launchpad.edge.arista.com/oauth2/signon/fc05796533944dff9e19b3c76621cda1

Testing OAuth2 or Open ID

The Test OAuth2 button becomes available once you have saved your OAuth2 / OpenID settings. This will validate that ETM Dashboard is able to connect to your provider.

Removing OAuth2 / OpenID

Click the Delete button to remove this configuration. You can use this option to make changes to the OAuth2 / OpenID connection or switch to a different provider.

If you want to completely disable this authentication method, set the Organization Login Type to "Disabled" instead.


Logging into ETM Dashboard using Identity Provider SSO

  1. Go to the ETM Dashboard login page at https://launchpad.edge.arista.com.
  2. Enter your Organization Name.
  3. Click Continue.
  4. You are redirected to your IdP's login page to authenticate.
  5. When your login is complete, you are redirected to your ETM Dashboard account.

ETM Dashboard Organization

Your ETM Dashboard account may be invited to other ETM Dashboard accounts and given permission to manage Edge Threat Management appliances or subscriptions owned by the inviting account. This additional account access is called an Organization.

Enabling or Disabling Automatic Sign-on to Appliances

ETM Dashboard enables you to remotely connect to the administration GUI of your NG Firewall and Micro Edge deployments. This remote connection uses a secure proxy that does not require you to expose any ports on your firewall. By default, this proxy connection authenticates you automatically so you do not need to provide credentials to access the web administration.

Disabling Automatic Sign-On for Remote Access

In some cases, you may prefer to authenticate using credentials of the local firewall user database.

To enforce authentication using the local firewall administration account:
  1. Log in to ETM Dashboard.
  2. Go to My Organization.
  3. Click Settings.
  4. Uncheck Enable Automatic Login For Remote Access. Click Save to apply the change.

Enabling and Disabling Dashboard Widgets in ETM Dashboard

ETM Dashboard gives you a high-level overview of your managed networks and appliances. This information is presented through a variety of small windows called Widgets. Based on your preference, you can modify the default set of Widgets you see on the main Dashboard and Appliances dashboard.

Note: Your Dashboard Widget layout is unique to each organization that you belong to. This means that when switching to another organization, you see the full set of default Widgets. Repeat the steps below for each organization based on your preference.

Managing Dashboard Widgets

To enable or disable Widgets:
  1. Go to My Account.
  2. Click Preferences.
  3. In the Dashboard Widgets section, select the Widgets you want to see on the Dashboard.
  4. Click Save.

Switching Themes in ETM Dashboard

ETM Dashboard supports different themes that you can select based on your preference. A theme defines the color scheme of ETM Dashboard, including buttons, grids, heading, and so on.

Switching Themes

To set a different theme:
  1. Go to My Organization > Settings.
  2. In the Choose Theme settings, select a different theme.
  3. Click Save.


You can also select themes directly in the Account menu:


Two-Factor Authentication in ETM Dashboard

You can enable two-factor authentication to secure your ETM Dashboard account. If enabled, the system requires the user to enter a one-time-use verification code before logging into ETM Dashboard. The code allows you to access your account after you successfully authenticate with your normal username and password.

If enabled, two-factor authentication requires PIN confirmation upon each login. If you frequently connect using the same system and browser, you can opt to "remember me" during PIN verification. This option uses a secure cookie to authenticate your browser after login. The cookie is valid for 30 days.

Enabling Two-Factor Authentication

  1. In ETM Dashboard, click My Account in the menu along the left-hand side of the page.
  2. Click Preferences.
  3. In the Two-Factor Authentication section, check "Enable Two-Factor Authentication".
  4. Select your preferred delivery method under Verification Method. See below for more information on delivery methods.
  5. Click Save to apply the change.

Delivery Method Options

ETM Dashboard provides two options to receive your one-time code.

  • Email will send the code via email to the account's main email address.
  • Time-based One-Time Password (or "TOTP") will send the code to a TOTP application of your choice, such as Google Authenticator.

Pairing a TOTP application with ETM Dashboard

Selecting the Time-based One-Time Password delivery option will reveal the "show QR code" button. Click that button to display the QR code. On your mobile device, open the TOTP authentication app you want to pair with ETM Dashboard and select its "pair" or "scan" feature. Scan the code on your screen to complete pairing.



Once you have paired an app with ETM Dashboard, that app is a necessary part of the login procedure. If you uninstall the app or remove the paired account and fail to disable two-factor authentication in ETM Dashboard, you will lose access to your account. In that instance, please contact Support for assistance.

Logging into ETM Dashboard

During the login process, after entering your email address and password, you will be prompted to enter your verification code. Open the paired TOTP app to retrieve the code.



On the Verification Code pop-up, you will have the option to remember the device you are logging in from. Enable this option to postpone further verification requests for 30 days.

General Data Protection Regulation (GDPR)

We’ve recently made changes to comply with the EU’s General Data Protection Regulation (GDPR). As per the GDPR the following articles will help guide you through the process of deleting your account and all associated data or requesting a copy of all data.

You can view Arista Edge Threat Management's Privacy Policy here:

https://www.arista.com/en/privacy-policy.

 

Request a Copy of your Data

You can use this process to request a copy of all data stored by your ETM Dashboard account. This does not include any data from any NG Firewall or Micro Edge appliances associated with the account, such as settings or Reports data.

Requesting your Data

  1. Login to ETM Dashboard.
  2. Click on My Organization in the menu along the left-hand side.
  3. Select Settings.
  4. At the bottom of the Settings page, click the blue Request Copy button.
  5. You should then receive a message acknowledging the request. A copy of the data will be sent to the account owner's email address.

Delete ETM Dashboard Account

Follow the process outlined in this article to completely remove your ETM Dashboard account and all associated data.

Important: Account deletion is permanent and cannot be undone! Arista Edge Threat Management cannot restore accounts deleted by accident.
Note: This is not the process to remove a user under your account. CLICK HERE for those steps.

Deleting your ETM Dashboard Account

  1. Login to ETM Dashboard.
  2. Click My Organization in the menu at the left-hand side of the page.
  3. Click Settings.
  4. At the bottom of the Settings page there is an option labeled Delete Account.
  5. Click the red Delete Account button.
  6. A confirmation dialogue will appear asking that the word DELETE be entered before proceeding.
  7. Click the Delete Account button.
  8. You will then be logged out of ETM Dashboard and your account will no longer exist.