Manage your company
As a user with the Manage company right, you can check or change your company details and license settings, and manage authentication settings, such as two-factor authentication, password expiration, account lockout, and single sign-on.
To get the My Company page, follow these steps:
Log in to GravityZone.
Click on your profile in the upper right side of the screen.
From the drop-down menu, select My Company.
The information is divided into these sections: Company details, Authentication, and Licensing.
The following fields are available for editing:
Note
Fields marked with *
can not be left blank.
Basic company details
Company name - enter the name of the company.
Country - select the country the company is based in.
Field of activity - the main field of activity the company operates in.
Management permissions
Your Bitdefender partner can assist with the security management: check this box if you want this company's partner to have access to managing endpoint security directly. If this box is not selected:
The company will still appear in the Network page, but its network will be invisible to its partner.
The company's partner will not be able to modify specific settings.
The company's partner will be able to manage its subscription further on.
The company's partner will be able to enforce two-factor authentication even though they cannot manage its user accounts.
The company's partner will be able to create only specific reports, which do not disclose network information.
Your Bitdefender partner can download your quarantined files: this option allows your direct partner to retrieve and download quarantined files from your company. To enable the option you require company and network administrative privileges.
Your Bitdefender partner has redaction activated for your Email Security account: when enabled, masks sensitive information when accessing emails through reports in the Email Security console.:
Additional company details
Registered address - Enter the physical address of the company’s office
Phone number - enter the company's official phone number.
Logo. You can add the company's logo image. All reports and email notifications issued for this company will include the logo image.
To add the company’s logo:
Click the Change button.
Browse for the image logo on your computer.
Click Open.
To reset the logo to the image provided by Bitdefender, click the Default button.
Note
Fields marked with *
are mandatory.
Two-factor authentication
Enforce two-factor authentication (Recommended)
Two-factor authentication (2FA) adds an extra layer of security to GravityZone accounts, by requiring an authentication code in addition to Control Center credentials.
2FA requires downloading and installing the Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator app - compatible with the standard RFC6238 - on the user's device. The device can be a smartphone or a computer.
The authentication app generates a six-digit code each 30 seconds. To complete the Control Center login, after entering the password, the user will have to provide also the six-digit authentication code.
Two-factor authentication is enabled by default when creating a company and this setting cannot be changed. At login, a configuration window prompts users to enable this feature. Users have the option to skip enabling 2FA for five times only. At the sixth login attempt, skipping the 2FA configuration is no longer possible and users are not allowed to log in.
Users trust their browsers. This option allows you to specify the period during which GravityZone remembers the browsers used for logging in to Control Center:
Select Never for users to enter the six-digit code from their authenticator every time they log in.
Select 1 to 90 days to allow users to skip entering the six-digit code for that specific period and log in directly to Control Center. To enable this option, users must also to select the Trust this browser check box on the GravityZone login screen.
By default, one browsers corresponds to one device such as a computer. If users log in from another browser than the one remembered, they have to enter the six-digit code from authenticator. For details on scenarios where the Trust this browser option does not work, refer to this topic.
Note
You can view the 2FA status for a user account in the Accounts page.
If users cannot log in to GravityZone because of they a new device (phone or computer) or lost secret key, you can reset its two-factor authentication activation from the user account page, under Two-factor authentication section. For more details, refer to User Accounts.
Changing the period for remembering device reflects in user activity section of Control Center.
Regarding the public API,
skip2FA
is the parameter corresponding to Trust this browser option, used withcreateCompany
andupdateCompanyDetails
methods. For details on how to use it, refer to createCompany and updateCompanyDetails.
Password expiry options
Set maximum password age to 90 days
This option enables the password expiration policy. Users need to change their passwords sooner than the specified age. Otherwise, they will not be able to log in to GravityZone anymore.
Lock out account after 5 login attempts with invalid passwords
Select 1 to 90 days to allow users to skip entering the six-digit code for that specific period and log in directly to Control Center. To enable this option, users must also to select the Trust this browser check box on the GravityZone login screen.
The policy applies to the accounts created in GravityZone.
A notification will be sent out to all company’s users when the account lockout option is being enabled on a certain company.
Configure single sign-on using SAML
GravityZone supports service provider(SP) initiated single sign-on (SSO) as a simple and secure alternative to the classic login with username and password.
