The OptimalCloud

The OptimalCloud™ is a scalable and customizable Identity and Access Management (IAM) solution that deploys easily and provides seamless and secure access to thousands of applications using single sign-on technology. The OptimalCloud offers multi-factor authentication and authorization from any data store, provides delegated administration and user management enablement, can be deployed in the cloud, or federated to other organizations.

The OptimalCloud is pre-integrated with thousands of applications providing seamless, one-click access so that we can seamlessly integrate with your existing environment. We have integrated with over 5,000 federated applications and external identity providers that match standards we support.

For information about the features contained in The OptimalCloud please see the Features Application on the Administration tab.

Features App

How to Register for your Free Trial

Now that you have chosen to start a Free Trial of the OptimalCloud, enter the following information to register your Tenant.

View the "HowTo Register for your Free Trial" video or continue with the following steps.

The Tenant is the part of the OptimalCloud that your company will occupy. The data in the Tenant will only be accessible by the members of the Tenant.

Please enter the information below. The fields preceded by an asterisk are required.

Company Account/Tenant Name - The Tenant Name will be derived from the company part of the email suffix that is entered in the Work Email Field.
Work Email - This must be your work email address. This must be a valid email address to receive email notifications. This email address will become your Username used to login.

A user account in the Tenant will be created for you and given Tenant Admin permissions. You will become the initial Tenant Admin and have permission to perform all operations in the Tenant including setting up the Tenant configuration.

First Name - Enter your First name
Last Name - Enter your Last Name
Phone - Enter your mobile phone number.
New Password - Enter your password for your account. Follow the Password requirements. The “X” will turn to a green check when the requirement has been met. All of the requirements must be met in order to save the password.
Confirm Password - Enter your password again to confirm.
Company Account/Tenant URL - The URL for your Tenant which can be used to Self-Register for an OptimalCloud account (if the Tenant is configured for self-registration) or to Signin to the OptimalCloud if the user already has an account.

Registration Completion

After completing the Registration Form and clicking on the Complete Company Registration button, you will be sent an email to verify that the email address provided is correct. Click on the link provided in the email to complete the registration. You will then be redirected to the Login page in the OptimalCloud for your Tenant.

Once you Login you will be placed on the Home Portal page.

Home Portal page

How to Configure your Tenant

To configure your Tenant go to the My Company Account/Tenant application on the Administration Tab .

My Tenant App

View the "HowTo Configure Your Tenant" video below or see the My Company Account/Tenant section of the documentation for more information.

After configuring your Tenant continue to the Getting Started Section below to start using your Tenant.

Getting Started

Now that you have configured your Tenant here are some steps to begin setting up your Tenant. This section will direct you to the following functionality:

Entering Users
Setting up Multi-Factor Authentication
Organizing Users
Adding Applications
Adding other Administrators
Exporting Data

View the video below or the following documentation sections.

Entering Users

There are multiple ways to enter users into your Tenant.

Self Registration - allow users to create their own accounts.
Manually - Create individual users.
Import - Import users via a CSV file.
SCIM - Use an application that utilizes the SCIM protocol.
AD Synch Agent - Download the AD Synch Agent and utilize it to synch users from on-premise AD to the OptimalCloud.

Self Registration

If the Enable Self Registration option has been enabled for the Tenant in the My Company Account/Tenant application, two options are available for making self registration available for users.

Company/Tenant URL - This is the URL that was provided to the Tenant Admin during the Tenant Registration. This URL may be provided to potential users to register an account in the Tenant.
Invite Users - This functionality is found on the username dropdown on the OptimalCloud site banner. This functionality allow the Admin to send email invitations to register an account to a user or multiple users.

Invite Users

Enter a user Manually

Individual users may be entered manually using the Create New User function on the User Manager page.

Go to the User Manager application on the Identity Management tab. The User Manager application is used to Create and manage users.

See the Create New User section for instructions on how to create a new user.

