Each person who will be accessing ClearIP through the web interface (or service, using an API) must have an individual user account. The User Accounts page is available under the More dropdown menu.
Creation
A user account with the reseller or administrator role may create additional user accounts for members of their organization.
A unique email address is required for each user account.
A phone number is also required for the user account so that temporary passwords can be received. The phone number does not have to be unique. The phone number must be entered in E164 format without the leading +. For example, a U.S. phone number 404-526-6060 should be entered as 14045266060.
When a new user account is created, a welcome message will be sent to the email address specified in the user account. This email provides access instructions and a temporary password. Each individual is able to change the user account first name, last name, and phone number in the My Account page under the More dropdown menu.
Permissions
Each user account must be assigned a role that defines what pages can be accessed. Roles include:
- Reseller — Allows read/write access to all pages
- Administrator — Allows read/write access to all pages, excluding the billing report page
- Operator — Allows read/write access to all pages, excluding the billing report and user accounts page
- Fraud Operator — Allows read/write access to all black/white list, fraud, and analytics pages
- Subscriber — Allows read only access to all analytics pages
Defining an SBC or Service Provider/Group/User for a user account will limit the user account to viewing/editing only records associated with the defined SBC or Service Provider/Group/User.
Management
A user account can be locked manually or automatically after 10 failed login attempts. In either case, the lock must be manually disabled by changing the Locked field for the user account from Yes to No.
If a user forgets the account’s password, the password can be reset by clicking the Reset button. A message will be sent to the user account email address with a new temporary password. Password reset requests should be made to the administrator of the organization. If the administrator needs a password reset and no other administrators exist in the organization, please contact ClearIP support.
Whitelisted IP Addresses
To eliminate the need for multi-factor authentication upon login, a user account can be updated to include whitelisted IP addresses. If the public IP addresses are listed and the user is using a listed IP address to log in, the user can log in to ClearIP by entering their email and password without entering a one time password. The one time password field is still visible in the login screen, but it can be left blank.
Using Azure Active Directory / Microsoft Entra for Single Sign-On
It is very important that you start by testing with a single new user account so that you ensure you do not get locked out.
First, your IT team will need to add the ClearIP app as an enterprise application in your Azure AD tenant. If your tenant is configured such that users cannot approve applications, your IT team will need to perform an administrator approve of the application. The application will need to be enabled for sign-in and be assigned to the applicable users. This process is standard Azure AD SSO integration, so your IT team should be familiar.
Create a User Account with the Type set to Azure Active Directory. The user account will need to have a unique email. The email for the user account in ClearIP must be the same as the email for the user in Azure.
You must supply both the Azure Active Directory Tenant ID and Azure Active Directory Object ID. The tenant ID is the ID of your tenant in Azure and will likely be the same for each user account. The Object ID is the ID of the user in Azure and will be different for each user account. Both are UUIDs.
Once your testing is complete and you are certain everything is working, you can delete your existing user accounts one at a time and create new user accounts with the same emails that use Azure AD SSO. We strongly advise you keep at least one user account configured to use a password. If something breaks with your Azure AD integration, you could get locked out of your ClearIP account.