Knowledge Base
Client Portal User Permissions Client Portal
Introduction:
There are 4 roles you can assign to a Client Portal user: User, Accounting User, Manager and Admin. This KB article outlines the differences between those roles, and how you can change the role of a Client Portal User.
Role Details:
Role | Can View Their Tickets | Can View the Chats Tab | Can View Tickets Across Multiple Companies | Can View Other User's Tickets | Can View the Invoices Tab | Can View Invoices Across Multiple Companies |
User | Yes | Yes | No | No | No | No |
Accounting User | Yes | Yes | Yes | No | Yes | Yes |
Manager | Yes | Yes | Yes | Yes | Yes | No |
Admin | Yes | Yes | Yes | Yes | Yes | Yes |
Assigning a Role to a Client Portal User:
- Navigate to Client Portal -> Portal Users
- Select your Client Portal configuration from the drop-down menu
- In the Actions column, click the pencil icon to edit the Portal User
- In the Role drop-down menu, choose the Role you want to assign to the user
- Click the Update button
Roles and Permissions in MSP Process How to Articles
Roles:
There are two Roles in MSP Process - Admin, and Technician. By default, users who are invited to the platform are given the Admin role. Here are the differences between the two Roles:
The Admin Role... | The Technician Role.... |
|
The goal behind preventing the Technican role from accessing the Portal Settings menu is to prevent them from accessing Billing-related items, such as the credit card that is to be used, and the details of the subscription plan that you have with MSP Process. |
Permissions:
There are two permissions that can be applied to any User in MSP Process, regardless of what Role (Admin or Technician) they have been assigned:
- The Use MFA option forces that user to setup MFA
- The Allow Access to UI option offers you two choices:
- If Disabled, the user can only login to the ConnectWise/Halo/Autotask pod, and cannot login to the main https://app.mspprocess.com website
- If Enabled, the user can login to both the ConnectWise/Halo/Autotask pod and the main https://app.mspprocess.com website
Editing The Roles/Permissions of a User:
To edit a user's Role, or the Permissions assigned to that user, navigate to the Teams -> Users page, and then click the pencil icon for that user:
You'll then be presented with a screen that will allow you to edit that user's Roles and Permissions:
Syncing Contacts with Microsoft 365 How to Articles
Introduction
The MSP Process platform can sync contacts from a variety of sources, including many common PSA platforms in the MSP market. Some MSPs don't use a supported PSA though - for example, they use an uncommon PSA, or they've built their own, homegrown solution. In other cases, Microsoft 365 is the "source of truth for a Contacts", and the PSA is downstream/synching contacts from Microsoft 365, so it makes sense to directly update those contacts in Microsoft 365, instead of in the PSA.
In those scenarios, MSPs can configure the MSP Process platform to directly sync Contacts with the end-user's Microsoft 365 contacts - allowing the MSP to leverage the End-user Verifcation, Secure Data Send, and Broadcast messaging features that are built into the platform.
Linking MSP Process with Microsoft 365
- Login to the MSP Process UI
- Navigate to the Integrations -> PSA Integrations menu
- Click the Add button
- Click on the Microsoft 365 option
- Specify a name for the integation, and click the Submit button
- Click on the Microsoft 365 card that is now listed on the PSA Integrations page
- Click the Connect to Microsoft 365 button to link MSP Process to a Microsoft 365 tenant
- Follow the Microsoft UI flow to deploy the MSP Process app
- You're done! Repeat with any other Microsoft 365 tenants that you want to link to the MSP Process platform.
Interacting with Microsoft 365 Contacts in the MSP Process UI
Once you've integrated MSP Process with one or more Microsoft 365 tenants, you can view those Contacts from the Contacts menu:
From the Contacts page, you can view the Mobile Number and E-mail address of each contact. From the Actions column, you can open the MSP Process Pod, which will allow you to perform End-user Verification, securely send your customers data, and respond to Technician Verification requests.
Sending E-mails through an M365 Shared Mailbox How to Articles
Introduction:
By default, any e-mail sent by the MSP Process platform comes from noprely@mspprocess.com. For e-mails that are sent internally to an MSP, such as invites for technicians to join the MSP Process platform, this is a perfectly acceptable thing, but it's not ideal when dealing with e-mails that are sent to end-users, such as Opt-in forms and End-user Verification e-mails.
The MSP Process platform can be configured to send all of it's end-user facing e-mails through a Microsoft 365 shared mailbox - making it easy for any Partner to send our e-mails from a trusted Sender address of their choosing.
Configuring MSP Process to use a Microsoft 365 Shared Mailbox
- Login to the MSP Process UI with an Admin account
- Navigate to the Portal Settings -> Outgoing Mail page
- Click the Start Setup button
- Login to the Microsoft 365 tenant that owns the Shared Mailbox you wish to use
- Approve the deployment of the MSP Process "Outbound Mail Module" application
- You're now able to choose which mailbox you wish to use:
- Click the Submit button to finish the setup process
Testing the Shared Mailbox Configuration
- From the Portal Settings -> Outbound Mail page, click the Test button
- You'll be brought to the Portal Settings -> Test E-mail page
- Choose the "Opt-In Letter" as the e-mail to be sent, and specify the recipient's e-mail address
- Click the Test button to send out the test e-mail
- Confirm that the recipient received the e-mail, and that the Sender address is the Shared Mailbox
Deleting a Shared Mailbox Configuration
- Navigate to the Portal Settings -> Outbound Mail page
- Click the Delete button
E-mails that are sent through an M365 Shared Mailbox:
- Opt-in forms
- End-user verification - both codes and secure links
- Secure Data Send e-mails
- Invitations to the Client Portal
E-mails that are not sent through an M365 Shared Mailbox:
- Invites to join the MSP Process platform (sent via the Teams -> Invite Users page)
- Password reset e-mails
- E-mails from the "Notifications" feature
Zendesk Integration Setup Zendesk
Login to your Zendesk admin portal and create an API token as shown below:
Give the API Key a name and click Copy.
Login to MSP Process and Click on Integrations -> PSA Integrations. Click the Add PSA button.
Click on Zendesk
Give the integration a Name, put in the URL for your Zendesk site and the API key and click Submit.
The next screen select your ticket defaults and click Submit.
Creating a Microsoft Teams Connection How to Articles
Introduction:
Several features in the MSP Process platform can send messages to Microsoft Teams channels:
- When a new text message is send to an SMS number
- When a new Live Chat is created
- When a new Client Portal chat is created
The goal of this KB article is to walk through how to setup a Workflow in Microsoft Teams that can accept the messages from the MSP Process platform, and to configure MSP Process so it knows about the Microsoft Teams channel.
Creating a Workflow in Microsoft Teams:
In the Microsoft Teams app, launch the Workflows feature by clicking on the ... menu item, and searching for "Workflows":
- In the Workflows app, click the button
- Click the button
- Create a workflow that looks like this:
Here's what the Parse JSON action should look like:
And here's the text that goes in the Schema field:
{
"type": "object",
"properties": {
"text": {
"type": "string"
}
}
}
Finally, here's how the "Post message in a chat or channel" action is configured:
Configuring a Microsoft Teams Connection in MSP Process:
- Login to the MSP Process UI (https://app.mspprocess.com)
- Navigate to the Portal Settings -> Teams Connections page
- Click the Add button, and fill in the required fields:
- Give the connection a name
- In the URL field, paste the URL from the Microsoft Teams workflow
- Click the Test button to ensure that the connection to your Microsoft Teams workflow is correctly setup
- Click the Submit button to save the connection
Click the Test button; you should see the message "Hello, World" in the Microsoft Teams channel you specified in the Workflow.
End User Verification Video - ConnectWise Pod General Support
Using DUO's "Traditional" Login Prompt General Support
Context:
Recent changes made by DUO have made it so that their Universal Prompt cannot be rendered in an iframe. The main UI of the MSP Process platform is not affected by this change, but our PSA-embedded Pod (ConnectWise and Halo PSA) and Insight (Autotask) are affected, as they are iframes within the UI of those PSA platforms.
This KB article guides you through how to change your DUO configuration for MSP Process to use DUO's "traditional" prompt, which will allow you to continue to securely login to the MSP Process Pod/Insight when you've chosen to use DUO as your MFA provider.
Instructions:
- Login to your DUO admin panel (the URL will be something like https://admin-<GUID>.duosecurity.com/ )
- Click on the Applications menu
- Find the Web SDK entry for MSP Process, and edit it
- Under the Universal Prompt section, choose the Show traditional prompt option
- At the bottom of the page, click the Save button
Conclusion:
You've now successfully configured your DUO tenant to use their traditional promp for the MSP Process platform. You'll find that your login experience does look different, as DUO's traditional prompt has a different look and feel:
Modifying a user's Preferred Authentication Method Microsoft Authenticator
Introduction:
When you send a verification request to someone's Microsoft Authenticator app, you may see an error message in MSP Process saying that the user has a different "Preferred Auth Method" specified. In this situation, the user will not receive your verification request.
The goal of this KB article is to show you where in M365 you can go to modify a user's preferred authentication method.
Example of the Error:
Steps to resolving the Error:
- Login to the Microsoft Entra admin center (https://entra.microsoft.com/?l=en.en-us) as a user who has the rights need to modify someone's identity in Entra
- Navigate to Protection -> Authentication methods
- Under the Monitoring section, click on User Registration Details
- Click on the user who's preferred authentication method you want to modify
- In the MFA Status card, click on Manage MFA Authentication methods
- Click on the pencil icon that allows you do edit the Default sign-in method
- Choose Microsoft Authenticator from the drop-down menu
- Click the Save button, and you're done!
Step 1: Creating an API User in Kaseya BMS Kaseya BMS
Introduction
Configuring the MSP Process platform to work with your Kaseya BMS server is a two-step process; first you need to create an API user in Kaseya BMS, and then you need to provide the API User's credentials to the MSP Process platform. This KB article will cover the first step; the second KB article is available here.
Creating a Custom Role for the API User
- Navigate to Admin -> Security -> Roles
- Click the New () button to create a new Security Role
- Name the role something that's easily understood, such as "MSP Process API User"
- Ensure that the Role Type is set to Internal, and the Status is set to Active
- Click the Save () button to save the Security Role
- In the Service Desk category, click the Allow View All and Allow Modify All buttons
- In the CRM category, enable the View permission for Accounts and both View and Modify for Contacts
- Click the Save () button to save your changes
Creating an API User in Kaseya BMS
Note: these instructions were sourced from this Kaseya BMS KB article.
- Login to your Kaseya BMS server
- Navgiate to Admin -> HR -> Employees
- Click the New () button to create a new user, and specify the following values:
- User Name: MSPProcessAPIUser
- First Name: MSP Process
- Emp ID: Whatever number makes sense for your organization
- Email Address: mspprocessAPIUser@.com (note that you'll need this to be a valid e-mail whose inbox you can access)
- Job Title: Administrator
- Department: Administration
- Manager: Pick an appropriate Manager within your organization
- Employment Type: Full Time
- Employee Roles: Administration
- Security Roles: Choose the Security Role that you created (i.e. MSP Process API User)
- Location: Pick an appropriate location
- User Type: Api Employee
- Click the Save ()button to save the new user
- Edit the user account, and click the Reset and Send Instructions button; when you receive that e-mail, change the password and save it, as we'll need the e-mail address of the user and the password in the second KB article.
