Understanding SoniCloud Users, Groups, Permissions and SSO

Sonicu's monitoring platform, SoniCloud, delivers security, convenience, and user flexibility through a variety of features.
Duration: 6min
Sonicu team
July 1, 2022

SoniCloud offers users a multitude of options for platform customization, improving ease of use. 

SoniCloud implements a fine-grained, flexible permission structure to ensure users can see only what they need and access only what they need. 

This ensures your SoniCloud system stays in a regulatory-compliant setup with no upkeep. 

It’s important to understand how this system is implemented when considering the SoniCloud system.

SoniCloud Users

SoniCloud users can view one (or more) sites, depending upon the size of their organization and what their permissions include. 

SoniCloud users log in via their email address and can have site-specific:

  • Alarm Notification Methods: These determine how a user is notified of an alarm. 
  • SoniCloud supports email, SoniCloud Mobile push notifications, SMS, and phone calls. 
  • Alarm notification methods are set up by Manager and Admin permission level users for other users without those permissions, ensuring tiered alarming across an organization
  • Individual iOS and Android users can opt to receive push notifications when logging into the SoniCloud mobile app

Alarm Escalation Settings: These settings allow alarm escalation to occur flexibly, ensuring the right people receive alarm notifications at the right time.

For example, facilities teammates should receive immediate alarms, while department management is notified if alarms haven’t been addressed within 12 hours. This is how alarm escalation adds an extra layer of asset protection 

Alarm Repeating Settings: Ensure an alarm is never missed by enabling repeating alarm notifications. All alarms that haven’t been resolved or snoozed can continue to send alarm notifications to users.

Alarm Notification Schedule: Set up flexible schedules to receive notifications only outside of work hours.

Groups and permission levels will be further explained below. 

Passwords

Passwords have a specified minimum length for added security and require 1 or more uppercase letters, lowercase letters, numbers, and special/symbol characters.

Passwords will also expire and require a reset after a certain period, and accounts will be locked out after a set number of failed login attempts. The duration of these lockouts can be further customized.

Each SoniCloud user can belong to one or more groups 

These groups are assigned to a Zone, allowing users to view points in that zone.

In the example above, there are two zones: 

  • Pharmacy Zone, consisting of the Pharmacy Fridge and Pharmacy Freezer
  • Dietary Zone: consisting of Dietary Fridge and Dietary Freezer

There are also three groups: 

Facilities, Pharmacy Managers, and Dietary Managers 

A user in the Pharmacy Managers group can only see points in the Pharmacy Zone.

A user in the Dietary Managers group can only see points in the Dietary Zone

A User who belongs to the Facilities group, however, would be able to see both the Pharmacy Zone and the Dietary Zone.  

This ensures that each user sees only information relevant to them. 

SoniCloud Permission Levels

SoniCloud permission levels allow for fine-grained capabilities on a per-site basis. 

If a user has access to multiple sites, they can have different permissions levels for each site – for instance, a user may need to have Admin permissions at a central location, but only View permissions at satellite locations. 

Sonicu recommends limiting Manager and Admin permission levels to only critical teammates to ensure changes don’t unintentionally affect others in the system.

  • Basic: A User who has the capacity to view points, run reports, and view alarms. However, they cannot take action on said alarms.
  • View: User who can view points, run reports, and take action on alarms.
  • Manager**: View User permissions, plus the ability to edit View Users and control alarm notifications.
  • Admin: User who can manage alarms, reports, points, users, and the general configuration of the site.

These permissions levels are not enabled by default – contact Sonicu Support to determine if these permissions levels would be a benefit to your organization

SoniCloud Single Sign-On (SSO) Support: SoniCloud offers Single Sign-On (SSO) support via the Security Markup Language (SAML), the industry standard for logging in users to multiple applications via a single authentication method. 

SoniCloud leverages AWS Cognito as the SAML federation provider. This allows a customer to pair with SoniCloud and leverage SAML and their internal Active Directory (AD) implementation to provide SSO for SoniCloud. 

 Sonicu recommends SSO be enabled for all customers, as this allows customer IT to enforce desired security settings, including: 

  • Multi-factor authentication
  • Password complexity requirements
  • Password rotation requirements

 

Technical Setup Requirements: Enabling SSO starts with an exchange of technical contact information between Sonicu and the customer. 

 The customer will be asked to provide the following information:

  • SAML2.0 Metadata file
  • Enable the email address of the user to be sent via the `email` attribute
  • A list of domains that users will be registering with (ex. any subsidiary domains)
  • Is the IdP Signout flow (SLO) desired?

 Sonicu will provide the following information:

  • ACS URL
  • Entity ID
  • Signed Responses: Not required
  • Name ID format: persistent

After this information is exchanged, a 30-minute meeting will be scheduled between Sonicu IT and the customer IT to enable SSO and validate the SSO connection. 

After this, all existing customer user accounts will be migrated to SSO.

What else changes with SSO?

Sonicu technical support will no longer be able to send password reset emails; this must be done through the customer’s IT processes. Customers must ensure that all users who may need SoniCloud access are added to the correct AD groups before they log in. 

To use the SoniCloud Mobile app, users must follow the SSO flow on their mobile devices. If a user decides to use a personal mobile device (PMD), they must abide by their IT policy on PMDs.

Authentication vs Authorization

SoniCloud’s SSO implementation is limited to authentication – that is, SSO is utilized to determine if a user has met the requirements to be logged in. 

SoniCloud does not utilize SSO for authorization – that is, to determine which groups a user should be in (and, therefore, which points of monitoring they have access to). 

User authorization will still be handled by the permission levels and groups described earlier in this document.

Sign Up for Our Newsletter

Subscribe to our newsletter for expert insights, product updates, and strategies to keep your operations running smoothly.

Our Latest Resources

identifying-open-door-threats-in-the-or-to-reduce-surgical-site-infections

Identifying Open Door Threats in the OR to Reduce Surgical Site Infections

Operating rooms may be among the most tightly regulated environments in healthcare facilities, Sonicy helps ensure they're safe and monitored correctly.

Learn more
a-smarter-way-to-protect-school-kitchens:-remote-monitoring-for-k–12

A Smarter Way to Protect School Kitchens: Remote Monitoring for K–12

Protect student health and food budgets with K-12 remote monitoring. Track temps 24/7, receive mobile alerts, and keep digital records ready for inspections.

Learn more
reduce-blood-waste-through-effective-temperature-monitoring

Reduce Blood Waste Through Effective Temperature Monitoring

Blood banks can prevent blood waste with the right temperature monitoring system. Make sure yours doesn’t miss these seven critical areas.

Learn more

Speak With an Expert Today

Not sure where to start? Talk with a Sonicu professional to match your needs with the right equipment, software, and support. Call us at (317) 468-2345 or click below to connect.
Contact Us