This method requires integration with 3rd party Identity Providers (IdP) using SAML 2.0, such as AD FS, Okta, and Azure AD, that authenticate GravityZone users and provide them access to Control Center.
This is how GravityZone SSO works:
Users enter their email addresses in the GravityZone login page.
GravityZone creates a SAML request and it forwards the request and the users to the Identity Provider.
Users are required to authenticate with the Identity Provider.
After authentication, the Identity Provider sends a response to GravityZone in the form of an XML document signed with an X.509 certificate. Also, the Identity Provider redirects users to GravityZone.
GravityZone retrieves the response, validates it with the certificate fingerprint, and allows users to log in to Control Center with no other interaction from them.
Users continue to automatically log in to GravityZone Control Center as long as they have an active session with the Identity Provider.
Note
You cannot initiate a GravityZone login from a third-party Identify Provider.
To enable SSO for a company, you need to do the following:
Configure the Identity Provider to use GravityZone as service provider. For supported Identity Providers and configuration details, refer to this article.
In the company details page, under Configure single sign-on using SAML, enter the identity provider metadata URL in the corresponding box.
Configure users under the company to authenticate with their Identity Provider. For details, refer to Managing User Authentication Methods.
To disable single sign-on for a company you manage, delete the Identity Provider metadata URL.
After disabling single sign-on for a company, users will automatically switch to log in with GravityZone credentials. Users can obtain new passwords by clicking the Forgot password? link on the Control Center login page and following the instructions.
After re-enabling SSO for a company, users will continue to log in to Control Center with GravityZone credentials. You need to configure manually each account to use SSO again.
Note
Click the Next button in the lower right side of the screen to proceed to the next screen.
Important
You cannot use at the same time single sign-on (SSO) and two-factor authentication (2FA) in GravityZone.
Your company's licensing information is divided into these sections.
License information
This section displays your company's ID and chosen billing method.
Note
The Billing method can have one of these values:
Pre-paid - either a trial key or a license key with predefined validity (6 or 12 months) was used.
Monthly usage - a monthly subscription plan.
Note
The following options are available only for companies with monthly subscriptions:
Change to Pre-paid license - this will allow you to add a license key and change to a yearly billing method.
View monthly usage report - clicking this button will redirect you to the Reports page and will open a Monthly License Usage Report.
Bitdefender partner
This section displays relevant information on your partner company.
Use the Change Partner button to designate a different partner company.
License usage details
This section provides information relevant to your current license usage. If you are a yearly license user, you may also add and remove license keys. The information may vary, based on your billing method:
Your standard products and add-ons are displayed, along with additional usage information:
Product name - the name of the product you are using.
Product type - shows if the product is a standard one or an add-on.
Endpoint Security - full protection.
BitdefenderEDR - limited EDR capabilities (report only).
Product status - shows if the product is active, expired or a trial.
License key - the unique ID that grants you access to a Bitdefender product.
Expiry date - the date when your license expires.
Total units - the maximum units available with the license.
Usage breakdown - the number of units that are currently being used by your company.
Adding a product
To add a product follow theses steps:
Click the Add product button.
Enter the license key in the Add new product window.
Click the Check validity button.
Note
In some cases, adding a specific license key will replace one of your current products. This may lead to a change of the feature set you will have.
Warning
Depending on your company type, some products may be incompatible.
Click the Add product button.
Removing a product
To remove a product from your company follow these steps:
Select the product you want to remove.
Click the Remove product button.
Click the Remove button to confirm.
A table provides information regarding the status of your subscription:
Note
Depending on your license, one or more of these fields may not be visible to you.
Product name - the name of the product you are using.
Product type - the category in which the product falls, based on protection capabilities:
Endpoint Security - full protection.
Bitdefender EDR - limited EDR capabilities (report only).
Protection model - the name of the protection model you using.
Product status - shows if the product is active or expired.
License key - the unique ID that grants you access to a Bitdefender product.
Total units - indicates the maximum number of units that are available with the license.
Minimum commitment - the number of endpoints on which you have committed to deploy the product.
Reserved units - the number of units assigned to your company.
Available units - the number of units that are still available for your company.
Used units - the number of endpoints on which you have deployed Bitdefender products.
Subscription end date - the date when your subscription expires.
Auto-renewal - indicates if, and when, your subscription is set to automatically renew.
Note
You can use the Refresh Details button check for any changes in the displayed information. Once clicked, the button will be grayed out for 30 minutes.