Conclusion
Congratulations! You've now created a custom Security Role and an API user in Kaseya BMS, and you're ready to following the instructions in our second KB article, available here.
Introduction:
This is the second (of two) KB articles that guides you through configuring the integration between Kaseya BMS and the MSP Process platform. The first KB article is available here; the steps in that article must be completed before following the instructions in this KB article.
Providing MSP Process with the API User Credentials from Kaseya BMS
- Login to the MSP Process UI (https://app.mspprocess.com)
- Navigate to Integrations -> PSA Integrations
- Click the Add new PSA button
- Click the Kaseya button
- On the first step of the wizard (Select PSA) enter the required information - specify the e-mail address and the password for the user that you created in Kaseya BMS
- Click Submit; this will validate that the MSP Process platform can communicate with your Kaseya BMS instance
- On the second step of the wizard (Input base settings), specify the properties for any new tickets that get created through MSP Process
- Click the Validation button, and then the Submit button
Congratulations! You've now configured the integration between MSP Process and your Kaseya BMS instance.
Introduction
Configuring MSP Process and HaloPSA to work with one another is a quick and easy process that is composed of a few steps:
- Creating an Agent in HaloPSA that has the appropriate roles and permissions.
- Creating an Application within the HaloPSA API
- Providing MSP Process with the appropriate URL and tokens to communicate with HaloPSA.
- Creating a custom tab in HaloPSA that will display the MSP Process Pod
Once you've completed the steps in this KB article, you'll have MSP Process and HaloPSA communicating with one another, and you'll be ready to move on to the next KB article: Step 2: Setup the MSP Process "Custom Tab" in Halo.
Creating an Agent in HaloPSA
- Sign into your HaloPSA system
- Navigate to Configuration -> Teams and Agents -> Agents
- Click the New button to add a new agent
- Provide a name for the agent; we recommend MSP Process Agent
- Specify a password that meets your organizations security rules
- Assign the agent a Role; we recommend the default Role called 1st Line Support (or your equivalent if you’re modified the Roles in your Halo PSA instance)
- Enable the Is an API-only agent option
- Fill out any other mandatory fields (such as the Team and Working Hours fields)
- Click Save
- Edit the MSP Process Agent account; on the Permissions tab, enable the "Can Delete Tickets" option:
- Click Save
NOTE: The ability to delete tickets is only needed when setting up a Ticket Default in MSP Process, as validating the Ticket Default involves creating and then deleting a ticket in Halo PSA. Once the ticket default has been setup, you can disable the "Can Delete Tickets" option.
Creating an Application within the HaloPSA API
- From the Halo PSA UI, navigate to Configuration -> Integrations -> HaloPSA API
- Take note of the Resource Server URL; you'll need it (including the https:// prefix, but without the /api at the end) during one of the configuration steps with MSP Process
- Within the Applications portion of the page, click the View Applications button
- Click the New button to add a new application
- Specify a name for the application; we recommend MSP Process
- Within the Authorization Method section, select Client ID and Secret (Services)
- Copy the ClientID and Client Secret; you'll need it during one of the configuration steps with MSP Process
- Ensure that the Login Type drop-down menu is set to Agent
- Open the Agent to log in as drop-down menu, and choose the Agent you configured in the Creating an Agent in HaloPSA section
- Click the Save button
- Dismiss any permissions-related messages that appear; we'll be configuring those next
- On the Permissions tab, click the Edit button and enable the following permissions:
- read:tickets
- edit:tickets
- read:customers
- edit:customers
- read:crm
- edit:crm
- read:items
- edit:items
- Click the Save button
Providing MSP Process with the appropriate URL and tokens to communicate with HaloPSA
- Login to the MSP Process UI (https://app.mspprocess.com)
- Navigate to Integrations -> PSA Integrations
- Click on the Add new PSA icon
- Click the HaloPSA icon
- Specify the ClientID and Secret that you obtained in step 7 of the Creating an Application within the HaloPSA API section
- Specify the Resource Server URL (remove the /api at the end) that you obtained in step 2 of the Creating an Application within the HaloPSA API section. Note that the URL must start with https://
- Click Submit to save the HaloPSA configuration settings
- Finally, fill in the ticketing default fields; these values will be used when leveraging MSP Process to create tickets
- Click Submit to finish setting up the HaloPSA module in MSP Process
Setting Up Microsoft Authenticator Integration in your Client's M365 Tenant Microsoft Authenticator
Introduction
Microsoft's Authenticator app is a great tool to use when verifying someone's identity through the MSP Process platform - it's more secure than just sending an SMS message, it can leverage additional biometric security mechanisms like Apple's FaceID, and it's convenient - your end-users likely already have the Microsoft Authenticator app on their phone.
In order for the MSP Process platform to send a push notification to your end-users, there are configuration steps that must be taken within that end-user's M365 tenant. This KB article will guide you through those steps.
Prerequisites
- Your end-user's M365 tenant must have an Entra P1 license (or higher) assigned to it
- You must have a set of credentials for your customer's M365 tenant that have Cloud Application Administrator permissions.
Configuring an M365 Tenant
The following steps must be done for each M365 tenant.
- Login to the MSP Process UI (https://app.mspprocess.com)
- Navigate to Integrations -> Security Integrations
- Click the Add New Integration button
- Click on Microsoft Authenticator
- In the Microsoft window that appears, sign-in to your customer's M365 tenant
- Follow the prompts to provide MSP Process with the required permissions
- ; when that's completed, you'll be brought to the following page:
- Click the Tap to finish onboarding button
- You'll be brought back to the MSP Process UI
At this point, you've setup MSP Process to use Microsoft Authenticator to verify the end-users in that M365 tenant with their Microsoft Authenticator app. You'll now see Microsoft Authenticator available as an option within your PSA:
ConnectWise/Halo PSA:
Autotask:
Configuring and Securing Single Sign-on (SSO) with Microsoft 365 How to Articles
Introduction
Microsoft Entra is a popular external Identity Provider (external IDP) that can be used to authenticate your technicians when they login to the MSP Process platform. The goal of this KB article is to walk through how to setup Single Sign-on (SSO) between the MSP Process platform and Microsoft Entra, to review what's created in your Azure tenant when you configure Microsoft Entra as an external IDP, and to outline some additional settings that you can configure to further secure this capability.
Linking the MSP Process Platform to Microsoft Entra
When you first login to the MSP Process platform, a wizard will prompt you to setup the integration with Microsoft:
The first person to take this step will be asked to install the MSP Process Enterprise Application - this Application is what facilitates an SSO login. You'll want to make sure that the Microsoft identity you use during this first step has sufficient rights to install Enterprise Apps in your M365 tenant.
Once that process has been completed, you'll have an "MSP Process" Enterprise Application in your Microsoft Azure environment:
When your colleagues then login to MSP Process, and they also link their MSP Process account to Microsoft using our Setup Wizard, they will (regardless of their permissions in Microsoft 365) have their account successfully linked to their identity in Microsoft 365.
Further Securing the MSP Process Enterprise Application by Requiring User Assignment
By default a newly-created Enterprise Application in Microsoft Azure does not have the Assignment Required option enabled. This means that any user in Entra can - if they have the correct credentials - login to the MSP Process application using their Microsoft Entra credentials. By enabling the Assignment Required option, you can limit access to the MSP Process platform to only the users in your organization who require access to it.
- Sign in to the Microsoft Azure portal.
- Using the search field at the top of the page, look for Enterprise Applications.
- Click on the MSP Process application.
- Navigate to the Manage -> Properties tab
- Enable the Assignment Required option
- Click Save to save the change to the Application
- Navigate to the Manage -> Users and Groups tab
- Click the Add User/Group button to assign the appropriate users to the MSP Process application
That's it! You've now limited who can login to the MSP Process platform to only those in your organization who should have access to it.
Further Securing the Enterprise Application by Applying a Conditional Access Role
Limiting who can login to the MSP Process platform by requiring them to be explicitly assigned to the Enterprise Application in Azure is an excellent step. There's a further step that can be taken, which is to apply the Require phishing-resistant multifactor authentication for administrators Conditional Access Policy. Applying this policy ensures that only users who have already authenticated to Microsoft Entra using both a password and a phishing-resistant method of MFA - such as Windows Hello for Business, a FIDO2 security key, or Microsoft Entra certificate-based authentication - are able to login to the MSP Process platform. More details on phishing-resistant MFA can be found in this Microsoft KB article.
Instructions from Microsoft on what the Conditional Access Policy does and how it can be configured are available here. The steps specific to the MSP Process platform are:
- Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
- Browse to Protection > Conditional Access.
- Select Create new policy.
- Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
- Under Target resources > Cloud apps > Include, select the MSP Process Enterprise Application.
- Under Access controls > Grant, select Grant access, Require authentication strength, select Phishing-resistant MFA, then select Select.
- Confirm your settings and set Enable policy to Report-only.
- Select Create to create to enable your policy.
Step 1: Setup the API User in Autotask and Configure the Autotask Integration in MSP Process Autotask
Login to Autotask and create your API username and password:
Under Admin -> Resources (Users) click on New and select "API User", Select MSP Process as your integration partner, and generate a username and password. These two fields will be the username and password you will use to connect Alert Manager to Autotask.
Select Security Level "API User" (system)
In MSP Process click on Integrations -> PSA Integrations and click on Plus sign on Add as shown below:
Click on Autotask and then input the username and password from the steps above:
NOTE: This is the second (of two) steps needed to configure the Autotask integration. If you haven't already done so, please complete the first step, which is available here:
Setup the API User in Autotask and Configure the Autotask Integration in MSP Process
Configuring the MSP Process Insight in Autotask
In the menu select Admin → Extensions & Integrations
At the Vendors tab, find ‘MSP Process’ in the Vendor Name column and click ‘Edit’
The ‘Active’ checkbox must be checked.
Enable the two options in the "Vendor Insights" section, and press ‘Save & Close’
Then go to Admin -> Features & Settings
Select the Ticket Category which you use as Default - in most cases that's the one called "Standard", and Edit this default ticket category.
Open the Insights tab
This page is divided into two sections - Visible Insights and Hidden Insights. You'll find the MSP Process insight in the Hidden section; drag it up to the Visible section, and place it in the apporpriate order with the other Visible insights. Insights in the "Hidden Insights" section will not display on the Ticket. The "Always Display" checkbox should be checked.
After pressing ‘Save & Close’ you will be able to see the MSP Process insight in the Insights section of your Tickets.
Mobile Apps - for Technicians and End-Users Client Portal
Introduction
The Client Portal feature within the MSP Process platform is feature-rich and intuitive to use, but did you also know that it's available as a mobile app? We've built two different apps for the Client Portal - one for your Technicians, and another for your End-Users. Let's take a look!