User Manager App

Import Users

Users may be imported using the Bulk Import Job in the Job Manager application on the Administration tab.

Go to the Job Manager application on the Administration tab. Use the Create Job function to create an Import job to import users from a CSV file. There is a sample user import file on the page that can be downloaded.

See the Job Manager section for more information.

Job Manager App

SCIM

Users may be created via an application that uses the SCIM protocol APIs. See the SCIM section for more information.

AD Synch Agent

Download the AD Synch Agent and utilize it to synch users from on-premise AD to the OptimalCloud. Please contact The OptimalCloud Technical Support at support@optimalidm.com for information on this option.

Setting up Multi-Factor Authentication

The following MFA Options are available:

One-Time Passcode via Email - this option becomes available when an email address is entered during account creation.
Time Based One-Time Passcode and PUSH using the OptimalCloud Authenticator or another Industry Standard Authenticator - these options become available when the user configures a Device using the Multi-Factor Device/Token Options Application on the Account Settings Tab.
Device Authentication - Authentication methods that use hardware-based authentication. The hardware authenticator can be one of the following options; FIDO2 Security Key, Windows Hello, Touch ID, Face ID and an Android Mobile phone.

The following options must be enabled for the Tenant using the My Comapny Account/Tenant application on the Administration tab. See the My Company Account/Tenant section for instructions on how to enable the Additional MFA options.

One-Time Passcode via SMS - once enabled this option becomes available when the user enters a mobile phone number. This feature has an additional fee.
One-Time Passcode via Voice - once enabled this option becomes available when the user enters a mobile phone number. This feature has an additional fee.
Email Link - once enabled this option becomes available when the user enters an email address.
SMS/Test Link - once enabled this option becomes available when the user enters a mobile phone number. This feature has an additional fee.
Behavioral Biometrics - once enabled, this option becomes available when the user registers their Typing Patterns using the Multi-Factor Behavioral Biometrics Options Application on the Account Settings Tab. This feature has an additional fee.

See the Multi-Factor Options section for more information on these options.

Organizing Users

The OptimalCloud supports two categories for organizing the users in the Tenant; groups and organizations. These categories can be used for administrative purposes, application authorization, and permission privileges. The following two applications on the Identity Management tab are used for these functions. This is optional.

The Group Manager is used to Create and manage groups. See the Group Manager section for more information.
The Organization Manager is used to Create and manage organizations. See the Organization Manager section for more information.

Group & Org Manager

Adding Applications

The Tenant Admin may create applications. The application can be created with or without Federation.

An Application is created using the Application Manager on the Identity Management tab as shown below.

See the Application Manager documentation section for instructions on how to create an Application.

Application Manager App

If the application was not created with Federation, the Federation may be added later. A Service Provider defines a Federation Configuration. A Service Provider can be created and associated with the application.

To create a new Service Provider, use the Service Providers Application on the Administration tab as shown below. See the Service Providers documentation section for instructions on how to create a Service Provider.

Service Providers App

Adding Identity Providers

If authentication information for your Tenant users is not stored in the OptimalCloud, an Identity Provider must be configured. This configuration directs the OptimalCloud where to go to obtain user information and/or authentication.

To add an Identity Provider (IdP) go to the Identity Providers application on the Administration tab.

See the Identity Providers section of the documentation for more specific instructions.

Identity Providers

Exporting Data

The OptimalCloud supports multiple ways of exporting data. Data that is the result of a screen search can be exported in several ways. User, group and organization data can be exported via bulk jobs.

Export Data Buttons

There are several Export Data buttons found at the bottom of the page on most Manager pages.

Export Data Methods

PDF - Export the search results to a local PDF file with the naming convention "Page Name - Date.pdf".
CSV - Export the search results to a local CSV file with the naming convention "Page Name - Date.csv".
Excel - Export the search results to a local Excel file with the naming convention "Page Name - Date.xlsx"
Copy - Copy the search results to the Clipboard where it may be copied to another document.
Print - Print the search results.

