PARTNERS

Editing companies

You can adjust a company account settings at any time.

To edit a company account:

  1. Go to the Companies page.

  2. Select company you want to edit.

    companies-page.png

    The Edit Company window will be displayed. The information is organized into three tabs:

    You will need to save any changes made to the Company details or Authentication tabs before moving to another tab or closing the Edit Company window.

  3. In each tab, make the desired changes and Save. You need to save any changes made to the Company details or Authentication tabs before moving to another tab or closing the Edit Company window.

    Note

    If the selected company has not enabled the The Company's Partner can assist with the security management option, you will not able to modify specific settings and information.

  4. Close the Edit company window by clicking the X button on the upper right side of the screen.

Note

Fields marked with * are required.

Basic company details

129483_1.png
  • Company name - Enter the name of the new company.

  • Company type - Select the type of company account:

    • Partner, if the company is a security or service provider and uses GravityZone to protect its business clients, or it is local GravityZone distributor.

    • Customer, if the company uses GravityZone to protect just its own network.

      Note

      To switch a company from Partner to Customer make sure it does not have any customers assigned.

  • Country - Select the country in which the company is based.

  • Field of activity - Select the main field of activity in which the company operates in.

Management permissions

159512_1.png
  • The company manages endpoint security - Select this option if you want this company and the companies under it to be able to manage endpoint security directly. By default, this option grants the following permissions to the new company:

    • View the computer network

    • Install security agents

    • Create and manage security policies

    • Run tasks

    • Manage quarantine.

    Note

    For Customer companies, these permissions cannot be revoked because the Customer must have access to its own network.

    For Partner companies that are MSPs, this option must remain enabled, as they need these permissions to manage security of their clients' networks.

    For Partner companies that are resellers only, this option must remain disabled. In this case, the Partner can still create other company accounts, manage subscriptions and view reports.

Additional details

119560_1.png
  • Registered address - Enter the physical address of the company’s office

  • Phone number - Enter the company's official phone number.

  • Logo in Control Center. You can add the company's logo image. All reports and email notifications issued for this company will include the logo image.

    To add the company’s logo:

    1. Click the Change button.

    2. Browse for the image logo on your computer.

    3. Click Open.

    To reset the logo to the image provided by Bitdefender, click the Default button.

The following fields will be available for editing:

Note

Fields marked with * are mandatory.

Two-factor authentication

add-edit-company-2fa.png

Enforce two-factor authentication (Recommended)

Two-factor authentication (2FA) adds an extra layer of security to GravityZone accounts, by requiring an authentication code in addition to Control Center credentials.

2FA requires downloading and installing the Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator app - compatible with the standard RFC6238 - on the user's device. The device can be a smartphone or a computer.

  • Learn how to download and install Google Authenticator here.

  • Learn how to download and install Microsoft Authenticator here.

  • Learn how to configure an authenticator on your computer here.

The authentication app generates a six-digit code each 30 seconds. To complete the Control Center login, after entering the password, the user will have to provide also the six-digit authentication code.

Two-factor authentication is enabled by default when creating a company and this setting cannot be changed. At login, a configuration window prompts users to enable this feature. Users have the option to skip enabling 2FA for five times only. At the sixth login attempt, skipping the 2FA configuration is no longer possible and users are not allowed to log in.

Allow users to trust their devices. This option allows you to specify the period during which GravityZone remembers the browsers used for logging into Control Center:

  • Select Never for users to enter the six-digit code from their authenticator every time they log in.

  • Select 1 to 90 days to allow users to skip entering the six-digit code for that specific period and log in directly to Control Center. To enable this option, users must also to select the Remember this device check box on the GravityZone login screen.

    img-02-login-code.png

By default, one browser corresponds to one device such as a computer. If users log in from another browser than the one remembered, they have to enter the six-digit code from authenticator. For details on scenarios where the Remember this device option does not work, refer to this topic.

Note

  • You can view the 2FA status for a user account in the Accounts page.

  • If users cannot log into GravityZone because of they a new device (phone or computer) or lost secret key, you can reset its two-factor authentication activation from the user account page, under Two-factor authentication section. For more details, refer to User Accounts.

  • Changing the period for remembering device reflects in user activity section of Control Center.

  • Regarding the public API, skip2FA is the parameter corresponding to Remember this device option, used with createCompany and updateCompanyDetails methods. For details on how to use it, refer to createCompany and updateCompanyDetails.

Password expiry options

Set maximum password age to 90 days

This option enables the password expiration policy. Users need to change their passwords sooner than the specified age. Otherwise, they will not be able to log in to GravityZone anymore.

Lock out account after 5 login attempts with invalid passwords

This option limits the number of consecutive invalid passwords to prevent attacks. When the counter reaches the threshold, the account is locked out and the user needs to reset their password.