Technician App
The Technician app is available for both iOS and Android, from the following URLs:
iOS: https://apps.apple.com/us/app/msp-process/id6447599630
Android: https://play.google.com/store/apps/details?id=vn.starlingtech.likemagic
The app allows your Technicians to chat with end-users, view their tickets, add ticket notes, and more!
End-User App
The End-User app allows your customers to create and update tickets, chat with your Technicians, request a Technician Verification, and get notifications. The app is branded with your MSP's logo and colors, enhancing the visibility of your brand to your customers.
iOS: https://apps.apple.com/us/app/msp-client-portal/id6469681233
Android: https://play.google.com/store/apps/details?id=com.app.mspclient
Free Plan Onboarding - Autotask Free Plan Onboarding
Login to Autotask and create your API username and password:
Under Admin -> Resources (Users) click on New and select "API User", Select MSP Process as your integration partner, and generate a username and password. These two fields will be the username and password you will use to connect Alert Manager to Datto Autotask.
Select Security Level "API User" (system)
In MSP Process click on Integrations -> PSA Integrations and click on Plus sign on Add as shown below:
Click on Autotask and then input the username and password from the steps above:
The following is the setup process for the Autotask Ticket Insight. This must be completed after setting up the API and putting it API keys into app.mspprocess.com.
Configuring the MSP Process Insight in Autotask
In the menu select Admin → Extensions & Integrations
At the Vendors tab, find ‘MSP Process’ in the Vendor Name column and click ‘Edit’
‘Active’ checkbox should be checked.
Enable Vendor Insights and press ‘Save & Close’
Then go to Admin -> Features & Settings
Select ‘Ticket Categories’
Select ‘Ticket Category’ which you use as Default and Edit this default ticket category.
Open ‘Insights’ tab
Drag and drop the insights within the "Visible Insights" section to control their order of appearance on the Insights tab. Insights in the "Hidden Insights" section will not display on the Ticket. The "Always Display" checkbox should be checked.
After pressing ‘Save & Close’ you will be able to see POD in Ticket window.
Free Plan Onboarding - HaloPSA Free Plan Onboarding
The first thing that you be required is the create the HaloPSA API keys.
1) Choose the configuration gear,
2 Choose HaloPSA API.
3) Now grab the URL for your Halo instance under Resource Server - copy this and have it available to put into the app.mspprocess.com configuration. Only the first component until the end of the domain name is required.
4) Finally, click on the View Applications button.
Save the Resource Server to a notepad or another place for retrieval later.
Click on New on the top, right-hand side to create a new API
Follow these steps:
1) name the Application (MSP Process, in this case or something similar),
2) Choose Authentication Method (Client ID and Secret - these will be provided to the integration step in app.mspprocess.com from above)
3) Copy and Paste the Client Id for later retrieval onto a clipboard or other for later retrieval to put in app.mspprocess.com
4) Copy and Paste the Client Secret onto a clipboard or other for later retrieval to put in app.mspprocess.com
5) "Agent to log in as" should choose an Agent with admin privileges and
6) Save
Click on Permission Tab. Edit the permissions. And click on the ones identified below. Make sure the final step is the Save the permission Changes.
At this point, you are ready for onboarding with your specialist. Make sure you have your Resource Server, Client Secret and Secret ID obtained earlier. These will be required for input into app.mspprocess.com integration page.
Once you have done the integration with you have completed the API integration with your onboarding specialist, you will have to complete the HaloPSA configuration:
Now we are going to create a Custom Tab in Halo. So go to Halo and under Configurations -> Custom Tabs, with the Entity set to "Ticket", click on "New" to create a new Custom Tab.
Enter the name of the custom tab to something like: "MSP Process", Sequence "2" (or wherever you want it to appear), Type "Iframe", and finally, paste the URL that you copied from the app.mspprocess.com integration page, and hit Save.
For each ticket type that you would like for the MSP Process functionality to appear as a Custom Tab, you have to follow the following process:
Under the Halo Configuration-> Ticket -> Ticket Types, choose the ticket type that you would like to configure. Incident in this example.
Edit the Ticket Type, in this case, Incident, under the item Custom Tabs, make sure the box "All all Custom Tabs" is turned on. Save the configuration.
At this point, please contact your MSP Process account manager or onboarding specialist. You will be required to put the Resource Server, Client ID and Secret into the MSP Process application please have this data ready for the onboarding session.
Once the previous step is completed, you will have access to the MSP Process custom tab when you access a ticket (on an Incident ticket in this case) on your HaloPSA!
Free Plan Onboarding - Connectwise Free Plan Onboarding
Login to ConnectWise as an Admin and select System -> Members -> API Members as shown below:
Click on + as shown below:
Fill out all required fields and click Save button: Be sure to set the permission to "Admin". If you have a role ID other than Admin, please see the bottom of this documentation for setting permissions for a custom role ID.
Click on API Keys and then click on the + sign to add a new key:
Give it a description and click Save:
The keys will disappear after you click save and close so copy both now to a document or directly into MSP Process before you save and close in ConnectWise.
After you have saved the Public and Private keys to a clipboard or anywhere else for retrieval, the next step will be to enter this information into the MSP Process admin app. On your Onboarding session, please make sure to have these available.
Once instructed by your onboarding specialist, please perform the following tasks:
Now login to MSP Process and click on Integrations and click Integrations -> PSA Integrations. Click + to Add PSA and select ConnectWise.
Select ConnectWise
Enter your PSA Connection Details:
ConnectWise Permission Details
Introduction
At MSP Process we believe in only setting the minimum permissions required to leverage our application for your business needs. Please find the outline below along with a more granular review of the permissions.
Adding a Security Role for MSP Process
- Login to your ConnectWise Manager account
- Navigate to System -> Security Roles
- Add a new role, name it MSP Process, and give it the permissions listed below:
Area | Permission | |
Companies |
Company Maintenance: Inquire (All) Company/Contact Group Maintenance: Inquire (All) Contacts: Add/Edit/Inquire (All) CRM/Sales Activities: Inquire (All) Manage Attachments: Add/Inquire (All) Notes: Add/Edit/Inquire (All) Team Members: Inquire (All) |
|
Finance* | Invoicing: Inquire (All) | |
Project | Project Tickets: Inquire (All) | |
Service Desk |
Close Service Tickets: Add/Edit/Inquire (All) Resource Scheduling: Add/Inquire (All) Service Ticket - Dependancies: Add/Edit/Inquire (All) Service Tickets: Add/Edit/Inquire (All) Service Tickets - Finance: Inquire (All) SLA Dashboard: Inquire (All) Ticket Templates: Inquire (All)
|
|
System |
Member Maintenance: Inquire (All) Table Setup: Inquire (All) |
* only required if using the Invoices tab within the MSP Process Client Portal
4. Within the System area, click the customize link beside the Table Setup permission (screeshot below):
5. Make sure that all of the entries are "allowed access" as shown below. You may then save and close the MSP Process Security Role.
API Endpoints Used by MSP Process
This is a list of all APIs we get information from or post using the API connections. Please adjust your permissions based on the details below. Please note that some of these API requests are part of other functions of our app and are not needed for End User and SMS utilization.
Type |
API (resource) |
Description |
---|---|---|
GET |
|
Check is connection is valid |
GET |
|
Get statuses (company filters) |
GET |
|
Get types (company filters) |
GET |
|
Get statuses (configuration filters) |
GET |
|
Get types (configuration filters) |
GET |
|
Get configurations |
GET |
|
Get all companies |
GET |
|
For contact creation |
GET |
|
For contact creation |
GET |
|
note types |
GET |
|
contact notes |
GET |
|
contact |
GET |
|
contacts count |
GET |
|
valiadate client portal credentials |
POST |
|
request reset password |
System
Type |
API (resource) |
Description |
---|---|---|
GET |
|
Get resources |
GET |
|
Get API resources |
GET |
|
Get departments |
GET |
|
Get audit trial |
GET |
|
Get system callbacks |
Finance
Type |
API (resource) |
Description |
---|---|---|
GET |
|
Get the list of invoices |
GET |
|
Get a specific invoice |
Service
Type |
API (resource) |
Description |
---|---|---|
GET |
|
Ticket notes |
PATCH |
|
Update ticket note |
GET |
|
Ticket timeline |
GET |
|
Tickets |
GET |
|
Time entries |
GET |
|
Priorities |
GET |
|
tickets |
GET |
|
boards |
GET |
|
types |
GET |
|
subtypes |
GET |
|
items |
GET |
|
statuses |
GET |
|
impacts |
GET |
|
severities |
GET |
|
locations |
GET |
|
sources |
GET |
|
agreements |
Ticket Notes
Type |
API (resource) |
Description |
---|---|---|
POST |
|
toggle note type |
Time Entries / Schedule entries
Type |
API (resource) |
Description |
---|---|---|
GET |
|
time entries |
GET |
|
time entry |
GET |
|
work types |
GET |
|
work roles |
GET |
|
schedule entries |
GET |
|
schedule entry |
GET |
|
statuses |
The final step to take in setting up the MSP Process -> Halo PSA integration is to configure a Custom Tab within Halo PSA that'll contain the MSP Process pod.
The first step is to obtain the URL for your MSP Process pod; to do that, go to Integrations -> PSA Integrations -> Halo
Click on the Get Link to v2 Pod as shown below:
Login to Halo PSA and click on Settings -> Custom Objects:
Click on Custom Tabs:
Create a new custom tab, and specify the details as outlined below:
Once you've saved that Custom Tab, the final step is to associate it with the appropriate Ticket Types - Halo lets you choose which types of tickets have what Custom Tabs, so you can customize what your Technicians can do and see.
Navigate to Configuration -> Tickets -> Ticket Types, and edit the Ticket Type (for example, Incident). On the Allowed Values tab, there is a Custom Tabs section; add the MSP Process custom tab there, or enable the Allow all Custom Tabs option.
Once you've finished modifying the Ticket Type, save your changes. You're done! Now you'll see the MSP Process custom tab show up in your tickets:
Setup new ConnectWise Pod v2
If you are not utilizing our new version of the pod it is very simple to update to the new one. You can also run them concurrently until you are sure v2 is working properly for you.
Login to MSP Process and go to Integrations -> PSA Integrations -> ConnectWise.
Once you click ConnectWise you will see v2 link as shown below and you can click the copy button next to it.
Now login to Connectwise and go to System -> Setup Tables and Search for Manage Hosted API.
Once you select it you can update your existing POD or create a new one and utilize both side by side until you are sure v2 meets all of your needs. The naming of your pods may be slightly different than mine below but we recommend updating both Contact and Service Ticket pods.
Select one of the existing ones to update it:
Update the origin link to:
To note if you want to create a new pod then the pod should look like the one above. The only setting to consider is whether you want the pod to be 600 or 800 in size. We generally recommend 800 if you have larger screens. If on a laptop you may want 600.
