Logging in with Identity and Access Management (IAM)

Live Platform includes built-in Identity and Access Management (IAM) capabilities that make it easier to manage users and control how they access different Live Platform entities (tenants). Using IAM, you can easily add, update, or remove users, and assign each user permission levels (roles) for each Live Platform entity. The IAM feature offers flexibility that allows you to assign the same user to multiple Live Platform accounts. Different Live Platform roles can be assigned according to the Multitenant permission level.

For example, you can assign one user with the "operator" role and another with "operator lite" or "monitor" role.

IAM provides a centralized way to manage user access and security across Live Platform featuring the following:

■

Authentication: Verifies user identity through email and password, and supports multi-factor authentication (MFA) for enhanced security using email or an authenticator app.

■

Authorization: Determines which Live Platform entities a user can access and what actions they can perform based on assigned roles.

■

User provisioning: Lets you add, edit, or remove local users per Live Platform entity.

■

Role-based access control (RBAC): Allows you to assign permission levels to users according to Live Platform roles.

■

Audit and compliance: Records user activity and access history to support compliance needs (for example, GDPR and HIPAA) and help identify suspicious behavior.

■

Single sign-on (SSO): Enables users to sign in once and access connected external AudioCodes applications, such as SBC devices, UMP-365, Device Manager, UCaaS Connect, Voca CIC, Meeting Insights, and Interaction Insights.

Once the user account has been added on Identity and Access Management (IAM), you can log in to Live Platform's Operation Center portal. o IAM using Single Sign-on from the Welcome menu. Typically, login also includes an extra layer of security using Multi-Factor Authentication (MFA), where you need to provide a verification code (sent to your Authenticator app or email address). MFA may be enabled globally by AudioCodes Professional Services for all users belonging to a specific Live Platform account, for example "BradChannel" or can be enabled individually for each user.

Initially your service provider admin, channel admin user or another customer operator (if at least one customer operator has already been added) adds your user account to IAM. This process includes a registration invitation link that is sent to your email account. Once you have successfully registered, you can log in to the Live Platform portal using your IAM local account credentials. You can then connect to the IAM interface using Single SIgn-on via the Welcome menu. In IAM, you can create additional users on your channel tenant account. The same registration process is implemented to register additional users.

When logging in using your Microsoft 365 account, the users and roles are configured separately on the Enterprise App of the Microsoft Entra ID of the customer tenant. However, the login request is redirected by Microsoft back to IAM and then to Live Platform. Using this method, Live Platform users and roles are configured on Microsoft Entra ID (see Logging into Live Platform portal with Microsoft Azure MFA).