Need help with your IIoT implementation? Download white paper
30-03-2021
6 min. read
Sjors de Kleijn

Step-by-step: structuring your IXON Cloud account

One of the biggest changes in the new IXON Cloud platform is the user management system, which has become much more comprehensive. To give platform administrators some inspiration on how to structure their IIoT account, its users and devices, we’ve created a step-by-step guide including three best practices

In the table below you'll find some definitions of elements that appear in the new user management system which will also be addressed in this step-by-step guide.

Element Definition

Roles

A role is a selection of permissions. You can set admin and device permissions, and you can add access categories.

Access categories

An access category is a selection of pages and services.

Groups

A group is a selection of devices and users. You can divide groups in different group types.

Pages

A page contains information about the machine, such as machine data and access to services (e.g. VPN, VNC and HTTP). Each page can be assigned to access categories.

 

Four steps to structure your IXON Cloud account Four steps to structure your IXON Cloud account

Step-by-step-guide

Follow these steps to get an idea of how you could structure your IXON Cloud account. If you only have a couple of devices and users, we advise you to keep the setup simple with fewer groups and roles.

Jump to section:


 

Step 1: Configure groups

The main question to answer in this step: what does your organisation look like?

Think about how your devices are divided globally and who are involved internally and externally. For each segmented group you can create a group type and groups in the admin section to keep overview of your devices. For example:

Customers Regions Divisions

Customer A
Customer B

Europe
Asia

Benelux
Global

Machine types Projects Service partners

Inspection
Packaging
Weighing

Project A
Project B

Partner A
Partner B

Once your groups are defined, you can configure the group(s) of each device in the Fleet manager. When a device is assigned to a group, that device will be available to users who have access in that specific group.


 

Step 2: Configure access categories

The main questions to answer in this step: what are users in a group allowed to do with the devices/hardware?

For hardware access you need to ask yourself for which pages and services users need VPN or VNC access. You can define access groups in several ways. Some examples of access categories:

Based on access level: Based on feature access:

No access
View access
Operator access
Service access
Administration access

VPN
HTTP
VNC
Monitoring dashboard
Service page

For each defined access category you have to set up an ‘access category’ which you can find in the admin section under ‘roles’. Once created you can set the pages and services of a device to these access categories in the Fleet manager. 

Some examples on how to apply the access category:
  1. Add the ‘VPN’ or ‘Service access’ access category to the VPN service
  2. Add ‘VNC’ or ‘Operator access’ to the VNC service
  3. Add a ‘Troubleshooting’ page for access category ‘Service page’ or ‘Service access’
  4. Add a ‘Machine overview’ page for access category ‘View access’

 

Step 3: Define roles

The main questions to answer in this step: what are users allowed to do on the platform?

Think about different roles and what access users need (and don’t need) in their daily activities. Should they be able to manage users and groups, set up the branding or install and configure devices? Or should they only have access to the pages of their own machines? 

You can define company wide and group specific roles. Company wide roles are set for your total IXON Cloud account and all its devices. Group-specific roles are a subset of devices in combination with roles.  

It’s also good to think about what the daily activities of different roles (internally and externally) are. Define if this role is for the complete company account (all devices) or for specific groups (e.g. Customer A can only manage his devices + users for the devices he owns and have access to those machine pages).

Once you’ve defined the user roles you can create them in the Admin section and set the access rights. Here you can also define to which access categories they have access. For example, they can have access to all services, pages and notifications of access group ‘VPN’.

Some example roles:  

Service engineer
Software engineer
Customer admin

Customer operator
First-line support
Partner (view only)


 

Step 4: Add users

The main action in this step is to invite users and set their permissions.

In this step, your previous settings all come together. You’ve created roles, groups and access categories so now you can add users and set their access level. In the Portal app you can invite users and set their access per [group] for the whole company account or set the roles for specific groups. 

Example users:

A: ‘Company wide role’ as ‘role Service engineer’;
B: ‘Customer admin role’ for ‘group Customer A’;
C: ‘First-line support role’ for ‘group Region A’ and ‘First-line support role’ for ‘group Region B’;
D: ‘Partner role’ for ‘group Partner A’.


 

Use case 1: Companies who sell installations directly to customers

In this scenario the machine manufacturer sells directly to their customers and their engineers provide support. Platform administrators manage their IXON Cloud account and users.

All engineers can configure devices and get access to all devices for troubleshooting over VPN and VNC. Each customer can manage their users (operators) and each operator can access the VNC of their machine.

Show the full implementation.

Users + roles for use case 1 Users + roles for use case 1

 

Use case 2: Companies who sell installations via a partner channel to customers and provide support

In this scenario a machine manufacturer sells his machines via a partner to customers and the engineers of the manufacturer provide support. Platform administrators manage their IXON Cloud account and users.

All engineers can configure devices and get access to all devices for troubleshooting over VPN, HTTP and VNC. They also have access to the maintenance dashboard. Each partner can manage their devices and customers. Each customer can manage their users (operators) and each operator can access the VNC of their machine.

Show the full implementation.

Access categories for use case 2 Access categories for use case 2

 

Use case 3: Companies (worldwide active) with multiple divisions providing support via local service teams

In this scenario the machine manufacturer is divided into multiple regions and divisions worldwide. They cooperate with their local service teams for support. Each machine is allocated to a specific region, division and customer. Platform administrators manage the IXON Cloud account and users.

Each division has a service manager who owns the users and devices of their own division and allocates devices to support engineers. Each support engineer gets access to all allocated devices for troubleshooting over VPN for their own customers. Within the devices, they can also access a machine info dashboard.

In this case the customer isn’t yet allowed to access his machine via the IXON Cloud platform.

Show the full implementation.

Groups for use case 3 Groups for use case 3

Get started

You’ve seen some examples of how you could structure your IXON Cloud account. It’s time to give it a go yourself.

((Create your IXON Cloud account))