Risks of not implementing End User Verification Client Facing Educational Documents
Disclaimer: This is not a substitute for Legal advice. Pleas consult with your attorney on local, state and federal guidelines before including this in any legal agreements. This document is intended for educational purposes.
Risks of Not Implementing End User Verification with Company Signature
Introduction
In the digital age, verifying the identity of end users has become a crucial aspect of managing security and maintaining trust in business operations. End User Verification (EUV) processes, particularly those that include a company signature (either digital or physical), play a critical role in ensuring that services and information are accessed only by authorized individuals. This document outlines the potential risks associated with the refusal or failure to implement an EUV system that includes a company signature, emphasizing the importance of such measures for safeguarding business integrity, customer trust, and legal compliance.
Risks Associated with Non-Implementation
- **Increased Vulnerability to Fraud and Identity Theft**
Without a robust EUV process, businesses are more susceptible to fraudulent activities. Fraudsters can easily impersonate users or create fake accounts, leading to identity theft and unauthorized access to sensitive information. This not only results in financial losses but can also damage the company's reputation.
- **Legal and Compliance Risks**
Many industries are governed by strict regulatory requirements that mandate the verification of customer identities (e.g., GDPR in Europe, KYC regulations in the banking sector). Failure to implement an EUV system with a company signature can result in non-compliance, leading to hefty fines, legal sanctions, and remediation costs.
- **Data Breaches and Security Incidents**
Lack of end user verification weakens the overall security posture of a company. It becomes easier for attackers to gain unauthorized access to the system, potentially leading to data breaches. Such incidents not only have financial repercussions but also erode customer trust and loyalty.
- **Loss of Customer Trust and Reputation Damage**
Customers expect businesses to protect their personal information and ensure secure transactions. A company's refusal to implement adequate EUV measures can lead to a perception of negligence, undermining customer trust. Rebuilding reputation after such damage is often costly and time-consuming.
- **Operational Disruptions and Financial Losses**
Fraudulent activities facilitated by inadequate EUV processes can disrupt operations, requiring significant resources to address security breaches, investigate fraud, and implement corrective measures. These disruptions often lead to direct financial losses and increased operational costs.
- **Decreased Market Competitiveness**
In a market where competitors are enhancing their security measures and trustworthiness through robust EUV processes, companies that fail to do so may find themselves at a competitive disadvantage. Customers and partners are more likely to engage with businesses that demonstrate a commitment to security and privacy.
- **Increased Risk of Insider Threats**
Without effective EUV, it's challenging to track and monitor user activities accurately. This increases the risk of insider threats, as malicious or negligent actions by employees, contractors, or partners can go undetected. Insider threats are particularly dangerous because they can cause extensive damage due to their access to sensitive information.
Conclusion
Implementing End User Verification with a company signature is not just about adhering to regulatory requirements; it's a fundamental component of a comprehensive security strategy that protects against a wide range of risks. The refusal to implement such measures can expose businesses to significant vulnerabilities, including financial losses, legal penalties, operational disruptions, and reputational damage. To safeguard their interests, assets, and stakeholders, companies should prioritize the implementation of robust EUV processes that include company signatures as a standard practice for verifying and authenticating user identities.
Recommendations
- Assess Current Security Posture: Conduct a comprehensive security assessment to understand the existing vulnerabilities and identify the need for enhanced EUV processes.
- Implement Robust EUV Solutions: Invest in and implement advanced EUV technologies that include company signatures, leveraging biometrics, digital signatures, and other authentication methods.
- Regular Training and Awareness: Educate employees, partners, and customers about the importance of security and the role of EUV in protecting their information.
- Continuous Monitoring and Improvement: Regularly review and update the EUV processes to adapt to emerging threats and changing regulatory requirements.
- Legal and Compliance Consultation: Work with legal and compliance experts to ensure that the EUV processes meet all relevant regulatory requirements and industry standards.
Waiver of Liability for Non-acceptance of Zero Trust Policy Client Facing Educational Documents
Waiver of Liability for Non-Acceptance of Zero Trust Policy
I, [Your Name], hereby acknowledge that I have been informed of the zero trust policy implemented by [Organization/Company Name], herein referred to as "the Company." I understand that the zero trust policy is designed to enhance security measures within the Company's network and systems.
I further acknowledge that despite being informed of the zero trust policy, I have chosen not to accept or adhere to its principles and guidelines.
By not accepting the zero trust policy, I acknowledge and agree to the following:
-
Assumption of Risk: I understand that by not adhering to the zero trust policy, I may be exposing myself and the Company to increased cybersecurity risks, including but not limited to unauthorized access, data breaches, and other security incidents.
-
Release of Liability: I hereby release, waive, discharge, and covenant not to sue the Company, its officers, directors, employees, agents, and affiliates from any and all liabilities, claims, demands, actions, or damages of any kind arising out of or related to my decision not to accept the zero trust policy.
-
Indemnification: I agree to indemnify and hold harmless the Company, its officers, directors, employees, agents, and affiliates from any and all liabilities, damages, losses, costs, or expenses (including reasonable attorneys' fees) arising out of or related to any security incidents or breaches resulting from my non-acceptance of the zero trust policy.
-
Acknowledgment of Consequences: I acknowledge that the Company has provided me with ample opportunity to review and understand the implications of not accepting the zero trust policy. I understand that my decision may impact my access to certain resources, systems, and privileges within the Company.
-
Voluntary Agreement: I certify that my decision not to accept the zero trust policy is voluntary and made of my own free will, without coercion or undue influence from any party.
I have read this waiver of liability and fully understand its terms and implications. I acknowledge that I am voluntarily waiving certain rights by not accepting the zero trust policy.
Signed this [Date] day of [Month, Year].
[Your Signature]
[Your Printed Name]
Please note that this waiver is a template and may need to be reviewed and adjusted by legal professionals to ensure compliance with relevant laws and regulations in your jurisdiction and to tailor it to the specific circumstances of your organization.
End User Verification using Secure Data Link End User Verification
End-user verification with a secure, single-click link can be achieved with either an email or SMS to transmit the secure data link to the client. The follow step is for the secure like via email:
Make sure that the client is expecting to see an email from noreply@mspprocess.com and that they click the secure link within the configured time the link is valid (by default, it is set for 5 minutes). The logo, text, signature, and footer are all configurable.
This is what the client will see when they click on the secure link in the previous email. The colors, color gradient and logo are configurable. Once they click on "Validate" the end-user verification process will be complete.
This is what the result will look like from the technician's perspective. Note that the duration that the shields will stay green after successful verification is configurable.
The following is the secure link via SMS:
If you click on the Verification History down arrow, you will see the history of verifications for this contact. The number of history entries is configurable:
To close the Verification history, click on the "up" arrow.
How To Verify a Technician's Identity Over SMS Client Facing Educational Documents
Adhering to our Zero-Trust Policy, your staff should treat every incoming call from us with skepticism and initiate the Technician Verification process without hesitation. With a clearly defined and easily accessible procedure, you attain peace of mind in mere moments.
{yourMSP} has a dedicated verification number to which you can direct all Technician Verification requests to. It is {VerificationNumber}.
For all purported requests from {yourMSP}'s service desk, please send a #verify message to {VerificationNumber}:
In a few seconds, you will be provided with a code, as above and in this case 870421, that should also be the code that your service desk technician should be provide to you. If it matches what you have been provided, you can be assured that the current call is from a legitimate technician from the {yourMSP} service desk.
With your satisfaction that the code matches, please respond with a #confirm to the same phone number and SMS conversation. This will close the Tech Verification process and will log this interaction with our service desk software and tied to the service ticket that your technician is calling about:
E-mail Template: What is End-User and Tech Verification? Client Facing Educational Documents
What is End-User and Tech Verification?
End-User and Tech Verification are identity verification techniques that confirm the identity of the respective person. Identity verification, in the context of cybersecurity and access control, refers to the process of confirming and validating the identity of individuals who are trying to access a system, application, or network. The goal is to ensure that only authorized users gain access to specific resources, while unauthorized or malicious actors are prevented from doing so.
Why does an {MSP} make use of Identity Verification?
{put MSP Name here} has adopted a Zero Trust Policy (ZTP). A ZTP is an approach to cybersecurity that assumes no entity, whether inside or outside the organization, can be trusted by default. This security model requires strict verification of anyone trying to access resources in the network, regardless of their location or the device they are using. There are several reasons why we have adopted a zero-trust policy:
- Changing Perimeter: Traditional security models rely on a secure perimeter, assuming that once someone is inside the network, they can be trusted. However, with the rise of remote work, cloud computing, and mobile devices, the concept of a secure perimeter has become less relevant. Zero trust acknowledges that threats can come from both inside and outside the network.
- Advanced Threats: Traditional security measures are not always effective against advanced persistent threats and sophisticated cyber-attacks such as AI-induced Voice Phishing Attacks. A ZTP approach helps to mitigate the risk of these threats by continuously verifying and authenticating users.
- Data Security: As organizations increasingly store sensitive data in the cloud and allow remote access to their networks, protecting data becomes paramount. ZTP ensures that only authorized users have access to specific data and resources, reducing the risk of data breaches.
- Mobile Workforce: With more employees working remotely or using mobile devices to access corporate resources, the traditional model of trusting devices based on their location becomes impractical. Zero trust considers every access attempt as potentially untrusted, regardless of the user's location.
- Privileged Access: Zero trust is particularly important for managing privileged access. Even employees with higher levels of access must continuously authenticate and prove their identity, reducing the risk of misuse of privileged credentials.
- Insider Threats: While the majority of employees are trustworthy, insider threats can still pose a significant risk. Zero trust helps organizations minimize the potential damage from insider threats by enforcing the principle of least privilege and continuous monitoring.
- Compliance Requirements: In many industries, there are regulatory requirements that mandate a high level of security and data protection. Adopting a ZTP can help organizations meet these compliance standards and demonstrate a commitment to securing sensitive information.
By adopting a ZTP, {MSP} aims to enhance our client’s overall security posture, adapt to the evolving threat landscape, and protect critical assets from both internal and external threats.
What are typical ways to Authenticate an Identity?
The goal of identity verification is to ensure that the person claiming a particular identity is, indeed, who they say they are. Verification, to be effective, relies on Multi-Factor Authentication (MFA). He is a list of factors that we rely on:
- Something You Know: This involves knowledge-based factors such as passwords, PINs, or security questions. Often these are not available at the time of authentication because of forgotten information. They can often be compromised because they are often shared or based upon easily generated information (birth dates, addresses or less.)
- Something You Have: This includes possession-based factors such as security tokens, smart cards, or mobile devices. In the case of a mobile device, this usually means the phone number and possession of the device as forms of authentication because you can reference them via a phone call, SMS or an application notification push.
- Something You Are: This involves biometric factors like fingerprints, facial recognition, or retina scans. With access to your mobile devices your biometric information authenticated and stored on the device is proof of something that is unique to the end user.
So how does End-User Verification make use of the Authentication Factors listed above?
