Editing companies
You can adjust a company account settings at any time.
To edit a company account:
Log in to GravityZone Control Center.
Go to the Companies page from the left side menu.
Click on the name of the company you want to edit.
The Edit Company window is be displayed. The information is organized into three tabs:
In each tab, make the changes you want and Save. You need to save your changes before switching between tabs.
Note
If the selected company has not enabled the The Company's Partner can assist with the security management option, you will not able to modify specific settings and information.
Close the Edit company window by clicking the X button on the upper right side of the screen.
Note
Fields marked with *
are required.
Basic company details
Company name - Enter the name of the new company.
Company type - Select the type of company account:
Partner, if the company is a security or service provider and uses GravityZone to protect its business clients, or it is local GravityZone distributor.
Customer, if the company uses GravityZone to protect just its own network.
Note
To switch a company from Partner to Customer make sure it does not have any customers assigned.
Country - Select the country in which the company is based.
Field of activity - Select the main field of activity in which the company operates in.
Management permissions
The company manages endpoint security - Select this option if you want this company and the companies under it to be able to manage endpoint security directly. By default, this option grants the following permissions to the new company:
View the computer network
Install security agents
Create and manage security policies
Run tasks
Manage quarantine.
Note
For Customer companies, these permissions cannot be revoked because the Customer must have access to its own network.
For Partner companies that are MSPs, this option must remain enabled, as they need these permissions to manage security of their clients' networks.
For Partner companies that are resellers only, this option must remain disabled. In this case, the Partner can still create other company accounts, manage subscriptions and view reports.
Contact details for MDR
Tip
This section is visible only for Partners with monthly usage licenses that have the MDR Service enabled for resell. Once the information is saved, it can no longer be edited from GravityZone.
This information is used by the MDR SOC team to contact you and it is required in the onboarding process for the MDR console. For more information on this topic, refer to MDR onboarding for MSP partners.
Important
This information must be valid and it is mandatory for Partners who want to enable the MDR service for client Customer companies. This requirement does not apply to Partner companies that have had the service enabled for resell and have started the onboarding process prior to April 2024.
Full name - The name of the designated contact person for MDR issues.
Email address - The email address of the designated contact person.
This address is also used to send out the verification code required to confirm and save the information added in the Contact details for MDR section. To send the email, click the Send verification code button.
Verification code - Enter the verification code received via email.
Phone number - The phone number of the designated contact person.
You can only save this information once all the fields are populated with valid information. Once saved, the data is sent to the MDR platform, and an emergency contact is automatically generated in the MDR console. If you need to change this information at a later date, you can do so from the MDR Portal.
Additional details
Registered address - Enter the physical address of the company’s office
Phone number - Enter the company's official phone number.
Logo in Control Center. You can add the company's logo image. All reports and email notifications issued for this company will include the logo image.
To add the company’s logo:
Click the Change button.
Browse for the image logo on your computer.
Click Open.
To reset the logo to the image provided by Bitdefender, click the Default button.
The following fields will be available for editing:
Note
Fields marked with *
are mandatory.
Two-factor authentication
Enforce two-factor authentication (Recommended)
Two-factor authentication (2FA) adds an extra layer of security to GravityZone accounts, by requiring an authentication code in addition to Control Center credentials.
2FA requires downloading and installing the Google Authenticator, Microsoft Authenticator, or any two-factor TOTP (Time-Based One-Time Password Algorithm) authenticator app - compatible with the standard RFC6238 - on the user's device. The device can be a smartphone or a computer.
The authentication app generates a six-digit code each 30 seconds. To complete the Control Center login, after entering the password, the user will have to provide also the six-digit authentication code.
Two-factor authentication is enabled by default when creating a company and this setting cannot be changed. At login, a configuration window prompts users to enable this feature. Users have the option to skip enabling 2FA for five times only. At the sixth login attempt, skipping the 2FA configuration is no longer possible and users are not allowed to log in.
Users trust their browsers. This option allows you to specify the period during which GravityZone remembers the browsers used for logging in to Control Center:
Select Never for users to enter the six-digit code from their authenticator every time they log in.
Select 1 to 90 days to allow users to skip entering the six-digit code for that specific period and log in directly to Control Center. To enable this option, users must also to select the Remember this device check box on the GravityZone login screen.
By default, one browsers corresponds to one device such as a computer. If users log in from another browser than the one remembered, they have to enter the six-digit code from authenticator. For details on scenarios where the Trust this browser option does not work, refer to this topic.
Note
You can view the 2FA status for a user account in the Accounts page.
If users cannot log in to GravityZone because of they a new device (phone or computer) or lost secret key, you can reset its two-factor authentication activation from the user account page, under Two-factor authentication section. For more details, refer to User Accounts.
Changing the period for remembering device reflects in user activity section of Control Center.
