The revalidation of Cisco.com users is imperative to ensuring that only authorized people are granted access to Cisco services. A user who has a valid Bill-to ID added to their Cisco.com profile and enabled for support access is entitled to receive services from Cisco using all contract numbers under that Bill-To ID. In addition to receiving support, they may also view any current and historical support cases related to the service contracts under the Bill-to ID and access other Cisco tools. Incorrect access has the potential for fraud and data exposure. Regularly reconfirming and validating access maximizes the value that Cisco support contracts provide to users and protects confidential data.
Cisco now requires a 6-month validation of users granted Cisco tool and support access via Bill-to IDs. SAMT Bill-to ID Admins will be notified when a Bill-to ID they manage is due for revalidation. Notifications will be sent 30 days, 15 days, and one day prior to the approaching revalidation due dates.
A SAMT Bill-to ID Admin may log into SAMT, click the hyperlink ‘Revalidate that Users are authorized for service by Bill to ID’ present on the Administration tab, and revalidate users. Once a SAMT Admin has indicated within SAMT that revalidation is complete, the next revalidation will be due in 6 months. Revalidation may be performed at any time, but no longer than 6 months from the prior revalidation completion date.
When a Bill-to ID is in overdue status for user revalidation:
Users are entitled to access Cisco services when either a contract's Bill-To ID ("BID") is in their Cisco profile, or when an individual contract number is in their profile. Only users who work for a Bill-To company should have access to Cisco services through a Bill-To ID. Therefore, when a SAMT Bill-To ID Admin attempts to add a Bill-To ID to a user's profile from the 'Manage by Number' or 'Manage by Name' tabs and the user's parent company does not match or relate to the Bill-To company, a pop-up will appear. This pop-up is a warning to check the users chosen are correct and, if so, notify the users to update their company in their Cisco profile, if necessary. As the Bill-To company representative designated to determine which individuals are entitled to obtain technical support, the SAMT Bill-To ID Admin is trusted to grant the correct access. When the pop-up message appears, the SAMT Admin may choose to cancel the transaction by clicking "CANCEL" or continue by clicking the "CONTINUE" button. A one-time pop-up message will also appear for the SAMT Bill-To ID Admin upon logging into SAMT when a request for Bill-To ID access is pending. The pending Bill-To requests may be from users of the requested Bill-To company or users from other companies. The pop-up will not appear in the 'Manage by Group' tab but a message reminding the Admin of the importance of correct Bill-To access is present on the bottom of the screen.
Beginning November 2020, SAMT Admins will receive a notification when any access requests are pending their review for 1 week or longer. Any requests older than 28 days that are still pending review will be cancelled. Upon cancellation, the requestor and SAMT Admins will be notified. The requestor may submit another access request at that time. At least one reminder notification will be sent to SAMT Admins prior to a request being cancelled in the system.
Within the "Manage by Group" tab, using contract number sub-tab, after choosing to add or delete a contract from a Support Access group, SAMT provides a list of contracts for the SAMT Admin. Previously, the SAMT Admin must search each page of the displayed contracts for the contract number(s) to add or delete from the group. Now, a new input box is available on the page where the SAMT Admin may input a known managed contract number to add or delete from the support access group, without the need to search the list of contracts appearing on the lower portion of each page. The search functionality is still available to use when the contract number(s) are not already known.
It is possible for a SAMT Admin to grant access to a user proactively in the "Manage by Number", "Manage by Name", "Manage by Group" tabs in SAMT and, at the same time, have a request for the same user pending in the "Requests" tab. If access is granted proactively instead of through the requests queue, when the SAMT Admin returns to the "Request" tab, the SAMT Admin must log out of the tool and log back in so the pending requests will be updated and any requests no longer relevant will be removed. A pop-up will no longer appear to remind the SAMT Admin to log out and back in to update the request. If the SAMT Admin does not log out and attempts to process a request for a user that was granted access in "Manage by Number", "Manage by Name" or "Manage by Group" tab within the same session, the user may not be granted access or an error message may be displayed.
SAMT will not permit a SAMT Administrator to proceed with the action “Add name to group” when the group contains at least one contract due or overdue for revalidation. The revalidation of users is imperative to ensuring that only authorized people obtain the services provided by partner/customer to contracts. This revalidation is required to be completed by SAMT Admins on a yearly basis. Regularly reconfirming and validating access maximizes the value that the contracts provide to users and protects confidential data. Any SAMT Admin may revalidate users associated with contracts at any time from the “Administration” tab or “Manage by Name” or “Manage by Number” tabs. When contracts are due for revalidation, an alert appears at the top of “Manage by Name,” “Manage by Number,” “Manage Group” and “Lock/Unlock” tabs in SAMT. When a SAMT Admin completes the required revalidation for all due or overdue contracts, the messages no longer appear.