End-User Verification is a 30-second process and because of our ZTP, it is required on every service desk call from our clients.
SMS send – EUV pushes a 6-digit code or a single-click link to a mobile device (Something you Have). Since the end-user has supplied the phone number (Something you Know) of the mobile device that relies on a PIN, Password (Something you know) or a biometric (Something you Are) to access the device, you have three levels of authentication in place.
Email send – as above, EUV pushes the 6-digit code or single-click link to a known email address. The email box would be authenticated by the physical access to the mobile or desktop device AND to the email client.
Client Portal or Client App – in the event that you don’t have access SMS or email or it is more convenient to do so, the user can access either the Client Portal with a password (Something You Know) or the Client App with a biometric login (Something you Are). Once the End-User has accessed the Portal or App, the technician can push a code or a confirmation request for the End-User to complete the Verification.
What is the purpose of Tech Verification?
Often threat actors will pose as a technician from a service desk in an attempt to gain access to your network, servers, or other network applications. They often sound credible because they may have obtained some pertinent or meaningful information that can be used to fool you into believing that you are speaking with a technician from the {MSP} service desk.
With ZTP, all End-Users should verify any solicited or unsolicited call purporting to be from {MSP} or our service desk.
Tech Verification is a simple, 30 second process. The End-User sends #verify using SMS on their mobile (Something you have) number to our published Verification phone number (Something you know). In response to this, you will be provided with aa unique 6-digit code that only you and a valid service technician from our service desk will know. When the technician provides this code to you, and you are satisfied that it is correct, you send #confirm on SMS back to the Verification phone number.
Here are some tips to help you prevent phishing attacks:
Don’t trust caller ID: Caller ID can be easily spoofed, so just because a call appears to be from your {MSP} or other Service Provider doesn’t mean it’s legitimate. Always be suspicious of unsolicited calls asking for personal, network, applications or computer information.
Verify the caller: If someone calls claiming to be from your {MSP} provider or another organization, initiate the Tech Verification procedure or hang up and call them back using a phone number you know to be genuine. Don’t use the number they give you, as it may be fake.
Don’t give out personal information: Never give out personal or corporate information, such as passwords, PINs, or credit card numbers, to someone who calls you, until you have confirmed that they belong to a trusted organization.
Modes of Operation for Zero-Trust Policy on Voice Calls Client Facing Educational Documents
Introduction
Enterprises or individuals (collectively referred to as End-Users or “EU)” recently have been burned by Threat Actors (“TA”) who pose as authority representatives from a government, bank, telecom provider, IT service provider, or any other service provider (collectively referred to as Service Providers or “SP”). They try, through what is colloquially called voice phishing, to pry information from the EU which might enable them to compromise the EU’s enterprise systems, data, bank accounts, etc. In an attempt to thwart the threat attempts, we have developed a Verification System (“VS”) which allows the EU to verify that any voice call requests can be verified as legitimate or a threat.
How is it achieved?
This is accomplished by training the EU to have no trust for any incoming phone call from any SP seeking proprietary information. They are instructed to initiate a verification sequence to validate that the request is from a legitimate entity at the SP.
This provides confidence because it is achieved through multi-factors, all of which are only known by the two participating and valid entities – the SP and the EU.
There is always an a priori information known only by each entity. In the case of the SP, they would know the EU’s phone number, email address or that the EU is a valid registered user of the Customer Portal (“CP”). The EU would know of the SP-provided phone number, email address, or CP. The CP is protected by a UserID/Password sequence.
No matter what medium is used for verification – SMS, email, CPl – the process for the verification follows a very similar procedure. There is always something that is known between the two parties that is not generally published for public consumption such as an SP-provided SMS phone number (“SPN”), Private email address (“PEA”), or a customer portal (“CP”) with a UserID/Password (“UIP”) login sequence.
The sequence would be as follows:
- The SP has reason to contact the EU, and this is done through a voice call to the EU. The SP may be a IT SP responding to a service request ticket, or a bank looking for confirmation on a potentially fraudulent transaction.
- The agreed upon policy between the SP and the EU is that the verification procedure will be initiated for any voice call initiated by the SP to the EU
- The EU, using the agreed upon medium (SMS on a mobile device, an email on mobile, laptop or other computing device, or a web-based customer portal accessed by any of the above devices, the EU starts the verification request (“VR”) by sending a Verify Code (“VC”), #verify for example, to a pre-agreed but private SPN, or a pre-agreed PEA. In these cases, the VC must be initiated from an EU email address or phone number known by the SP. In the case of the CP, the EU logs into the CP with their specific UIP, and clicks on a Verify button within the CP.
- Any of the above Verify commands initiate a sequence of events within our VS that will be completed when the EU has been satisfied that the SP been verified or can reject the verification. In the event that the VR comes from an unknown phone number or email address, the VR process will not be started. However, all VR will be logged for compliance and historical recall.
- The VS will generate a random number (usually 6 digits, but could be any number) that will be:
-
-
- Sent back to the EU through the medium (SMS, email, or CP) from where the VR originated and to the respective phone number (SMS) or email address (email) that originated the VR. In the case of CP-originated VR, the code will be pushed to a banner on the CP. In all cases the code will be sent with an appropriate message indicating its use. The message will read something thing like “The verification code ‘012345’ should be provided BY your service provider. If the code matches the one previously provided to you, you may initiate the confirmation response”.
-
-
-
- Provided to the SP in a SP console with a message that will read something like “ Please provide code ‘012345’ to the EU.
-
-
- The SP will provide the code to the EU via the phone call.
-
- If the EU is satisfied that the SP has provided the corresponding matching code:
-
-
- the EU may give a verbal confirmation to the SP that they are satisfied with the legitimacy of the SP and continue the phone call in which case the SP must manually log this response,
-
-
-
- the EU may send a Confirmation Code (“CC”), #confirm for example, to the SPN or the PEA. In the case of the CP, the EU would click on the “Confirm” button within the CP.
-
-
- If the EU is not satisfied that the SP has provided the matching code the EU may:
-
-
- Hang-up the phone
-
-
-
- Re-initiate the VR
-
5. There are some ancillary functions of the VR that can be considered in specific applications. In the event that the SP has a service or help desk platform, the entire sequence of events ( VR, and corresponding response) can be logged within a service ticket for posterity when the Verification Sequence has been completed. This could be automatic or at the approval of the SP personnel.
E-mail Templates: Short Introductions to Zero Trust Policies Client Facing Educational Documents
Subject: End-User Verification: Ensuring Mutual Security with {Your MSP Name}!
Body:
In today's digital landscape, cyber security threats loom large, fueled by the rapid advancements in Artificial Intelligence. At {Your MSP Name}, we're dedicated to staying ahead of these threats and fortifying our service desk against potential breaches.
Think about the routine verification processes you encounter when contacting your bank, government agency, or mobile phone provider. Shouldn't the same level of scrutiny be applied when safeguarding your business?
That's why {Your MSP Name} is implementing a Zero-Trust Policy for End-User Verification. Every interaction with our service desk involves a simple identity verification process, ensuring that only authorized personnel access your sensitive information or provide support instructions.
While we understand that this additional step may seem like a minor inconvenience, it's a critical measure to uphold the security of your business. Our End-User verification process is designed to be seamless, non-intrusive, and efficient, eliminating the need for memorization of information or PINs and typically completed in seconds.
With {Your MSP Name}, rest assured that your security is our priority. Together, let's reinforce our defenses and create a safer digital environment for your business.
Subject: Technician Verification: Elevating Your Security with {Your MSP Name}!
Body:
At {Your MSP Name}, our team is highly trained to detect security threats. However, as the landscape of voice-phishing attempts evolves with increasing sophistication, we've bolstered our Zero-Trust security policy by introducing End-User Verification. Through our proactive security measures, we enhance your overall security.
Yet, many businesses lack the necessary tools to combat similar attacks within their own environments. That's why {Your MSP Name} offers a swift Technician Verification process, enabling you to promptly and accurately confirm the identity of any caller claiming to be from our team. Adhering to our Zero-Trust Policy, your staff should treat every incoming call from us with skepticism and initiate the Technician Verification process without hesitation. With a clearly defined and easily accessible procedure, you attain peace of mind in mere moments.
Seeking evidence of our commitment to the Zero-Trust Policy? Rest assured, all verification interactions between {Your MSP Name} and your organization are meticulously logged for compliance and historical reference.
Together, we're dedicated to ensuring robust security measures.
Instructing your Customer About the End-User Verification Workflow Client Facing Educational Documents
End-User Verification
{yourMSP} takes security seriously. As part of that, we will be verifying your identity on each call to our Service Desk.
The End-User Verification will take one of 7 forms depending on what information we have available and the available configurations (Duo, Client Portal) :
1) If we have a valid email in our system verification can take one of two forms:
-
- email one-click Secure Link. Note that his email will come from noreply@mspprocess.com. Please click on the link as indicated below within the specified period of time:
The final step is to click on the "Validate":
If the Validate completed successfully, you will see the following:
2) If Duo has been configured, please go to your Duo Mobile app on your mobile phone and "Approve" the verification push:
3) If we have a valid mobile phone number on file we can do the End-User Verification via SMS. The published phone number for all Verification requests for {yourMSp} will come from {YourVerificationNumber}:
- Six-Digit Code - Please repeat the six-digit code back to your service desk technician within the specified period of time:
4) Single-Click Secure Link - when you receive the text via SMS, please click on the validation link as specified below:
Click on "Validate" to complete the verification process:
If verification is successful, you will get the following screen. The verification is now complete:
5) If a client portal has been configured, verification can proceed via the client portal. Please go to http://{your Msp}.mspprocess.net and log in to the portal with your credential information.
When you are logged in and ready, your service technician will verify you in one of two ways:
-
- Confirmation from the Client Portal. Click on the "CONFIRM" button before expiration:
6) Confirmation from the Client Portal with a six-digit code sent via SMS to your mobile phone:
Take the six-digit code that you receive from your mobile phone via SMS to put in the client portal dialog box and click "CONFIRM":
7) If no email or mobile phone is available, you can be verified with a voice phone call to the specified landline phone that we may have on file. The automated system will read you a six-digit phone number so be prepared to write this single-use number down. The six-digit will be repeated a second time if you happen to miss the first time. Provide this six-digit code to your service technician. Your technician will confirm the sucessful completion of the verification.
End-User Verification using SMS End User Verification
This is using Connectwise Manage Pod integration for Illustrative Purposes but can be done from any PSA using the integrated POD or through the MSP Process Admin portal.
On the Pod, make sure the appropriate phone number is selected for the chosen contact. If you choose a PSA Contact other than the default one, you will be required to provide a note, eg Manager Approval. That note is can be enforced through configuration. One the "Send Code" has been clicked, the six-digit code will be sent via SMS to client and the technician must receive, verbally, the code sent to them.
Once the code is received verbally from the client, it must be placed in the "Enter Code Here" box, as below.
Now the shield for the phone number verified should turn green for the configured amount of time.