The policy applies to the accounts created in GravityZone.

A notification will be sent out to all company’s users when the account lockout option is being enabled on a certain company.

Configure single sign-on using SAML

118218_4.png

GravityZone supports service provider(SP) initiated single sign-on (SSO) as a simple and secure alternative to the classic login with username and password.

This method requires integration with third party identity providers (IdP) that uses SAML 2.0 to authenticate GravityZone users and to provide them access to Control Center. Such IdP are AD FS, Okta, and Azure AD.

This is how GravityZone SSO works:

  1. The users enters their email address in the GravityZone login page.

  2. GravityZone creates a SAML request and forwards it to the IdP. It also redirects the user to the identity provider authentication page.

  3. Users are required to authenticate with the identity provider.

  4. The identity provider sends a response to GravityZone in the form of an XML document signed with an X.509 certificate. Also, the identity provider redirects users to GravityZone.

  5. GravityZone retrieves the response, validates it with the certificate fingerprint, and allows users to log in to Control Center with no other interaction from them.

Users continue to automatically log in to Control Center as long as they have an active session with the identity provider.

To enable SSO for a company, you need to follow these steps:

  1. Configure the identity provider to use GravityZone as service provider. For supported identity providers and configuration details, refer to this article.

  2. In the company details page, under Configure single sign-on using SAML, enter the identity provider metadata URL in the corresponding field.

  3. Configure users under the company to authenticate with their Identity Provider. For details, refer to Configuring single sign-on using a 3rd party Identity Provider.

To disable single sign-on for a company you manage, delete the identity provider metadata URL.

After disabling single sign-on for a company, users will automatically switch to log in with GravityZone credentials. Users can obtain new passwords by clicking the Forgot password? link on the Control Center login page.

After re-enabling SSO for a company, users will continue to log in to Control Center with GravityZone credentials. You need to configure manually each account to use SSO again.

Important

You cannot use at the same time single sign-on (SSO) and two-factor authentication (2FA) in GravityZone.

Your company's licensing information is divided into these sections.

License information

This section displays your company's ID and chosen billing method.

159512_4.png
  • Edit licensing options - Click this button to open the Licensing window, where you can change the payment plan used by the company.

  • View monthly usage report - Clicking this button will open a Monthly License Usage Report.

    Note

    This button is only available to companies with monthly subscriptions.

Editing licensing details
  1. Click Edit licensing options under the License information.

  2. Change the company’s subscription settings. Choose the option that is in accordance with your business agreement.

    Note

    Depending on your company's license, you will have access to one or more of these options.

    You can find more information on all available licensing options under Licensing.

License usage details

This section provides information relevant to your current license usage. If you are a yearly license user, you may also add and remove license keys. The information may vary, based on your billing method:

Your standard products and add-ons are displayed, along with additional usage information:

118218_7.png
  • Product name - the name of the product you are using.

  • Product type - shows if the product is a standard one or an add-on.

  • Product status - shows if the product is active, expired or a trial.

  • License key - the unique ID that grants you access to a Bitdefender product.

  • Expiry date - the date when your license expires.

  • Total units - the maximum units available with the license.

  • Usage breakdown - the number of units that are currently being used by your company.

Adding a product

To add a product follow theses steps:

  1. Click the Add product button.

  2. Enter the license key in the Add new product window.

  3. Click the Check validity button.

    118218_8.png

    Note

    In some cases, adding a specific license key will replace one of your current products. This may lead to a change of the feature set you will have.

  4. Click the Add product button.

Removing a product

To remove a product from your company follow these steps:

  1. Select the product you want to remove.

  2. Click the Remove product button.

  3. Click the Remove button to confirm.

    48409_7.png

A table provides information regarding the status of your subscription:

118218_9.png

Note

Depending on your license, one or more of these fields may not be visible to you.

  • Product name - the name of the product you are using.

  • Product type - the category in which the product falls, based on protection capabilities:

    • Endpoint Security - full protection.

    • Bitdefender EDR - limited EDR capabilities (report only).

  • Product status - shows if the product is active or expired.

  • License key - the unique ID that grants you access to a Bitdefender product.

  • Total units - indicates the maximum number of units that are available with the license.

  • Minimum commitment - the number of endpoints on which you have committed to deploy the product.

  • Reserved units - the number of units assigned to your company.

  • Available units - the number of units that are still available for your company.

  • Used units - the number of endpoints on which you have deployed Bitdefender products.

  • Subscription end date - the date when your subscription expires.

  • Auto-renewal - indicates if, and when, your subscription is set to automatically renew.

Note

You can use the Refresh Details button check for any changes in the displayed information. Once clicked, the button will be grayed out for 30 minutes.