November 2023
Devices
Increased export file record limit
Currently, when a user exports data from the Device List page, Control Center limits the number of records in the file to 500,000. Now, Control Center will support export files containing up to 1 million records from this page.
The table below summarizes the limits for other pages.
Record Limit |
Control Center Pages |
1,000,000
|
Device List
|
500,000
|
Billing > Invoices Billing > Usages Automation > Rule Activity |
250,000
|
All other pages with table
|
Security
Password change workflow
Currently, users can change their Control Center password from their profile page once they log in to Control Center. Now, when users request a password change, Control Center prompts you to provide a passcode which has been sent to your email address. Similarly, if a user’s existing password expires, the user must provide a passcode sent to their email address before they can set a new password.
Self-serve single sign-on support
Single Sign-On (SSO) is an authentication scheme that allows a user to access multiple applications through a single log-in screen even though each application requires a separate log-in.
Currently, users interested in implementing SSO authentication need to submit a project request through the Cisco IoT Connect Portal. With this release, service provider and enterprise users will be able to set up SSO authentication without submitting a project request.
Service Provider Admins and Account Admins can configure SSO for their users through the Security > SAML SSO Setup subtab.
Login with SSO
We’ve added an SSO login option on the Control Center login page. The user clicks the link and then enters their email address. Control Center takes the user to their SSO log-in page. If the user has multiple accounts configured for SSO, Control Center shows a list of all SSO accounts registered to the user’s email address.
For Control Center to recall the user’s account and provide it as an option during login, the user must login using the link provided by their SSO/security administrator at least once.
Two-step verification settings lock
Currently, either a service provider administrator or an enterprise account administrator can enable two-step verification (2FA) for both account users and customer users in a particular enterprise account.
With this release, service providers can take full control of 2FA policy for all their enterprise accounts. If the service provider locks the 2FA settings, enterprise administrators can view, but not change, the 2FA settings. Only service providers will have the ability to edit the account’s 2FA settings.
For accounts that have already enabled 2FA for themselves and entered custom settings, their settings remain the same, but the accounts will no longer be able to change settings.
Location: Security > Service Provider Security > 2-Step Verification Setup > Account Settings
Suspicious login activity notification
Currently, if a user tries to login to Control Center with a valid username but an invalid password, we flag it as ‘suspicious activity’.
With this update, if there are three such suspicious login attempts made within a span of 15 minutes, Control Center sends a notification to the account email address.
If the user enters an incorrect username, Control Center considers it an invalid login, not a suspicious login. No notification is sent.
General
Inclusive language
To have inclusive language, all features known as “whitelist” will over time change name to “permitlist”. APIs will still work with the old name, but it is recommended for customers to update the name in their code.
Essential to Advantage account upgrade
Control Center analytics show that within 2-3 years nearly one-third of Essential enterprises outgrow the Essential tier and need more advanced connectivity and controls. As a service provider, we can support this transition by upgrading an existing Essential account to the Advantage tier.
This one-way upgrade offers numerous benefits to both the service provider and the enterprise:
- Automated process entirely managed by the service provider
- In-place upgrade preserves the existing account (same ID and name) and doesn’t require any device transfers
- No service impact to in-session devices
- Continuity of device and billing history enabling users have access to all data generated prior to the upgrade
- No change to user accounts, credentials, or API keys
- No impact to existing API integrations.