About Account Management

Table of contents

Account
User
Contact
API key
Active session
Support Access
KYC
2FA
SSH KEY

Account

The account is a legal entity associated with services and payment. All accounts support an unlimited number of users. Users can perform sets of actions to manage their account. Available actions can be found in the Customer Portal under the Identity and Access section.

Account restrictions

The account should have at least one active 'owner'
Only one account can be associated with an email address
The users cannot modify the roles of other 'owners'
The 'owner' can change their role, provided there is another active 'owner' for the account

User

The user is a person with authorized access to the account. Users have a set of permissions, such as inviting a new user.

User restrictions

A single user cannot be a member of various accounts
Users don't have access to the list of other users in the Customer Portal

User roles and access

Each account user is assigned a specific 'role' and each role is defined by a specific set of permissions.

There are two common types of user roles:

Owner: this role provides full access to the account
Manager: this role provides full access without user management capabilities

The initial user created is always designated as the 'owner'. If for any reason, a user already possesses a Public API token, they can utilize the API without any restrictions.

The ‘current user’ is the user who is currently logged into the Customer Portal.

List of users

The User Management page shows a list of users with the following parameters:

Name: the name of the user
Email: the email address of the user
Last login: the user's last log in date
2FA enabled: Two-Factor Authentication is enabled for the user
Role: the role of the user
Status: the status of the user

Contact

The contact is the email that will be used to receive notifications. The type of notifications depends on the assigned role, which can be combined to assign multiple roles to a single contact.

In the Customer Portal under Account Settings, the following contact roles are available:

Primary
Technical
Billing
Abuse
Emergency

For example, a contact with the Primary role receives all notifications, while a contact with the Billing role only receives notifications related to finances.

Contact Restrictions

In some cases, the email address associated with the contact will not be an email address that is assigned to an existing user. In these cases the contact email address cannot be used to log into the account. The contact email can be used to log into the account only if there is an account user with the same email address.

API key

Tokens are used for authentication when accessing account resources via the Public API. These API keys are issued and function within the scope of the account and can have two types of access:

Read-only- this token allows only GET requests and is intended for data retrieval.
Read & write- this token has full access to the API and permits the user to make changes.

Refer to the specifications for a detailed description of all available account actions via the API.

Active session

Controlling active sessions helps to protect your account from unauthorized access.

The active session list contains authorization history, including unsuccessful attempts. It includes the date, the time, and the IP address from which the account was accessed. Additionally, there is an option to receive notifications for each attempt to log into the account.

It is used for the following purposes:

Security: tracking active sessions helps to detect suspicious activity or unauthorized attempts to access the account
Access control: knowing from which IP address and when the user accesses the account allows you to manage access and take security measures if necessary

The session lifetime is one hour.

Support Access

Support Access is a feature that enables granting temporary access to technical support staff.

Access may be required for the following reasons:

Problem resolution: to resolve technical issues or questions encountered by the user
Troubleshooting: to assess the situation and identify the causes of any problems
Setup and configuration: to make changes to the account's settings or configuration, and to address issues or optimize service performance
Training and consultation: to provide user training on service usage or consult on security, functionality, and other aspects
Configuration and security checks: to verify user account settings and ensure its security by identifying potential vulnerabilities or issues

Access to the account is granted only for necessary operations and is limited to 24 hours. After this period expires or upon manual cancellation, access to the account is revoked.

KYC

The purpose of the KYC (Know Your Customer) process is to confirm the client's identity, comply with the law, identify suspicious users, prevent fraud, and protect the company from financial risks.

The verification of identity and payment method occurs after the client completes the entire service ordering and payment. Additionally, the verification process may involve a request for the intended use of the purchased servers to prevent any violation of the company's policies.

We request one of the following documents to verify the user's account:

Passport
Driver's license
ID card
Residence permit

This procedure is also accompanied with an extra step - selfie with a document.

Once all requested documents have been submitted, a decision will be made to either approve or reject the request.

During the ordering and payment process for services, the client may receive a request to undergo the KYT (Know Your Transactions) procedure.

2FA

Two-Factor Authentication (2FA) significantly enhances the security of your account.

A One Time Token is a token received from an authentication application (such as Google Authenticator).

Enforcing Two-Factor Authentication (2FA)

The Owner can force everyone to use 2FA. If this option is activated, it becomes mandatory for all users associated with the account, restricting all their actions until 2FA is enabled. After activation, users without 2FA receive an email instructing them to enable it. Only an authorized 'Owner' with 2FA enabled can unlock this security enhancement.

For new users, the 2FA activation is a mandatory step post-registration. They must enable 2FA before they can perform any operations in the account.

SSH KEY

SSH key is a reliable and safe alternative for the password authentication. The SSH key is associated with the user and consists of a pair:

Closed key: the private part stored on the PC
Open key: the public part located on the server

In the Customer Portal, users can upload the public part of their SSH key or create a new key.

SSH keys store on the virtual machine even after the user has been removed.