Secure Account Management

NOTICE
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY Do not sign in the Cloud Portal where humans or cameras may monitor password entry. Account managers must only grant access to users (Business users, Partner Administrators, Installers, etc.) authorized to use the Cloud Portal and related applications. If a user chooses to opt out of the system, account managers must disable their inactive accounts. Failure to follow these instructions can result in equipment damage.

NOTICE

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Do not sign in the Cloud Portal where humans or cameras may monitor password entry.
Account managers must only grant access to users (Business users, Partner Administrators, Installers, etc.) authorized to use the Cloud Portal and related applications. If a user chooses to opt out of the system, account managers must disable their inactive accounts.

Failure to follow these instructions can result in equipment damage.

The Admin Dashboard creates new users and assigns appropriate permissions in the system. The service decides each user's level of access to an application across a customer's site(s). This user can then use the password reset portal to verify their credentials and generate a password.

Whenever creating a new user in the system, ensure that,
- You verify the user's Email ID and phone number are correct.
- You set the user's language preference correctly.
- You select the customer, site, and access carefully to avoid any unwanted access.
- You give access to individual applications after reviewing the permission groups.
You cannot create a user in the system if no customer's site is associated with the user.
Account managers or the program management team at Schneider Electric can create users.
When signing in for the first time, the user must:
- Verify the email address and phone number.
- Set the password.
- Go through and accept the Privacy Policy to proceed.
The user must ensure the password they set complies with the password policy displayed on our dashboards alongside the password setting screen. The password policy requires:
- At least one uppercase (capital) character.
- At least one lowercase (small) character.
- At least one number (like 1234).
- At least one special character (like #?!@$%^&*-).
- No whitespaces.
- A minimum length of 8 characters.
- A maximum length of 15 characters.

We have implemented 2FA across our services, allowing the user to choose email or phone number to verify their credentials at login.

If the user wishes to withdraw from the privacy policy at any point, they can find an option to withdraw in the profile section of the dashboard. However, to access the dashboard again, the user will have to accept the policy at login.

If a user enters an incorrect password or OTP five times consecutively, the system will block access to their account or password reset for 15 minutes.