Export Data Job

Data may be exported using a Bulk Export Job in the Job Manager application on the Administration tab.

Go to the Job Manager application on the Administration tab.
Use the Create Job function to create an ExportData job.
Use the Object Type field to specify the type of data to be exported. If the Object Type is Users, the Filter Options field can be used to filter the data sent to the file . The Attributes field may be used to limit the attributes exported.
The data will be exported to a CSV file that will be zipped. See the Job Manager section for more information.

Job Manager App

Accessing Auditing & Reports

Audit Activity

To access Audit information go to the following sites:

Users - Go to the User Manager application on the Identity Management tab. View a user and the User Details page will be presented. The user record contains the following Audit Information
- Login Activity tab - shows login activity for the user.
- Audit Activity tab - shows changes to the user account made by administrators.
- Application Activity tab - shows the applications that the user has accessed.
- Provisioning Activity tab - shows changes to the user account made through provisioning.
Groups - Go to the Group Manager application on the Identity Management tab. View a group and the Group Details page will be presented. The Audit Activity tab will show the Audit Activity for the selected group.
Organizations - Go to the Organization Manager application on the Identity Management tab. View an organization and the Organization Details page will be presented. The Audit Activity tab will show the Audit Activity for the selected organization.
Applications - Go to the Application Manager application on the Identity Management tab. View an application and the Application Details page will be presented. The Audit Activity tab will show the Audit Activity for the selected application.

Reports

To access The OptimalCloud Reports feature a user must be assigned to the OFIS-Reporting group. Use the Group Manager application on the Identity Management tab to add the user to the OFIS-Reporting group. See the Group Manager section for more information.

Once the user has been added to the OFIS-Reporting group they may view the report dashboards on the Reporting tab.

Reports tab

The Main Dashboard application provides access to all of the Report Dashboards.

ReportMainDashboard

The Reports contain the following dashboards.

Main Dashboard - Overall Information about your tenant.
Authentication Dashboard - Information about the user authentications for your tenant.
SSO Dashboard - Information about the SSO to Applications and Identity Providers for your tenant.
Audit Dashboard - Information about the modifications that have occurred in your tenant.
Health Dashboard - Information about health of your tenant.
Provisioning Dashboard - Information about the provisioning setup for your tenant.
Stats Dashboard - Information about the groups and organizations setup for your tenant.
Optimal AI Dashboard - Information about security events intercepted by the Optimal AI.

The Reporting Logs Legend provides the definition and data elements for each Report Log that is used to create the Report Dashboards.

Adding other Administrators

The OptimalCloud supports the following types of Administrators. To add additional Administrators to your Tenant view the video or follow the instructions below.

Tenant Administrator (Tenant Admin)

The Tenant Admin performs all Identity Management and Administration functions for the Tenant. The initial Tenant Admin is created during the Registration process for the Tenant. Additional Tenant Admins may be created by using the Group Manager to assign a user as a member of the OFIS-Tenant Admin group. See the Group Manager section for more information.

Organization Administrator (Org Admin)

The Organization Admin performs the User and Organization Manager functions for the Organization that they are the administrator for. The Tenant Admin will add the first Org Admin for an organization. An Org Admin may be an administrator for multiple organizations. Org Admins may be created by using the Organization Manager on the Identity Management tab to edit the organization and add a user as an administrator of the organization. See the Organization Manager section for more information.

Application Administrator (App Admin)

The Application Admin performs the Application Manager functions for the application that they are the administrator for. The Tenant Admin will assign the first App Admin for an application. An App Admin may be an administrator for multiple applications. An App Admin may be created by using the Application Manager on the Identity Management tab to edit the application and add a user as an administrator for the application. See the Application Manager section for more information.

Users may have multiple roles at the same time.

Support

If you are experiencing issues performing any of the operations in the OptimalCloud please login to the Optimal Support Site and enter a Support Ticket.

To access the Optimal IdM Support Site you must have an account. Please contact support@optimalidm.com if you do not have a support account.