User Management Service FAQs
Everything you every wanted to know about the User Management Service and how to use it.
Of course, this is a pity in the first place and we would appreciate your feedback why you decided against Proficloud.io. Just use our contact form for that. We strive to improve!
The Smart Services enable customers to import data from different devices (production plants, measuring devices, etc.) and from different locations (worldwide) into the Smart Service, operated on Proficloud.io in order to link them with each other and make them remotely evaluable.
For this purpose, the Smart Service enables standardized analyses based on the imported data and e.g. visualizes them with dashboards.
With our User Guiding, we want to make it even easier to get started with the various Smart Services. The guides offer interactive tours through the Smart Services to explain individual functions or to get an overview of the areas of a Smart Service.
In the video you can see how you can use the User Guiding and start interactive guides.
The first time you visit a Smart Service, you will be greeted by a prompt. You can either get an introduction to the Smart Service you just have open in the welcome, or access the guides again later at any time by accessing the button labeled “Guides & FAQs” on the right side of the screen.
We use a service on Proficloud.io that allows to conveniently display all FAQs and guides relevant to the active smart service.
To access the FAQs, just click on the button on the right side of the screen labeled “Guides & FAQs”.
Metric is just another name for variable. One example could be a temperature, wind speed, voltage etc.
As of right now, Proficloud.io is running in AWS data centers, located in Frankfurt. Phoenix Contact does not operate their own data center for Proficloud. Because all Proficloud.io data is hosted in Frankfurt, German law applies
Vulnerability scanning
We are using an web-application vulnerability scanner (Automated security and asset monitoring) to monitor the web-apps for potential takeovers and remediate security bugs in staging and production as soon as they are known and we are using products for automatically prove our code quality & code security.
Hardening techniques
We apply different hardening practices (like i.e. use of service packs, automatic dependency checks, patches & patch-mgmt, etc.) for our service-containers
GDPR compliance
Proficloud.io is completely GDPR compliant, thereby conforming to the highest data privacy standards.
Operating system
All our virtual servers are based on Linux, increasing the resiliency of our cloud system.
Spectre/Meltdown & know CPU security vulnerabilities
Infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level.
Permission / user management
We‘re looking on rolling out a sophisticated permission management system throughout 2021, allowing companies fine-grained controls over what users are capable of accessing.
Password policy
High security passwords are enforced by the platform. In general the password needs at least 10 characters, upper & lowercase letters, number(s) and special character(s).
Public key infrastructure
We are using EJBCA as PKI for all tenants in Proficloud.io, allowing us to revoke potentially compromised certificates whenever needed.
Secure bidirectional device communication
CA signed remote commands are used regarding the connected devices. All communication is encrypted using TLS 1.2 and client certificate authentication.
Secure firmware update process for devices
Hardened firmware update process for devices with IEC 62443 measures.
Encryption
All connections between users and devices to proficloud are encrypted using TLS 1.2.
Data centers
Phoenix Contact Smart Business uses dedicated aws data centers for running Proficloud.io guaranteeing an industry leading security level for customers.
Some Proficloud.io services, such as the Device Management Service can be used free of charge. Other services, including Time Series Data Service allow customers to test them free of charge, but require payment for actual production workloads.
Cloud pricing ist often complicated, but that’s not the case for Proficloud.io. We always make sure to offer payment models, which are easy to understand, enabling our customers to always understand their true costs. This means for you that in the Time Series Data Service, for example, you pay per metric that you send to the cloud. With this model, we naturally offer you suitable packages, so that you have maximum freedom in cost calculation and can rely on the exact costs incurred.
In other services (e.g. ImpulseAnalytics) you only pay per device for one year. This is based on the business model, which was developed especially for this service and offers the user an easy way to calculate the costs.
As soon as you book a service, you will receive a booking confirmation by e-mail, as well as a booking confirmation within Proficloud.io. You can use the booked service directly after the booking. You will receive a separate e-mail with the conditions (taxes, legal framework) from Phoenix Contact that apply to you.
The UUID (Universally Unique Identifier) is required for adding a device to Proficloud. It is printed externally on the device’s housing. After the installation and commissioning of the device, the UUID may not be visible anymore. Thus, it is mandatory to document the UUIDs during the device installation.
We recommend to additionally document the respective device designation within your system or a unique, descriptive name for the device. This enables you to identify the device again within your system locally.
If you cannot access Proficloud.io, please contact your company’s IT. Security restrictions of your company’s IT may result in access problems to Proficloud.io.
An unrestricted internet connection is required for the following addresses and sub-adresses in case of port 443 (HTTPS) and port 8883 (MQTT over TLS):
Proficloud.io
Proficloud-production.io
This needs to be guaranteed by the company’s IT.