DUO: Configuration for SSO and End-User Verification General Support
Introduction
DUO (https://duo.com) is a popular identity verification platform. You can use it in MSP Process to acheive two goals:
- To secure the login process of anyone looking to access your MSP Process account at https://app.mspprocess.com. This capability requires the DUO Web SDK to be configured.
- During the end-user verification process; DUO can be used instead of sending the user a verification code via e-mail or SMS. This capability requires the DUO Auth API and Admin API to be configured.
This guide will take you through all of the steps required to link MSP Process to your DUO environment, which includes setting up 3 entities in DUO (their Web SDK, Auth API, and Admin entities) and configuring the appropriate settings within MSP Process.
Step 1: Configuring the Web SDK Entity in DUO
What is the DUO Web SDK? The Duo Web SDK adds the two-factor authentication screens and workflow to the MSP Process login flow.
How is the Web SDK Used? This module only needs to be setup if you want to use DUO to secure how you and your techs login to the MSP Process platform. It is not required if you only plan on using DUO for End-User Verification.
- Login to the DUO Admin portal (https://admin.duosecurity.com/)
- From the left-hand menu, navigate to Application -> Protect an Application
- Search for "Web SDK" in the Search field
- Click on the Protect button beside Web SDK
- In the Details section, copy the Client ID, Client Secret and API Hostname; you'll need them later
- In the Settings section, change Name field to say "MSP Process"
- Click Save
Step 2: Configuring the Auth API Entity in DUO
What is the DUO Auth API? The DUO Auth API is a low-level, RESTful API for adding strong two-factor authentication to the MSP Process website.
- If you're already logged into the DUO Admin portal, proceed to step #2. Otherwise, please login to the DUO Admin portal (https://admin.duosecurity.com/)
- From the left-hand menu, navigate to Application -> Protect an Application
- Search for "Auth API" in the Search field
- Click on the Protect button beside DUO Auth API
- In the Details section, copy the Integration Key, Secret Key and API Hostname; you'll need them later
- In the Settings section, change Name field to say "Auth API for MSP Process"
- Click Save
Step 3: Configuring the Admin API Entity in DUO
What is the DUO Admin API? The DUO Admin API is a low-level, RESTful API for querying DUO for information about objects, such as end users.
- If you're already logged into the DUO Admin portal, proceed to step #2. Otherwise, please login to the DUO Admin portal (https://admin.duosecurity.com/)
- From the left-hand menu, navigate to Application -> Protect an Application
- Search for "Admin API" in the Search field
- Click on the Protect button beside DUO Admin API
- In the Details section, copy the Integration Key, Secret Key and API Hostname; you'll need them later
- In the Settings section, change Name field to say "Admin API for MSP Process"
- In the Permissions section, assign the Grant read resource permission
- Click Save
Step 4: Configuring MSP Process to Use DUO
- Login to the MSP Process portal (https://app.mspprocess.com)
- Navigate to Integrations -> Security Integrations
- Click the Add new integration button
4. Click the DUO Auth API button; specify a name, and then enter the Integration Key, Secret Key and API Hostname from Step #2. Click Submit when you're done.
5. Repeat steps 3 and 4 for the DUO Admin and DUO Web SDK feature
Congratulations! You're Done!
You've now setup the required entities in DUO, and configured MSP Process with the information it needs to start using DUO to secure the login process to your MSP Process UI, and to perform end-user verification.
Notification Groups Scheduling / On Call
Notification group - is the entity which has a unique name and contains a number of notification users. Notification groups can also contain a teams integration. These can be defined under Portal Settings -> Teams Channels.
Notification user - A user that can be manually added, imported from your PSA or from MSP Process users. If a schedule is assigned to the user, it will only send notifications to that user during the schedule assigned.
Scheduler - mathematic formula, which has start and end period (not more than one year length) and describes time and date of availabilaty. Has two options:
-
Get periods - returns an array of availability periods ([{from: 2024-01-01T12:00:00, to: 2024-01-01T13:00:00}] to display scheduler on the frontend
-
Is Active Now (receive date and time) - returns true or false
In case of assignment the notification group for notifications - only users which has active scheduler at the moment of event will receive a notification.
Create new notification group
Name your new group and press “Confirm” button. You could select MS Teams connection if needed. MS Teams notifications will be delivered independent on users’s schedulers rules.
Create notification user
After pressing “Edit” on the notification groups list, you will be available to edit group name, adjust MS Teams connection and operate with users
-
New group - Add new user
-
From CRM user - clone user information from PSA (integration connection required)
-
From MSP Process - clone user information from your tenant user
Notification user is independent entity. In case you clone from PSA or System user, after changin phone, email or name on PSA (system) side, notification user remains stable.
For user creation admin should select ways of notifications for this particular user. In case of several ways (phone and email) - user will receive both of them
After creation admin have to setup scheduler rules for this user. There could be several rules for a single user also with intersections. It does not affect on notification process
Create scheduler rules
To describe schedule ruse formula, admin should set name, color, rule range (start, end, but not more than 1 year), rest of configurations are optional. Admin could use “Test” button to see the result of configuration.
Examples
-
User is on call every working day from 9:00AM till 12:00AM
-
set range from and to
-
set working hours
-
unselect weekend days
-
User is on-call 1 day on/2 days off from 12:00PM till 12:00AM (one day oncall, 2 off)
-
set range from and to
-
set working hours
-
set repeat period with start (today, repeat every 3 days - 1works 2 off, period lenght 1 day - working day)
if Repear Every field is equal to 1 - no periods calculated and rule applies for each day
-
User is on call every second week from Monday till Friday from 9:00AM to 4:00PM
-
set range from and to
-
set working hours
-
set repeat period (weeks) with start (Monday of todays week, repeat every 2 weeks - 1works 1 off, period lenght 1 week - working day)
-
disable Sun and Sat
-
User works ewery working day from 9:00AM till 6:00PM with a lunch from 12:00PM till 1:00PM
-
create two different rules - one before lunch and one after
-
User works every third night from 9:00PM till 9:00AM and then have 2 days off
In this case admin has to create two rules (one before midnight and one after) with a repeat period 4 days and perion 1 day
because in fact user has a “gap” of 3 days between periods, but working hours will be 1 night at work - 2 at home.
To initiate an SMS Conversation from within MSP Process portal following the instructions below:
Go to Ticketing -> PSA Ticketing as shown below and click the three dots next to any open ticket at the far right and choose Add SMS Channel.
SuperOps AI Integration SuperOps.ai
Introduction:
Configuring the integration between MSP Process and SuperOps is quick and easy, and consists of just a few steps:
- Creating a custom field in SuperOps to store your client's mobile/cell numbers
- Creating an API token in SuperOps
- Configuring the SuperOps integration module in MSP Process
- Configuring Ticket Defaults in MSP Process
Step 1: Creating a custom field in SuperOps to store your client's mobile/cell numbers
First lets configure a custom field in SuperOps that will store your customer's mobile/cell number. MSP Process will use that field when you verify your users via SMS.
- Login to SuperOps
- Navigate to Settings -> Advanced Configuration -> Manage Fields
- Click on the Requesters tab
- Click the Create button, and choose the Short Text data type
- Enter a name for the field; MSP Process will recognize any of the following names (case insensitive):
- mobile phone
- mobile number
- cell phone
- cell number
- cell
- mobile
- Now that you've created the custom field, you'll need to populate it for each of the Requester users that you have in SuperOps. To do this, navigate to Client Management -> Clients, and click on Clients -> Requesters from the left-hand nav bar. From this screen you'll be able to edit each Requester and populate the custom field accordingly.
Step 2: Creating an API token in SuperOps
Now lets generate an API token from SuperOps. In addition to the API token you will need the web address of your SuperOps site.
Generate the token and click the copy button next to the token.
Step 3: Configuring the SuperOps integration module in MSP Process
To setup SuperOps AI Integration in MSP Process go to Integrations -> PSA Integrations and click on Add PSA.
Select SuperOps from the list of Integrations:
Input your web address you gathered from SuperOps URL and your API key as shown below:
Step 4: Configuring Ticket Defaults in MSP Process
The last step is to configure your ticket defaults based on your SuperOps settings:
Once you have setup your PSA and ticketing defaults you can now use End User Verification and other components of the integration. For end user verification follow the instructions below:
Verifying End Users within MSP Process Portal
Client Portal Chat Notifications Client Portal
To Enable Notifications for Client Portal chat there are two components to it. The first is to enable notifications on your MSP Process account. You can do this by going to the profile icon in the top right next to your name as shown below:
Turn on and set your email or SMS notification preferences:
Then go to Client Portal -> Configurations and edit your configuration as shown below:
Enable Notifications and set it to 1 min for the fastest notification. Then click one or more users who will get notified on inbound client portal chat requests.
Click Submit. If you select more than 1 user the system will round robin notifications.
Secure Data Send Settings How to Articles
To configure the default settings for the Secure Data Send feature, login to the main MSP Process UI (https://app.mspprocess.com), and navigate to the Portal Settings -> Secure Data Settings page.
The Secure Data Settings page allows you to configure how sending both text and files will behave. You can also choose to lock down these settings, so they can't be modified by your Technicians.
Disable technician ability to change link, logs and file settings on secure data page - This locks the settings that a technician sees when sending a customer data or text.
Enable File Sending - This enables the ability to securely send files to your customers. By default, it's enabled.
Single Use Link - This makes it so that the end-user can only access the text/data once.
Time to live for secure text send links - When sending text, this controls how long the link will be active.
Save Logs to Ticket/Contact - This will save the actions of the tech and the user regarding the link. This includes when the tech sent it, and when the user opened it.
Save logs to internal note - This will save logs of all actions to the internal note on your PSA instead of public discussion note section.
Save data to internal note - Whatever password or text is sent to the user would be logged as an internal note. By default this option is disabled.
File save expiration period - Controls how long a file will be available. Default is 1 day.
File save location - Controls which region the file will be stored. By default this will be in the same country that was specified for your tenant with MSP Process.
Page Header Text - This is the header displayed to the user above the link when they receive the message and click the link.
Message on Reveal Secure Data - This is a message is revealed once the user shows the data from the link.
SMS Template - Messaging that is sent with the SMS link to the user. You can put text before and/or after the link. Do note remove the ${link} as this will break the functionality.
Email Template - Same as above, you can add text before and/or after the link.
How to Invite Clients to your Client Portal Client Portal
Now that you have created a Client Portal using the "Client Portal Creation" KB article, it is time to invite your clients to use the CIient Portal. This can be done singularly or in bulk. Both will be described in this article.
To access the list of your clients who may be invited to the Client Portal: choose Ticketing -> PSA Contacts.
Singular Client Invite
First, find the user that you would like to invite. You can narrow down the options by putting search terms in the appropriate search box of the appropriate column. Next, click on the "monitor" icon on the appropriate user that you wish to send an invitation to.
Finally, when the dialog box appears, choose the appropriate Client Portal. If you set a password, this will be the password that the user uses in combination with their email address. If you leave the Password box blank, the user will be requested to update/create their password on the first login.
