SORACOM IoT platform – 3 new enhancements

Written by: Soracom Team Published: April 24, 2018 Services

Tags: Authentication | Cloud Computing | Code | IoT | Iot Platform | Security | Soracom Harvest

Today’s big news was the Public Beta release of Soracom Inventory, but it wasn’t the only news. In addition to the major releases, we’re always looking for ways to improve the services and interfaces we already offer.

Today at Soracom Technology Camp 2018 we announced three new enhancements to existing features, all designed to make the Soracom IoT platform more flexible, more capable, and more secure.

1. Added Multi-factor Authentication (MFA) to the User Console

We’ve gotten a lot of requests for this one. Significant percentage of data breaches actually involved weak or stolen credentials and today we’re happy to address this. We’re also happy to make it easy:

To enable MFA:

• • Click your email address after logging in, and select security.

    

  • Choose Multi-factor Authentication, and you will see the screen below.

    

  • Click “Enable”, and you will see a QR code that can be scanned with your preferred MFA mobile app. We tend to use Authy or Google Authenticator.

    

• • Please make sure you save your backup code in case your MFA device is not working. This code is necessary to disable your MFA setting so keep it somewhere safe where you’ll be able to find it again.

• Once you click “Enable”, when you enter your username and password to access the Soracom Console you will see the screen below.

  

• Use the mobile app to get your verification code and sign in.

2. An IoT Platform with New Access Management syntax

Soracom Access Management (SAM) offers platform users another way to enhance access control. Today, we’ve added new syntax to increase SAM flexibility —

pathVariable()

and

samUserName

Let’s look at how each variable works.

pathVariable()

allows you to get a value from a placeholder defined in an API path. For example, our password API is defined below:

PUT /operators/{operator_id}/users/{user_name}/password

and you cast it as:

PUT /operators/OP9999999999/users/IoT-User/password,

then

pathVariable('operator_id')

would be

OP9999999999

and

pathVariable('user_name')

would be

IoT-User

Another variable is

samUserName

and this is as obvious as it sounds. This contains the SAM user’s username. If you log in as

IoT-User

, then

samUserName

will be

IoT-User

.

If you combine the two, you can start to write interesting policies like this one, which ensures that a SAM user can only change their own password.

{ "statements":[ { "effect":"allow", "api": "User:updateUserPassword", "condition": "pathVariable('user_name') == samUserName" } ] }

This was another popular user request, and one we’re very happy to add today.

For more information regarding SAM permissions, please refer to https://dev.soracom.io/en/docs/sam_permission/

3. Location data support for SORACOM Harvest

One of the top requests related to the SORACOM Harvest service was the ability to plot GPS coordinates on a map.

Harvest lets users collect and visualize data coming from IoT devices without standing up a server. It’s fast, it’s simple, and it saves a lot of time, so it’s great for PoC and testing, but until now visualization in Harvest has tended to be… well, pretty basic.

As of today, Harvest now supports location data mapping. It looks great, and it’s also super easy to use: Just post “lat (or latitude)” and “lon (or longitude, lng, long)” data to SORACOM Harvest. In the graph selection button, you will see this “Pin” icon.

Clicking the button will provide a very nice GPS tracking graph like this. As always, you can download the location data and save it as JSON or CSV for you to play with.

If you have any questions or comments regarding this feature, please feel free to contact us here. And if you have any ideas for new features or enhancements, don’t hesitate to share those too