As an admin of the Celona network, you can create/edit/delete user profiles, explicitly define their role, and manage access accordingly.
User Roles: Organizational Level
At an organizational level, Celona Orchestrator supports the following user roles -
Role | Customer Scope | Read-Permissions | Write-Permissions |
Admin | customer organization | All | All |
Observer | customer organization | All | N/A |
Observer (Type-1) | customer organization | All (except events, alerts, support) | N/A |
Restricted Observer | customer organization | Device events for specified device groups (via API only) | N/A |
Installer | customer organization | Access Points (list, details) | CPI workflow |
Device Manager | customer organization | All | Device Lifecycle Management |
Device Manager (Type-1) | customer organization | All (except events, alerts, support) | Device Lifecycle Management |
Admin
Complete read and write privileges for all monitoring and management workflows in the Orchestrator
Observer
Read-only access to the entire Orchestrator
Observer (Type-1)
Access is similar to the Observer role, excluding Monitoring (Events, Alerts, Device Event Timeline) and Support (Support Cases, Diagnostic tools)
Restricted Observer
Access is limited to device events for specified device groups. This role is available via API only
Installer
Role is intended for CPI (Certified Professional Installer) users, with the following Orchestrator access -
read access to AP Inventory
read access to AP Details
read and write access to their own user profile to set up CPI certificate credentials
read and write access to AP antenna parameters to set and attest the location (Latitude/Longitude) of the AP
Device Manager
read-only access to the Orchestrator, similar to the Observer role
read-only access to Device inventory and Device details page
QR code download for eSIMs
Device (SIM) lifecycle management, including activation, assignment, deactivation, and naming of the devices
Device Manager (Type-1)
Access is similar to the Device Manager Role, excluding Monitoring (Events, Alerts, Device Event Timeline) and Support (Support Cases, Diagnostic tools)
User Roles: MSP Level
At an MSP (Managed Service Provider) level, Celona Orchestrator supports the following user roles -
Role | Customer Scope | Read-Permissions | Write-Permissions |
MSP Admin | All or a subset of the child organizations of the MSP | All | All |
MSP Observer | All or a subset of the child organizations of the MSP | All | N/A |
MSP Observer (Type-1) | All or a subset of the child organizations of the MSP | All (except events, alerts, support) | N/A |
MSP Installer | All or a subset of the child organizations of the MSP | Access Points (list, details) | CPI workflow |
MSP Device Manager | All or a subset of the child organizations of the MSP | All | Device Lifecycle Management |
MSP Device Manager (Type-1) | All or a subset of the child organizations of the MSP | All (except events, alerts, support) | Device Lifecycle Management |
Note: Please note that the customer scope for the above user roles may be all child organizations or a subset based on the scope defined for the MSP user.
Identity Management via SSO
Orchestrator supports User administration and Identity management via
Orchestrator workflows (see below)
Create a New User
Admin users of an Organization can create additional user profiles and assign them a role. To create a new user profile, go to Users under Admin Settings, click on ADD USER on the top right corner. Enter the following information -
First Name (Mandatory)
Last Name (Mandatory)
Email (Mandatory)
Mobile (Optional)
Access Control - Role
Admin, Observer, Installer, Device Manager, Device Manager (Type-1), Observer (Type-1)
Edit User
Admin users of an Organization can also edit or delete user profiles. To edit an existing user's profile, go to Users under Admin Settings, find the user in the table, and click the edit icon. You can now make any desired changes and click Update to save your modifications.
