Topic
This article explains how to use Cytracom's Teleport feature.
Environment
- Cytracom ControlOne
Description
ControlOne’s Teleport feature gives MSP Partners and their customers a way to securely access multiple networks directly from the ControlOne Agent, without using a VPN. Teleport lets Partner user accounts connect to any customer user zone in seconds, allowing access for configuration after Control One has replaced a VPN, or for ongoing maintenance of the customer's network.
Usage requirements and considerations
- The Teleport feature requires ControlOne Agent version 2.3.1 or later.
- Partner users must have local ControlOne credentials coupled with the Cytracom MFA platform. To get these credentials, click the Forgot Password link on the ControlOne Management Login screen. The system will email you instructions to set your password and connect with an MFA mechanism (either SMS or TOTP).
- Users must have an Agent license and be set to Allow for Agent Access in ControlOne Users & Groups before they can use Teleport.
- Allow for Teleport Access must be enabled for the user account.
- The user must be enrolled for MFA.
- If the partner is using device posture, the policy of a users' assigned zone will apply to the customer zone to which that user is connecting.
- Once connected to a user zone in your tenant's environment, you can reach any device on any site or user zone that is connected to that zone.
- The destination zone is a user zone, like all agent connections.
Micrasoft Entra ID (formerly Azure Active Directory) users
Entra ID users must have local ControlOne credentials coupled with the Cytracom MFA platform. To get these credentials:
1. Click the Forgot Password link on the ControlOne Management Login screen,
2. Enter your Microsoft Entra ID (AAD) email address.
3. The system will email you instructions to set your password and connect with an MFA mechanism (either SMS or TOTP).
Best practices
- If an user zone with access to all user/site zones you need to communicate with does not exist, you can create one and "connect" it. Users do not need to be assigned to this zone on the tenant environment to Teleport to that zone. See Ensuring connectivity to customer devices when troubleshooting with Teleport for more information.
- All partner users with Teleport access should accurately document their use of the Teleport feature when connecting to client (tenant) networks.
- Regularly review audit logs to ensure compliance with your established procedures. See Cytracom Control One: Reporting for more information.
Using Teleport
Users connect to customer zones directly from the ControlOne Agent.
1. In the ControlOne Agent, click the Teleport link.
2. The Agent will display a list of all customers belonging to your MSP. Enter the name of the client whose network you wish to access.
3. The Agent will display a list of existing zones within the customer's network. Enter the name of the zone you wish to access.
4. The agent will prompt you to enter a reason for connecting to a customer's zone. The system will store this information as an Audit Event in the Partner and Customer Audit Log.
5. The Agent will prompt you to complete two-factor authentication and enter the code from your 2FA app.
The agent will now be connected to the customer's zone. That zone name will show in the top section of the agent window. Also, the highlight on the portal icon in the toolbar will switch from green to blue, and appear on the other side of the icon.
Managing your Teleport connection
Once connected, you have two management options:
- Disconnect: This action will terminate your connection, and return you to the customer's zone upon reconnecting.
- Return: This option will disconnect you from the customer’s zone and return you to your own assigned zone. To reconnect, you must provide a new connection reason and re-authenticate.
Reporting Teleport connections
To view Teleport sessions from your Partner account, click Reporting in the ControlOne Portal's Navigation menu, then click Events at the top of the screen. You will see a Teleport event subtype listing Teleport connections. You will also see this Teleport session in the tenant view.
Selecting the session displays the customer to which the user teleported, along with the reason, in the detail view.
Additional Resources
- Cytracom ControlOne: Setting up Teleport zone connectivity
- Cytracom ControlOne: Ensuring connectivity to customer devices when troubleshooting with Teleport
- Cytracom ControlOne: Reporting
Still have questions? Click here to learn how to contact Cytracom Technical Support or open a ticket.