- Click on the profile icon in the upper right corner of the browser
- Click on [Settings]
- Click on the pencil on the right side of the browser next to your current e-mail address
- Now enter your new e-mail address in the field for the e-mail address and click on [Save Profile Data]
- Click on [Confirm] to confirm the action. You will be logged out and will receive a confirmation e-mail at your new e-mail address
- Click on the link in the e-mail to verify the e-mail-address change
See at a glance which devices can use which services. The listed devices are Phoenix Contact devices with direct Proficloud.io integration. You can integrate a lot more device with a Gateway Solution and NodeRED. Sort the table according to your needs.
| Device Management Service | Time Series Data Service | EMMA Service | ImpulseAnalytics Service | |
|---|---|---|---|---|
| AXC F 2152 PLCnext Control 2404267 | 2020.6.1 (or higher) | 2021.0.x LTS (or higher) | - | - |
| AXC F 1152 PLCnext Control 1151412 | 2021.0.x LTS (or higher) | 2021.0.x LTS (or higher) | - | - |
| AXC F 3152 PLCnext Control 1069208 | 2021.0.x LTS (or higher) | 2021.0.x LTS (or higher) | - | - |
| RFC 4072S PLCnext Control 1051328 | 2021.0.x LTS (or higher) | 2021.0.x LTS (or higher) | - | - |
| EPC 1502 PLCnext 1185416 | 2021.0.x LTS (or higher) | 2021.0.x LTS (or higher) | ||
| EPC 1522 PLCnext 1185423 | 2021.0.x LTS (or higher) | 2021.0.x LTS (or higher) | ||
| EEM-SB370-C IoT-enabled EMpro 1158951 | 2020.6 (or higher) | 2020.6 (or higher) | 2020.6 (or higher) | - |
| EEM-SB371-C IoT-enabled EMpro 1158947 | 2020.6 (or higher) | 2020.6 (or higher) | 2020.6 (or higher) | - |
| IPCH-4X-PCL-TCP-24DC-UT ImpulseCheck 1045379 | 3.0.1234.0 | - | - | 3.0.1234.0 |
| IPCH-4X-PCL-TCP-24DC-UT ImpulseCheck 1275381 | 3.0.1234.0 | - | - | 3.0.1234.0 |
We design our email to get through most email filters so that it gets into your inbox without any problems. If you still do not receive a registration email, it could have ended up in your spam folder.
Many companies filter and block incoming mail and might not forward our emails as intended.
If you don’t receive your registration email for example, please contact your IT support. If they can’t find a problem, please let us know by writing an email to inbox@phoenixcontact-sb.io
We built Proficloud.io from scratch, including identity management. Therefore your Proficloud.net credentials are not valid in Proficloud.io. Simply create a new account free of charge.
In general it makes sense to use Proficloud.io. The firmware of the PLCnext controllers can only connect to Proficloud.io with the latest version. In the future Proficloud.io will be the only supported version.
In short: No.
All changes will be done the next time you log into Proficloud.io. In your daily work with Proficloud.io you might not even experience any changes.
Here is a list of all changes in comparison to your “personal account”:
- Your personal Proficloud.io-account will change to an organization with you as an admin.
- All subscriptions moved from your personal settings to your organization settings.
- Billing details moved from your personal settings to your organization settings.
An organization within Proficloud.io is a self-contained unit. This unit contains users (with user roles), devices, smart services, billing and subscription management.
A user can be a member of more than one organization.
Visit the User Management Service and click on [Invite User] in the top bar. Now enter the email address of the user you want to invite, write a short message and select the appropriate role for the new user.
If the invited person belongs to the same domain as you, you can now send an email, if it is a different domain, you will receive a link that you have to send to the new user manually.
In this way, we comply with the applicable data protection regulations.
User permissions
Device Management Service
| Permission | Description | Admin | Editor | Viewer |
|---|---|---|---|---|
| Access Smart Service | The user can access the Device Management Service | |||
| View devices | The user can see and open the existing devices. He can see into all tabs. | |||
| Add devices | The user can add new devices to Proficloud.io. | |||
| Delete devices | The user can delete existing devices from Proficloud.io. | |||
| Reset device token | The user can reset the device token of a device. | |||
| Edit data of device | The user can change metadata, such as device name, location, tags or the description. | |||
| Export logs | The user can export the logs of a device. | |||
| Perform firmware updates | The user can start a firmware update of a device. | |||
| Assign metrics | The user can add or remove metrics of a device. |
User Management Service
| Permission | Description | Admin | Editor | Viewer |
|---|---|---|---|---|
| Access Smart Service | The user can access the User Management Service | |||
| Invite User | The user can invite another user to the active organization | |||
| Change User role | The user can change the role of another user and thus grant different rights accordingly | |||
| Remove User | The user can remove a user from the active organization and thus revoke the user's access to the Proficloud.io organization |
Service Store & Subscription Management
| Permission | Description | Admin | Editor | Viewer |
|---|---|---|---|---|
| Access Smart Service | The user can access the Service Store | |||
| Book a Smart Service | The user can book a Smart Service in the Service Store | |||
| Cancel Subscription | The user can cancel an ongoing paid subscription | |||
| Assign Metrics | The user can assign metrics to a device within a subscription | |||
| Assign Devices | The user can assign a device to a subscription within a subscription |
Organization Settings
| Permission | Description | Admin | Editor | Viewer |
|---|---|---|---|---|
| Create Organization | The user can create a new organization | |||
| Rename Organization | The user can rename the active organization | |||
| Change Billing information | The user can change the organization's billing information |
EMMA Service
| Permission | Description | Admin | Editor | Viewer |
|---|---|---|---|---|
| Access Smart Service | The user can access the EMMA Service | |||
| View dashboards | The user can view existing dashboards | |||
| Create dashboard | The user can create a new dashboard | |||
| Create new widget | The user can create a new widget within a dashboard | |||
| Delete dashboard | The user can delete an existing dashboard | |||
| Remove widget | The user can delete a widget within a dashboard | |||
| Add/change metadata of a dashboard | The user can change metadata, such as title or description | |||
| View reports | The user can access the Reports section | |||
| Create new virtual device | The user can create a new virtual device to be able to use it in dashboards | |||
| Export energy data | The user can use the process for exporting the displayed data | |||
| Use widget | The user can make various settings within a widget (e.g. change the date, devices or statistics) | |||
| Download report | The user can download a report in the reports section. | |||
| Change settings | The user can change various settings in the Reports section based on the dashboards used |
Time Series Data Service
| Permission | Description | Admin | Editor | Viewer |
|---|---|---|---|---|
| Access Smart Service | The user can access the Time Series Data Service | |||
| Show dashboards | The user can access the dashboards in different dashboard groups | |||
| View device template | The user can call up the device template in the Time Series Data Service | |||
| Create new dashboard | The user can create a new dashboard | |||
| Delete dashboard | The user can delete a dashboard | |||
| Create notification channel | The user can set up new notification channels | |||
| Delete notification channel | The user can delete existing Notification Channels | |||
| Edit notification channel | The user can change existing notification channels | |||
| Create alert rules | The user can create a new alert rule within a dashboard | |||
| Edit alert rules | The user can edit existing alert rules | |||
| Delete alert rules | The user can remove existing alert rules. | |||
| Mark as favorite | The user can mark an existing dashboard as a favorite | |||
| Change home dashboard | The user can change the Home Dashboard (this applies only to personal access to the Time Series Data Service) | |||
| Set individual Permissions | The user can distribute individual permissions within the Time Series Data Service based on roles, users, dashboard groups, or individual dashboards |
Impulse Analytics Service
| Permission | Description | Admin | Editor | Viewer |
|---|---|---|---|---|
| Access Smart Service | The user can access the Impulse Analytics Service. | |||
| Show detail view of device | The user can open the devices in the Impulse Analytics Service and analyze the different statuses of the arresters | |||
| Show graph of surge | The user can view the graphical representation of a lightning strike | |||
| Create status report | The user can create and export a status report for a specific device. | |||
| Show Journal | The user can access the journal in the Impulse Analytics Service. | |||
| Edit notifications | The user can set up notifications for specific users within the journal | |||
| Show Control API | The user can access the Control API of the Impulse Analytic Service. | |||
| Generate new API token | The user can have a new API token generated. | |||
| Download surges | The user can download data about individual surges as CSV | |||
| Configure arrester | The user can add and edit the arresters |
Visit the User Management Service in the left navigation and select the user whose role you want to change. Now click on “Change Role” to assign a new role to him.
Attention: Roles can only be changed by admins.
When you are removed from an organization, or you leave it yourself, there are two ways what happens – in both you lose the access to the data and devices of the organization you left.
If you are still a member of additional organizations, nothing will happen except that you will no longer have access to the devices and data of the organization you left.
If you are not a member of another organization, an “empty” organization is automatically created for you, in which you can continue to use Proficloud.io. You will no longer have access to the devices or data of the organization you left.
In an organization, over 100+ individual users can be invited – Currently, there are no limits on the number of people in an organization.
If you want to add more than 100+ user, please get in contact so we can improve the onboarding.
With resource-based access control, permissions to individual devices can be assigned granularly for individual users. For example, an admin can give a user (regardless of their role) access to one or more devices that can then be used in all Smart Services (based on their role).
RBAC (Resource Based Access Control) is automatically enabled for all users. As an admin of an organization, the settings in the User Management Service can be changed at user level.
At the time of RBAC implementation, all users are granted access to all devices, so nothing changes for existing users. Access rights to individual devices can then be removed again for individual users.
As an Admin you can add devices and also see all devices of your organization by default. For non-Admin users you can fine granualary adjust who has access to which device. It might be that your colleague is not an admin and has not got the permission to access the added device.
To do this, simply visit the User Management Service and assign the authorization for the device to your colleague.
In addition to the role, the user also needs the authorization to view and use individual devices (or all devices). In User Management, navigate to the invited user and assign the permissions there under the “devices” tab.