Portal Settings

Last updated on 08 July, 2024

You can use the Portal Settings of your LogicMonitor account to customize global behavior and functionality of your LogicMonitor portal for all users that log in. For example, you can require two-factor authentication for all LogicMonitor users that log in to the portal, configure a user session timeout, and add a company logo that is displayed on every portal for all LogicMonitor users.

Tenant Identifier Property Name

You can leverage the Tenant Identifier Property Name to help organize the resources in your LogicMonitor portal. The Tenant Identifier allows you to keep resources separated or grouped based on the property you set for the Tenant Identifier. 

To sync with the value you have set for the Tenant Identifier, LogicMonitor uses the system.tenant.identifier property, enabling LogicMonitor to identify the tenant of a particular resource. The system.tenant.identifier property uses the value of the property set for the Tenant Identifier. You can use your own custom property if you already have one (such as, customer.ID or auto.pod). In addition, you can use the system.tenant.identifier property for other functionalities such as, the Applies To functionality.

You can leverage Tenant Identifier for the following in your LogicMonitor portal:

  • Alerts—Alert aggregation is based on tenants. If you are currently using a property (other than tenant.identifier property) to organize your resources or resource groups, you can override this property with the property you enter for the Tenant Identifier. If there is an alert for any resource that has this property set, LogicMonitor gets the tenant value from your property specified for the tenant.identifier property.
    For more information, see Grouping Alerts by Tenant.
  • Usage Reporting—If your environment provides services for multiple LogicMonitor accounts within the same portal, you can use Tenant Identifier to view usage data for a single tenant in your portal. Setting the Tenant Identifier allows you to view the usage data separately for each individual tenant, defined by the property you enter.
    For more information, see Usage Reporting Overview.

Portal Clock Synchronization

LogicMonitor uses the Amazon Time Sync Service as the primary time source for all infrastructure that is hosted in AWS. All instances are configured to regularly synchronize their time with the AWS VPC Time Server.

All resources that are not hosted within AWS use time servers running and hosted on our Authentication and Authorization platform. These servers use the VPC time servers for their own synchronization to ensure that infrastructure resources stay in sync.

For redundancy and as a backup in case the VPC-based time server becomes unavailable temporarily, LogicMonitor also uses 3 geographically diverse time servers that are hosted with our Authentication and Authorization platform.

Note: LogicMonitor customers can use the public-facing Amazon NTP servers to ensure that their devices are in sync with LogicMonitor’s infrastructure.

Two-Factor Authentication

Two-factor authentication (2FA) provides an extra layer of security for accessing your LogicMonitor account and remote sessions. In addition to a username and password, 2FA requires users to use a third-party application or an authentication token delivered using SMS or voice to verify their identity.

You can globally apply 2FA for all users that log in to the portal for your LogicMonitor account. 2FA can also be applied on a per-user basis, however globally enabling 2FA forces all users to authenticate using 2FA regardless of the per-user setting. For more information about two-factor for remote sessions, see Initiating a Remote Session.

Note: If you enable Single Sign On (SSO) for your LogicMonitor account, and SSO is not set to strict mode, users can choose to log in to their portals using SSO or 2FA. If SSO is set to strict access, users can only log in to LogicMonitor using SSO. To use 2FA with SSO, you must set this up with your SSO provider.

For more information about accessing your LogicMonitor account when 2FA is enabled, see Two-Factor Authentication Account Access.

Requirements to Configure the Portal Settings

To configure the Portal settings, you need a LogicMonitor user with the “Manage” role for Account Information. For more information, see Users and Roles.

Configuring the LogicMonitor Portal Settings

  1. In LogicMonitor, navigate to Settings > Account InformationPortal Settings.
  2. In the Company Display Name field, provide the name of the company. The company name displays throughout your LogicMonitor account interface.
  3. In the Tenant Identifier Property Name field, provide the tenant ID property name. For more information, see Tenant Identifier Property Name.
  4. To configure the time zone of your portal, select a time zone from the Time Zone setting.
    Time zones associated with a city name (for example, “America/Los_Angeles”) automatically update according to Daylight Saving Time schedules. Time zones with “UTC” do not automatically update. For more information on time zone, see Portal Clock Synchronization.

Note: Time zones can be configured on a per-user bases. This allows users to view and configure time-based data and settings relative to their local region. For more information, see Users.

  1. In the Company Logo settings, select the Edit icon to upload a logo for the Heading Logo and Login Logo.
  2. To enable a remote session on an account-wide basis, select Enable Remote Session.
    For more information, see Remote Session.
  3. Select the Enable Test Script option to disable the Test Script option testing the script-based LogicModules.
  4. To enable two-factor authentication on an account-wide basis, select Require Two-Factor Authentication for all Roles and Users. For more information, see Two-Factor Authentication.
    A message displays prompting you to select when to enforce authentication. You can enforce authentication immediately or eventually.
  5. To suspend a user’s account after a defined number of days, enter a value in the Suspend user after days of inactivity on LM portal setting.
    Accepted values are whole numbers.

    Note: By default, the suspension days are set as 90 days for all new users. For the existing users, the suspension days will remain 0, or the set number of days.
    Along with the Single Sign-On users, the local users, and the API-only users will also get suspended. However, the users listed under Alert Delivery Escalation Chains and Recipient Groups are exempt from suspension.
  6. To log users out of the LogicMonitor portal after a specified length of time, select a timeout value for users from the User Session Timeout option.
    Inactivity for the specified length of time results in a user account being logged out. The timeout period is applied to users that do not enable the option to stay signed in when they log in to their LogicMonitor portal.
    The default timeout period is four hours.

Note: If your LogicMonitor account has single sign-on enabled, session timeouts are also governed by your SSO identity provider. If you have an account that must remain logged in longer than the timeout value, there are two options available:

  • Enable the option to stay signed when logging in to the LogicMonitor portal.
  • Restrict single sign-on to force a user session to re-authenticate and renew with the SSO provider. If the SSO session timeout is configured for a longer timeout session than the LogicMonitor portal, the user session re-authenticates and renews with the SSO provider when the LogicMonitor portal session times out.

LogicMonitor cannot guarantee the session timeout behavior with every environment that leverages single sign on. For more information, see Single Sign On.

  1. To restrict IP addresses that can access your LogicMonitor account, in the IP, IP Range, IP Mask, or Hostname field, enter a public Internet-facing IP address.
    You can identify addresses using any of the following formats:
    • Hostname (e.g. mycomputer.mybusiness.com)
    • IP address (e.g. 192.168.1.1)
    • Network/mask (e.g. 192.168.1.0/24)
    • Network range (e.g. 192.168.1.100-255)
      LogicMonitor displays a warning if your current IP address will be locked out after saving the list. If you are locked out of your account, contact Customer Success.
  2. In the Email Domain Allowlist, enter the name of the required email domains for the primary email ID. You can enter multiple domain names by adding commas, for example, google.com, tomotom.com, and so on. By default, the field will be blank.
    Note: The maximum limit for adding the domains is 100. The character limit is 253 up to a storage limit of 65,535 characters. 
    In addition, this feature applies only to new users and not existing users who have registered before the domain allowlist feature and for SAML users. 

    Disclaimer: This feature is available only in the new UI. Once you add the required domain list, the changes will be applied to the legacy UI as well.
    In the legacy UI, you can update any information in the user profile except for the email address. If you update the email address, only the email address added to the allowlist will be added to the field.
  3. If you want to give access to reports to the users who are not logged in, toggle the Allow Shared Reports switch.
    Note: Disabling the Allow Shared Reports toggle ensures the reports generated will be accessible only to the logged-in users. The report link is valid for seven days. However, if you enable the toggle, anyone can access the report, and the link will be valid for 12 hours.
  4. If you want to allow scripts in the Dashboard Text Widget, toggle the Allow Scripts in Dashboard Text Widget switch.

Warning: By selecting this option, you acknowledge the security risk in allowing script execution on Dashboard text widgets.

  1. To add a primary contact, select the Edit icon next to Primary Contact Information, and provide the following information:
    • Name
    • Email ID
    • Phone Number with the Country code
  2. To add additional contact, under Additional Contacts, provide contact information for the Name, Email, and Mobile columns.
  3. In the Alert Counts settings, enable the alert status you want to display as an alert count in the main navigation menu and on the Alerts page. You can enable alert counts for the following:
    • Acknowledged Alerts
    • SDT Alerts
  4. Select Save.

The Portal Settings are immediately applied at the global level for all users that log in to the portal. 

Note: If any changes are made to portal settings, an email notification is sent to the primary contact and all the additional contacts mentioned in the portal. In addition, if the Require Two-FactorAuthentication for all Roles and Users option is enabled or disabled, an email notification is sent to all local users along with primary and additional contacts.

In This Article