Regarding the public API,
skip2FA
is the parameter corresponding to Trust this browser option, used withcreateCompany
andupdateCompanyDetails
methods. For details on how to use it, refer to createCompany and updateCompanyDetails.
Password expiry options
Set maximum password age to 90 days
This option enables the password expiration policy. Users need to change their passwords sooner than the specified age. Otherwise, they will not be able to log in to GravityZone anymore.
Lock out account after 5 login attempts with invalid passwords
This option limits the number of consecutive invalid passwords to prevent attacks. When the counter reaches the threshold, the account is locked out and the user needs to reset their password.
The policy applies to the accounts created in GravityZone.
A notification will be sent out to all company’s users when the account lockout option is being enabled on a certain company.
Configure single sign-on using SAML
GravityZone supports service provider(SP) initiated single sign-on (SSO) as a simple and secure alternative to the classic login with username and password.
This method requires integration with third party identity providers (IdP) that uses SAML 2.0 to authenticate GravityZone users and to provide them access to Control Center. Such IdP are AD FS, Okta, and Azure AD.
This is how GravityZone SSO works:
The users enters their email address in the GravityZone login page.
GravityZone creates a SAML request and forwards it to the IdP. It also redirects the user to the identity provider authentication page.
Users are required to authenticate with the identity provider.
The identity provider sends a response to GravityZone in the form of an XML document signed with an X.509 certificate. Also, the identity provider redirects users to GravityZone.
GravityZone retrieves the response, validates it with the certificate fingerprint, and allows users to log in to Control Center with no other interaction from them.
Users continue to automatically log in to Control Center as long as they have an active session with the identity provider.
To enable SSO for a company, you need to follow these steps:
Configure the identity provider to use GravityZone as service provider. For supported identity providers and configuration details, refer to this article.
In the company details page, under Configure single sign-on using SAML, enter the identity provider metadata URL in the corresponding field.
Configure users under the company to authenticate with their Identity Provider. For details, refer to Configuring single sign-on using a 3rd party Identity Provider.
To disable single sign-on for a company you manage, delete the identity provider metadata URL.
After disabling single sign-on for a company, users will automatically switch to log in with GravityZone credentials. Users can obtain new passwords by clicking the Forgot password? link on the Control Center login page.
After re-enabling SSO for a company, users will continue to log in to Control Center with GravityZone credentials. You need to configure manually each account to use SSO again.
Important
You cannot use at the same time single sign-on (SSO) and two-factor authentication (2FA) in GravityZone.
Your company's licensing information is divided into these sections.
License information
This section displays your company's ID and chosen billing method.
Edit licensing options - Click this button to open the Licensing window, where you can change the payment plan used by the company.
View monthly usage report - Clicking this button will open a Monthly License Usage Report.
Note
This button is only available to companies with monthly subscriptions.
Editing licensing details
Click Edit licensing options under the License information.
Change the company’s subscription settings. Choose the option that is in accordance with your business agreement.
Note
Depending on your company's license, you will have access to one or more of these options.
You can find more information on all available licensing options under Licensing.
License usage details
This section provides information relevant to your current license usage. If you are a yearly license user, you may also add and remove license keys. The information may vary, based on your billing method:
Your standard products and add-ons are displayed, along with additional usage information:
Product name - the name of the product you are using.
Product type - shows if the product is a standard one or an add-on.
Product status - shows if the product is active, expired or a trial.
License key - the unique ID that grants you access to a Bitdefender product.
Expiry date - the date when your license expires.
Total units - the maximum units available with the license.
Usage breakdown - the number of units that are currently being used by your company.
Adding a product
To add a product follow theses steps:
Click the Add product button.
Enter the license key in the Add new product window.
Click the Check validity button.
Note
In some cases, adding a specific license key will replace one of your current products. This may lead to a change of the feature set you will have.
Click the Add product button.
Removing a product
To remove a product from your company follow these steps:
Select the product you want to remove.
Click the Remove product button.
Click the Remove button to confirm.
A table provides information regarding the status of your subscription:
Note
Depending on your license, one or more of these fields may not be visible to you.
Product name - The name of the product.
Product type - The type of the product:
Endpoint Security - full protection.
BitdefenderEDR - Limited EDR capabilities (report only).
Protection model - The protection model assigned to the product.
Product status - The status of the product:
Active
Expired
Trial
License key - the unique ID that grants you access to a Bitdefender product.
Total seats - The total number of seats provided by the license.
Reserved seats - How many of the seats provided by the license have been reserved for specific companies.
Used reserved seats - The number of reserved seats that are currently in use.
Available reserved seats - The number of reserved seats that are unused.
Unreserved seats - The number of seats that have not been allocated to any specific company.
Used unreserved seats - The number of unreserved seats that are currently in use.
Available unreserved seats - The number of unreserved seats that are unused.
Note
You can use the Refresh Details button check for any changes in the displayed information. Once clicked, the button will be grayed out for 30 minutes.