The email will be sent out using the default Client Portal Invite template. If you wish to change this template, please review KB article "Customize Client Portal Invite Email".
Bulk Client Invite
First, choose the clients that you would like to invite to the Client Portal. They can be filtered by Company or any of the other searchable criteria. Once they invitees have been selected, click on "Send Invites" on the far, top, right side.
Finally, choose the appropriate Client Portal and then "Submit"
The email will be sent out using the default Client Portal Invite template. If you wish to change this template, please review KB article "Customize Client Portal Invite Email".
Client Portal Creation Client Portal
Click on Client Portal -> Ticket Defaults -> Create Default. This will create the default action taken when tickets are received through the Client Portal.
Some of the choices for some of the items may not appear as shown as they are configurable items in your PSA.
Client Portal -> Configurations -> Create Configuration. This will allow you to create as many Client Portals as you would with unique companies and users.
This configuration page allows the creation and customization of a client portal. Please note that the domain name needs to include "https://{nameofyourportal}.mspprocess.net" where "nameofyourportal" is substituted with your custom name. Hit "Submit" when complete. You may edit the resulting configuration to make changes.
Note, to add a Logo to the Client Portal, you have to complete the "Create Configuration" first and then you can go back and edit the Configuration.
Customize Client Portal Invite Email Client Portal
Click on Client -> Invite Email Template
Then click the checkbox as shown below to customize the default email template. Be careful not to remove links that are in use. You can also use the + to the left of the email body to add in any links needed.
Setup ConnectWise Schedule Notification Automation Bots
This support article will help you setup Schedule Notifications for ConnectWise Manage using our Automation Bots.
Go to Data Sources -> App Bots
Click on Create at the top right corner as shown below:
Click Enable and Select Process Identity and Non-Idenity fields as shown below:
Give it a name and select ConnectWise Scheduled Entry Observer
Click Integration and select ConnectWise and it will fill in all the integration fields.
Then choose dataLastDays field and set it to a minimum of 3 days but we recommend 7 days. This will sync up scheduled data from the last 7 days so the system has a baseline for existing scheduled entries.
Click Submit.
Once this is submitted the system will create a Data View for this App Bot. You can review the data by clicking Data and selecting the view.
You can then setup notification rules to target this data:
Ex: When you want to send out a notification on a new scheduled entry for a tech, when an appointment is coming up or past due.
Ex 2: Notify clients based on technician being scheduled on their ticket.
Below is a sample notification where we are sending the tech a reminder notification 45 minutes before the call is due. Notice the last option should be turned on to skip the initial notification (ie when the resource was first scheduled). This prevents duplication on the notiifcations.
If we did not use the repeat notification, then the system would just sent notifications when resources are scheduled on a ticket.
Update Purchase Orders to ConnectWise Automation Bots
To post updates from an email that was parsed to a ConnectWise PO you can enable this on the Notification level as shown below:
Click Integration and select your integration PSA name and it will autopopulate the fields as shown below.
The next screen you can right click in each of the fields and add the variables to it.
Customize Opt-in Templates Opt-in / Email Forms
Customize Opt In Templates
You can customize the Opt-in e-mails/text messages that are sent to your end-users. Simply navigate to the Contacts menu, and then click on the Opt-in Template button that is in the top right-hand corner of the UI:
Once you've clicked the Opt-in Template button, you're then able to customize the e-mail/text message templates:
Do NOT remove the $url or any formating as it pertains to the url. Please only change the wording as removing the URL will remove the link the user will receive.
SMS Template: is the Opt-in Template language that is sent to the user as a text messagee, if you choose to send an Opt In form to a mobile/cell number.
PSA Ticket Note Template: This is the note logged to your PSA when an Opt-in form is sent to the user.
Email Subject Template: This is the subject of the Opt-in Email.
Email Header Template: This a header template if you would like to use a header at the top of the Email.
Email Body Template: This is the body of the email and you can use HTML as well to design it.
Further Customization #1: Customizing the Logo that is in the Body of the E-mail
Be sure to add your logo to your tenant and turn it on for Email as shown below:
Go to Portal Settings -> Settings to verify it is setup properly.
Further Customization #2: Changing the Sender Address of the E-mail
By default, all e-mails that the MSP Process platform sends out come from noreply@mspprocess.com. You can have Opt-in form e-mails get sent through an M365 mailbox - we strongly recommend that you do so, so that your customers trust the e-mails you send them. Instructions on how to set this up are ready and waiting for you in the following KB article:
Sending E-mails through an M365 Shared Mailbox (mspprocess.com)
Scheduling Setup Scheduling / On Call
Under Teams go to Notification Groups as shown below and click on Add New Group.
Give your on call group a name and click Create. Disregard teams integration for now, that will be available in a future update for more automated on call settings.
Click on the edit button next to the Schedule Group you just created.
Add in your users from your CRM/PSA by clicking From CRM users. You can also add users from MSP Process or add them manually using the new group button.
Search and select all users.
Click submit once you've added them all in.
Now go to Teams -> Scheduling and click on the team via the first drop down shown in blue below. Once it is selected click New Schedule.
Below is an example of an on call schedule creation with notes on the screen.
You can choose to repeat every (x) number of weeks or days. Weeks it he most common use. The starting day will be the day the schedule starts so if you want it to start on a monday, be sure to select the first monday date you would like the schedule to start.
Period Lengh I will update the doc on later with an explanation, please use 1 for now.
The rule range can only be set 1 year out for now but we will adjust this in the future.
Technician Verification - Using SMS Technician Verification
Technician Verification via SMS
Social engineering attacks by bad actors at an MSPs clients are increasing. Bad actors are imitating the MSP / IT Service Provider attempting to gain access to a computer, server or network. CDK Networks was breached recently and they leveraged that breach to immitate the MSPs/Service Providers by calling on the dealerships in attempts to gain access to client computers and networks.
The purpose for Technician verification is for the client of the IT company or service provider to verify the support company is legitimate before allowing access to their computer systems or providing sensitive information without verifying the caller. Typically, the systems available today provide a mechanism for the IT company verifying the end user calling in for IT support. This would be providing that same capability but in reverse.
The process could not be more simple. When you signup you receive a Verification Phone number. You simply provide this to all of your existing clients and let them know they can request a verification via SMS to it.
-
The user sends a #verify message to the number you have provided to them.
-
Each party is sent a randomly generated 6-digit code.
-
The Technician provides the code to the end user and assigns the verification to the ticket in progress for tracking.
-
The end user types #confirm to the same number to confirm the verification was successful.
- The user receives back an automated message showing the verification was completed successfully.
To test it out send #verify to the phone number you selected above in the first step from your mobile phone. You will receive back a code automatically.
The technician will also get a copy of this code in his PSA portal or inside our MSP Process webapp. ConnectWise is shown below for reference.
Once the technician reads the code back to the user, the user can type in #confirm and send to complete the confirmation process.
To setup Technician Verification:
First go to Verification Settings -> Select Verification Phone Number. If one is not already selected, please select one to use. This number will be used for both End User Verification and Technician Verification purposes. So your users will only need to use the one number and they will receive codes for end user verification over the same phone number.
Verification Policies End User Verification
Verification Policies
MSP Process enables MSPs to set individual Verification Policies on a per client basis. Within the policy a user can set a banner as well as shown below:
Show Verification on Load means it will load and display on the pod the first time the user creates or opens a ticket.
Open any support ticket or a new one for that client and the banner should show once the ticket loads.
IP Address info for MSP Process General Support
If you need to whitelist our IP or domains they are shown below:
Deploying the MSP Process Pod in ConnectWise ConnectWise
Deploying the MSP Process Pod in ConnectWise
In MSP Process, navigate to Integrations -> PSA Integrations and then select your ConnectWise Integration.
Then select the copy button as shown below; you'll need that when configuring the MSP Process pod in ConnectWise.
Next, go into ConnectWise and select System -> Setup Tables. Once in setup tables search for the word manage and click into the Managed Hosted API table as shown below:
Click the + sign to add a new entry:
You can then fill in the information below as shown. The link you copied will be pasted into the URL field. Once you fill in the info click Save and Close.
We will then create one more by clicking the + button again and setting up this one as a Service Ticket selection as shown below. All the settings are the same except for the name and the Screen should be set to "Service Ticket". Save and close once finished.
Open your contact under Companies -> Contacts and then click the Plus or Configuration Gear box as shown to add the new Pod to your Contact Screen. Once you do you will need to login with your MSP Process credentials.
Create a service ticket using your contact and add the MSP Process pod to the Service Ticket as shown below.
Please note that each of your users will need to add these pods to their layout (the last two steps above) but they should already be there for them to add to their view.
NOTE: Before completing the steps in this KB article, please setup a Security Role in ConnectWise that has the permissions outlined in this KB article.
Login to ConnectWise as an Admin and select System -> Members -> API Members as shown below:
Click on + as shown below:
Fill out all required fields - including specifying the Role as the one you created earlier - and click the Save button.
Click on API Keys and then click on the + sign to add a new key:
Give it a description and click Save:
The keys will disappear after you click save and close so copy both now to a document or directly into MSP Process before you save and close in ConnectWise.
Now login to MSP Process and navigate to Integrations -> PSA Integrations. Click + to Add CRM and select ConnectWise.
Select ConnectWise
Enter your PSA Connection Details:
The next screen will have you select all your ticket settings. You will need to click Validation after selection and then submit. All fields shown below are required. The other fields are optional.
Verifying End Users within MSP Process Portal End User Verification
This article is for verification using MSP Process portal. Some of our integration vendors do not support an embed capability where we can embed our End User verification in their app. In that case you can use the instructions below:
Login to https://app.mspprocess.com
Go to -> Ticketing -> PSA Ticketing
Then search for the ticket number/contact etc and click on the lock to the right to initiate a verification.
Click on the lock button to the right of the ticket you'd like to verify the user on.
Then select the shield next to the Email or Phone Number you wish to use to verify your end user. Make sure the contact on the ticket has a mobile phone number on it if you are attempting to use SMS verification.
Once verified you'll be returned to the verification screen and the contact will show in green for verified as shown below:
How to Setup Live Chat Live Website Chat
The configuration is under Teams -> Live Chats. You create a chat profile and then there is a copy option to copy the configuration.
MSP Process (direct link inside app to Live Chat Configurations)
Once you get to this page you can Create a Configuration by clicking Create Configuration:
Then fill out the pop up box with the info:
Give your bot a configuration name (MSP Process Bot),
Select your PSA configuration.
Give your bot a Widget Title (this name will be shown at the top of your chat window ie Your Company Name Chat Bot)
Leave Chat Sequences blank unless you have created a chat sequence. If you have you can select it here. If not, you can always add one and select it later.
Put in your greeting message that will welcome users to your chat when they click it.
Select Responsible Admins (The admins responsible for receiving Chats and responding).
Choose an Accent Color for your website
Decide if you'd like to allow Website visitors to re-open a previous chat or not.
Then click Submit.
Once you submit the chat you can go to Chat Sequences and add any sequences you'd like.
Then you can go back to edit the Chat Configuration and add those to it as well as a logo/widget icon from your company.
Then just click on the Copy URL button next to your newly added Chat and add this to the pages on your website you would like to the chat to appear:
Once you've added it to your website you can then go to Live Chats button, Select your Live chat profile and see any incoming live chats on this screen as shown below:
Click on the Eye next to any chat to view the chat and respond:
To Turn on notifications when a user initiates a chat Click the profile icon to the top right, then turn on email and/or phone options to be contacted via email or SMS when a user initiates a chat.
Live chats can be seen from the mobile MSP Process Tech App:
From the MSP Process Portal you can also see incoming notifications about chat requests and manage all chats here as well:
If you wish to turn a live chat into a ticket you can do so from this screen after clicking the Eye icon next to the chat.
You can then see the options to select from quick ticketing or manually select the summary and board/status info.
ConnectWise Security Role Details ConnectWise
Introduction
At MSP Process we believe in only setting the minimum permissions required to leverage our application for your business needs. Please find the outline below along with a more granular review of the permissions.
Adding a Security Role for MSP Process
- Login to your ConnectWise Manager account
- Navigate to System -> Security Roles
- Add a new role, name it MSP Process, and give it the permissions listed below:
Area | Permission | |
Companies |
Company Maintenance: Inquire (All) Company/Contact Group Maintenance: Inquire (All) *Configurations: Inquire (All) Contacts: Add/Edit/Inquire (All) CRM/Sales Activities: Inquire (All) Manage Attachments: Add/Inquire (All) Notes: Add/Edit/Inquire (All) Team Members: Inquire (All) |
|
Finance |
***Agreements: Inquire (All) **Invoicing: Inquire (All) |
|
Project | Project Tickets: Inquire (All) | |
Service Desk |
Close Service Tickets: Add/Edit/Inquire (All) Resource Scheduling: Add/Inquire (All) Service Ticket - Dependancies: Add/Edit/Inquire (All) Service Tickets - Finance: Inquire (All) Service Tickets: Add/Edit/Inquire (All) SLA Dashboard: Inquire (All) Ticket Templates: Inquire (All)
|
|
System |
Member Maintenance: Inquire (All) My Company: Inquire (All) Table Setup: Inquire (All) |
|
Time and Expense |
*** Time Entry: Add/Edit/Inquire (All) |
* only required if you're allowing your end-users to link tickets in the MSP Process Client Portal to Configuration Items
** only required if using the Invoices tab within the MSP Process Client Portal
*** only required if you're creating Time Entries from the Ticketing -> PSA Tickets page, or from the MSP Process mobile app
4. Within the System area, click the customize link beside the Table Setup permission (screeshot below):
5. Make sure that the API user you've created has access to the following Setup Tables:
NOTE: The "Allow" column is on the left; the "Disallow" column is on the right.
-
Activities / Activity Status-CRM
-
Activities / Activity Type
-
Company / Company Status
-
Company / Company Type
-
Company / Configuration
-
Company / Configuration Status
-
Company / Team Role
-
Contacts / Communication Type
-
Contacts / Contact Relationship
-
Contacts / Contact Type
-
Contacts / Department
-
General / Auto Sync
-
Scheduling / Location
-
Scheduling / Reminder Time
-
Scheduling / Schedule Type
-
Scheduling / Schedule Status
-
Service / Priority
-
Service / Service Board
-
Service / Severity
-
Service / Source
-
Service / Ticket Description Links
-
Service / Ticket Templates
-
Time / Work Role
-
Time / Work Type
6. You may then save and close the MSP Process Security Role.
API Endpoints Used by MSP Process
This is a list of all APIs we get information from or post using the API connections. Please adjust your permissions based on the details below. Please note that some of these API requests are part of other functions of our app and are not needed for End User and SMS utilization.
Type |
API (resource) |
Description |
---|---|---|
GET |
|
Check is connection is valid |
GET |
|
Get statuses (company filters) |
GET |
|
Get types (company filters) |
GET |
|
Get statuses (configuration filters) |
GET |
|
Get types (configuration filters) |
GET |
|
Get configurations |
GET |
|
Get all companies |
GET |
|
For contact creation |
GET |
|
For contact creation |
GET |
|
note types |
GET |
|
contact notes |
GET |
|
contact |
GET |
|
contacts count |
GET |
|
valiadate client portal credentials |
POST |
|
request reset password |
System
Type |
API (resource) |
Description |
---|---|---|
GET |
|
Get resources |
GET |
|
Get API resources |
GET |
|
Get departments |
GET |
|
Get audit trial |
GET |
|
Get system callbacks |
Finance
Type |
API (resource) |
Description |
---|---|---|
GET |
|
Get the list of invoices |
GET |
|
Get a specific invoice |
Service
Type |
API (resource) |
Description |
---|---|---|
GET |
|
Ticket notes |
PATCH |
|
Update ticket note |
GET |
|
Ticket timeline |
GET |
|
Tickets |
GET |
|
Time entries |
GET |
|
Priorities |
GET |
|
tickets |
GET |
|
boards |
GET |
|
types |
GET |
|
subtypes |
GET |
|
items |
GET |
|
statuses |
GET |
|
impacts |
GET |
|
severities |
GET |
|
locations |
GET |
|
sources |
GET |
|
agreements |
Ticket Notes
Type |
API (resource) |
Description |
---|---|---|
POST |
|
toggle note type |
Time Entries / Schedule entries
Type |
API (resource) |
Description |
---|---|---|
GET |
|
time entries |
GET |
|
time entry |
GET |
|
work types |
GET |
|
work roles |
GET |
|
schedule entries |
GET |
|
schedule entry |
GET |
|
statuses |
Update your Company Logo How to Articles
Click on Portal Settings -> Settings. Then Select upload new Image.
Lastpass Password Fix General Support
Login to your lastpass vault and click on Advanced. Then turn off "Use Improved save and fill".
SMS Opt In - Bulk Send Opt-in / Email Forms
Bulk Opt In Forms
They serve two purposes for MSPs. You can allow your users to opt in to receive SMS messaging prior to you sending them for support.
The system will also allow them to update their phone number if it is not the correct number for SMS.
Before you begin we recommend setting up your company logo if you haven't already:
Update your Company Logo (mspprocess.com)
Go to the Contacts page
On this screen you can set your Opt in template that shows the messaging that will be sent to your users on the email:
Here is a sample of what one might look like:
Filter by name, company, phone number or e-mail address; then select the users you'd like to email the Opt In form and click the Send Opt-In Form button as shown below:
A review screen will come up that shows you any issues such as an incorrect format of the existing phone number. To receive SMS each contact needs to have the Country Code such as +1 in front of the number for US. We generally recommend emailing the Opt In forms but you can also choose to send via SMS as well as an option or mix and match depending on the company/user.
Click submit once you are ready to email out the forms. Emails will be sent to everyone in the list and they will have the opportunity to update their contact number from the link in the email.
The system will show if there are any errors (incorrect email/phone number etc):
Here is a sample email received and how it looks if a user opens/clicks on their mobile phone as well:
SMS Opt In Form - Single User Opt-in / Email Forms
You can now send one or many opt in forms via email to your clients using the PSA Contacts screen.
If you'd like to allow your user to update their mobile phone you can check that box. The preferred way to send Opt in should be email so that you don't send SMS without the users permission.
Users will receive an email similar to the one below:
Once they click the Opt in link they will receive a dialog like the one below to confirm they'd like to receive SMS and they can update their phone number in ConnectWise if you've allowed them to do so.
Once they are opted in the system will show a checkbox that they've opted in.
This data also shows in the ConnectWise Pod. You can send an Opt in Form from inside of ConnectWise. A green checkbox shows when someone has opted in:
To change the language in the email that is sent you can use the options above:
PSA Defaults allow you to predefine settings that will be used in SMS/Ticketing Processes.
Go to Integrations -> PSA Integrations
Click on the integration you have setup. In this case I'll use ConnectWise as an example.
Select the defaults you'd like for the ticketing profile and click Submit
Name - Give your profile a name
Default Company - This is utilized when the system is not able to match a contact with a company. In this case the ticket will be set to your default company. We usually recommend this be your own business company in your PSA.
Type - Set the ticket type
Subtype - Set the ticket Subtype (optional)
Item - Set the Item (optional)
New Ticket Status - Set the new ticket status. This is the status we will set for new tickets that arrive.
Closed Ticket Status - If you use close a ticket utilizing MSP Process it will use this status unless you select it. If the user closes the ticket it will set it to this status as well.
SMS Received Status - When an SMS is received from a user the system can automatically update the status of the ticket. We usually recommend creating a status such as "SMS Received" that way whoever is working the ticket knows an SMS was received.
Click on the View Icon shown below to see the details about the ticket and SMS chat.
Our SMS Conversation templates allow you to create templates for use when creating a ticket and enabling SMS.
Click on SMS -> SMS Conversations as shown below.
From templates you can Add, Edit, Clone or delete existing templates.
Adding an SMS Channel allows you to create a ticket and enable an SMS chat between you and the contact for the company.
** IMPORTANT NOTE ** The system will use the ticketing defaults that are setup for that SMS Channel so that you don't have to select them each time. This allows you to generate tickets more quickly with less selections.
To enable an SMS Channel go to Messaging -> SMS Channels
Click Add at the top right
Once you click Add then select the Company, Contact and a template or manually type in your subject and message. You can also create templates and use those for faster ticket creation.
Our SMS Channel Configuration Options give you control over how you interact with your customers over SMS. For instance you may not want to allow them to send inbound SMS to create a support ticket depending on your workflows. In this case you can initiate the first SMS and allow the user to respond. Most MSPs are going to a two-way approach allowing their customers to send in tickets this way. It improves time to resolution by allowing customers to communicate on a platform they use all day long, SMS.
How to Configure SMS Channels
Go to Messaging -> Configurations -> Add
CRM - Choose the PSA you intend to use that you've already setup under integrations. If you are an MSP or provider with more than 1 PSA you can utilize multiple ones and setup separate configurations for each.
CRM Defaults - Choose your PSA Defaults that the system will use when a user sends in a ticket it will route to the board/queue with proper settings you've selected.
Phone Number - Select one our avaialble phone numbers or request a new number with your own area code to use. This number can be utilized to send outbound SMS and receive inbound SMS to automatically generate tickets.
Notification Group - Our Notification groups can be setup for On Call Scheduling to notify the technician on call via Email, SMS, Phone Call and Mobile App (coming soon).
Allow Users to Create Channels - This allows your customers to send an SMS to your phone number above to generate a ticket and SMS channel.
Confirm Messages to User - This setting means anytime a user sends in a message, they receive a confirmation text that the system received it and the ticket was updated. The system will by default send them back a message with their ticket info and instructions on the first SMS back to the user.
Put Channels link to ticket - This adds a link to the SMS chat in MSP Process right into the ConnectWise ticket so the technician can easily click right into the SMS chat.