It is possible for a SAMT Admin to grant access to a user proactively in the “Manage by Number”, “Manage by Name”, “Manage by Group” tabs in SAMT and, at the same time, have a request for the same user pending in the “Requests” tab. If access is granted proactively instead of through the requests queue, when the SAMT Admin returns to the “Request” tab, the SAMT Admin must log out of the tool and log back in so the pending requests will be updated, and any requests no longer relevant will be removed. A pop-up will appear anytime a SAMT Admin returns to the “Requests” tab from another tab, reminding the SAMT Admin to log out and back in to update the request queue. If the SAMT Admin does not log out and denies a request for a user that was granted access in “Manage by Number”, “Manage by Name” or “Manage by Group” tab within the same session, the user will not be granted access.
We have created a SAMT user guide for contract-level administration that encompasses all features of SAMT, as well as an explanation of Cisco service entitlements. The user guide is available for reference on the SAMT training page where our training modules are located. The User Guide’s table of contents can be employed to quickly locate and reference a specific area of SAMT for review. This user guide will be updated accordingly as the tool changes and evolves to meet customer needs.
This year, Cisco began rollout of "My Cisco Entitlements" (MCE)—a single platform for customers to view, manage, and transact all their Cisco entitlements across hardware, software, services, and subscriptions. Now, when an MCE customer tags their service contract entitlements with their Smart Account, that will be reflected in SAMT.
User access to services and software subscriptions is being managed in two separate systems—SAMT and Smart Accounts. With MCE, customers now have a path to converge their user access management into a single experience.
Most customers have different employees, or their partners, manage user access in one or both systems. In those cases, the administrators may not even be aware of each other. To help bridge this gap, SAMT now displays the following alerts to indicate the Smart Account migration status for managed contracts. SAMT Administrators may see these alerts appear in various screens, including Manage By Number, Manage By Name, Pending Requests, and Contract Details.
A yellow triangle appears when a customer's contract lines were tagged with a Smart Account for asset management purposes but are not yet migrated to Smart Access.
A red triangle appears when access management to the contract has migrated to Smart Access but is still within a "grace period." During the grace period, all users who were previously granted access to the contract in SAMT will continue to receive access. Any access for new users to this contract, during or after the grace period, should be granted through the Smart/Virtual Account.
A red and white “x” appears when a customer's contract lines were migrated to Smart Access and the "grace period" has expired. All user access for this contract is now managed exclusively through the Smart/Virtual Account.
A blue triangle indicates a multi-customer contract for which one or more end customers had their contract lines tagged with a Smart Account or migrated to Smart Access. Click on the contract number to display the contract details and status for each individual end customer on the contract.
Visit the My Cisco Entitlements web page for more information and the opportunity to migrate to Smart Access.
Users’ last login dates were added to the downloadable reports. SAMT Admins can now use this information to determine who are active versus inactive users and use this information for audits and revalidating user access. Because the download file format has changed, if you use macros or other integrations with these reports, you may need to modify your macro or programs to recognize and use the last login date column.
The following issues were addressed as part of the August 17, 2019 release:
Parent Company Names and Association Types were added to the SAMT “Contracts by User Name” and “Contracts by Number” reports making information, useful to managing contract associations, conveniently available to SAMT Admins. They can now more easily determine if a user was, or should be, associated with their managed contracts. Because the download file format has changed, if you use macros or other integrations with these reports, you may need to modify your macro or programs to recognize and use the new parent company column.
The following issues were addressed as part of the July 13, 2019 release:
Service Access Management Tool (SAMT) Administrators who do not want to receive emails regarding parent company site changes to their contracts previously had no ability to suppress them. A new Notification Preference option now allows you to receive or stop these notifications. For help on changing your notification preferences, view our Notification Preferences training module.
The following SAMT issues were also addressed as part of the June 2019 release:
In preparation for an upcoming option to consolidate user access management by Smart Account, some SAMT screens and reports have been updated to display additional information. These new features will be available to administrators who use My Cisco Entitlements (MCE) to manage their services entitlements. For more information on MCE and its benefits, visit cisco.com/go/mce.
While only those participating administrators will see the additional information on the SAMT screens, two new columns have been added to several SAMT reports (see list below) to accommodate the new data. The “Migration Status” and “Smart Account Names” columns will be blank for all other administrators. Because the download file format has changed, you may need to modify your macros or programs to recognize or ignore the new rows/columns. The reports impacted are: