Administrator Manual
Inside the “The Resellers” branch there are also, in addition to advertisers, the managers. They are subjects, at a lower level than reseller is, who manage domains.
Inside the “The Managers” branch, domains are defined and are intended to define a common authentication system for the gateways that will form part and contain the registered users. In other words, to the domain you can associate various gateways, which share the same login credentials, and therefore a user who has registered on a gateway of a domain, with the same credentials, who can connect to a different gateway but in the same domain. It is useful, for example, in the case of hotel or restaurant chains to avoid that the user must register every time he attends the hotel or restaurant of that chain.
By clicking the bar with the right mouse button , or pressing the context properties button , you expand the context dropdown menu with a range of options grouped by: default; edit; admin; Welcome Portal.
It contains the following options:
| Option | Description |
| Show all Users |
Selecting the branch, you are displayed the list of registered users to the domain. |
In addition to the standard options, it contains the following options:
| Option | Description |
| Add Gateway |
Allows you to add a new gateway depending on the authentication method chosen in the domain
|
| Add User |
Allows you to add a new user to the domain. |
Contains the following options:
|
Option |
Description |
|
Card Management |
Opens the card management page. Active only for domains with the following “authentication modes”: with SMS sending from the user; with registration by the user, with registration by the operator. |
| Dashboard |
Selecting the branch, you will open the domain’s dashboard with the following tiles: the main chart; connections, traffic, new users, users, GW sold, domains with most connections, users with most traffic; social users; context data. |
|
Display all Connected Users |
Shows in a table, all the users connected to the gateway of the domain. |
|
Display all Users |
Shows all users registered to the domain. |
|
List of Access Points |
Opens the page containing the list of all the access points entered at domain-wide level. |
| List of the Gateways |
Opens the page containing the list of all the gateways entered at domain-wide level. |
| Map of the Gateways |
Shows the map of all configured gateway based on their GPS coordinates. |
|
Sales to Users |
Shows in a table, grouped by manager, product, month and year, the costs and the revenue developed by the managers for the sales of connectivity to users. |
| Tools for Managing Data |
Opens the page for managing domain-wide data. |
| Voucher Management |
Shows the “Voucher” management page. Not active for domains with the “Without registration” “Authentication Mode “ |
Contains the following options:
|
Option |
Description |
| Custom App |
Goes to the management of the custom apps and specific per domain or per gateways associated with it. To make them visible in the Welcome Portal you should assign them in the configuration of the domain or of the gateways. |
| Custom Images |
Opens the home page for managing custom images for the domain. You can use them in the current domain and in gateways associated with it. |
| Languages |
Allows you to define the images of all the languages and also the parameters for the additional languages Available only in the Enterprise edition. |
| Surveys, Quizzes and Tests |
Opens the page for managing surveys, quizzes and tests. |
|
Templates |
Allows you to manage the templates that customise the Welcome Portal for the domain and the gateways. |
| Translations |
Allows customisation, for the domain and the gateways, of the texts displayed in the Welcome Portal, in the standard apps and in the printing of “ Cards” or to add texts for additional languages. |
| Walled Garden |
Allows you to define the accessible URLs by users of the domain and of the gateways without logging in and registering |
To add a domain, select the data tab, press the context properties button of the manager in which insert a domain and select “ Add domain”. While, to modify a domain, always in the data tab, press the context button on the domain and select “Edit”. In both cases a page appear that allows you to manage the following fields
| Field | Description |
| ID |
ID of the record. Auto-assigned Identifier of the record. It can be used to use the API or external integrations. Editable only if the user has permissions to manage the domain data. |
| Name |
Name of the domain. Editable only if the user has permissions to manage the domain data. |
| Authentication Mode |
Defines the user authentication mode. If you choose PPPoE for users, login and registration are not provided for. The administrator must manually create users in HSNM and then configure the router. In this case, the appliance will act as a radius server for the PPPoEs. This option is not editable if you have selected PPPoE and there are already registered users. Possible values are: Click & connect. No registration, no password: the gateways belonging to this type of domain will allow the user to surf without registration. In practice, the same login request will appear to the user displays but without the possibility to enter username and password that is the same for all users and automatically inserted. By selecting this authentication method, when it saves the data, it will create a user “free” with a random password. You can change any user’s field (including the password) into the user’s editing. If you want to use this type of authentication, it is necessary that:
To the “free” user, which has automatically been created when creating the domain, it will be assigned the first free product attributes defined in the domain. QR Code & connect. No registration, no password: GWHs that are part of this type of domain will allow the user to navigate without the need to register by scanning a printable QR Code from the context menu of the gateway or access points. After scanning the QR Code with the Camera App, the user will not be prompted to open the URL. While clicking, the user will be redirected to the Welcome Portal and then automatically connected. As for “Click & connect. No registration, no password”, when data are saved, a “free” user will be automatically created with a random password. This authentication mode is not compatible with Fortinet type of gateways. Simple password. No registration: this type of domain is equal to the previous one but in the login page, the user must enter a password, which must be required to the manager (this password is the one defined in the “Password for login” field) It is useful if you want to provide free internet access without the necessity to register to the service, but avoiding that anyone uses the connection. Only those who know the password can access to the internet. The manager may at any time change the login password. With sending an SMS by the user: the gateways that use this type of authentication, allow the user to subscribe to the service by sending an SMS to the number indicated in the registration process and configured in “System Settings” (this setting is only available for the administrator of the system). In this way, it will automatically create the user with username equal to the mobile number from which the SMS has been sent. Credentials for log in will be returned to the user via e-mail or SMS, and then you have to enable at least one of the options “send SMS notification” and/or “Send mail notification” unless you enable the option “User password by sms.” In this case, the user who wants to register to the service can send an SMS to the number notified by the hotspot provider, editing an SMS text, after the domain name, a space, and the password to be assigned in the form: Domainname [space] Mypassword. In this way, a user will be automatically created, equal to the mobile phone number from which the SMS has been sent, with password included in the sent message. This type of domain is useful to avoid the data registration by the users and possibly avoid the SMS sending with credential by the system (this is possible only if the options “Send mail notification” or “User password by SMS” are enabled). With registration by the user: the user must register with the service, following the procedure initiated by the button “Register” that among the steps requires filling of the provided fields. The fields that the user is required, will be selected in the section “Data to customise user registration” explained below. This type of domain is useful if you want to record the users’ log data about user. Also, for this type of domain, it is possible to send the login credentials both via SMS and via e-mail based on enabled or disabled fields “Send SMS Notification” and/or “Send Email Notification”. The product chosen by the user, if not a free product, it can be paid through one of the enabled gateways for payments. With registration by the user without password: it uses the same modes of “With registration by the user”, but user does not have to insert the password. Warning! This method simplifies the login, but user authentication is not secure and there may be any conflicts with the security policies. If a user knows the email of another user, he will be able to access. With social registration by the user: it uses the same modes of “With registration by the user”, but user must register and login only through social network. Warning! To use this option user must enable the social networks. With operator registration: the gateways belonging to this type of domain will allow the user to use the service only after have been registered by the Manager. With this type of domain, the user will not be able to “auto register” because the login page will not display the “Register” button. The manager must manually register the user (click the context button above the domain in the “data” tab and select “ Add user”) and then print the card with the login credentials by clicking the appropriate button in the upper right corner. In this type of domain, if the product provided to the user, has a cost, the user has to pay it directly to the manager. During user’s registration, the manager will be proposed the products defined in the section “Products for the domain” explained below. OTP (One Time Password or single use password) sent via SMS: similar to “With registration by the user” but at every login, a new password is sent to the user. The login App will only show the field to enter the mobile phone number. Once entered, the system will check if it has already registered and if so, it sends a new password to the user. User must enter the password when required. If the phone number has not already been registered, the system goes directly to registration if you have activated the “Auto registration” check for non-existent credentials. The password sent to the user is valid for two minutes. If not used within the time limit, another one will be sent to the next login. PPPoE: this type of domain is selected when you need to use HSNM as RADIUS server with PPPoE connections. In this case, for users, registration and login are not provided as credentials must be configured directly into the router on in PPPoE client of the user. The manager must manually register the user (click the context button above the domain in the “data” tab and click “Add user” ). This “domain Authentication mode” is not editable if you have selected PPPoE and there are already registered users. Editable only if the user has permissions to manage the domain data. |
| Domain Federation Groups |
The domain is federated with the defined federation groups. Users are shared among all the domains that are part of the groups. If a user attempts to log in to a domain on which his credentials do not exist, the system will automatically check if his credentials exist on one of the other federated domains and if so, allows the login. Warning! Federated domains must have the “authentication mode” compatible and that require the same type credentials for logging in. For example, a domain that requires only the user name is incompatible for federation with another domain that requires the username and password. |
|
Password for Login |
Password to be provided to users for login. The field is displayed and used, only if you have selected the authentication mode “Simple password. No registration |
|
Welcome Portal Template |
Declares the template to use for this domain, which parameterises the contents and graphic form of the Welcome Portal or of the login page. If you enable the option “Use default”, it will use the default template defined in “General Options” (this option is only available for the administrator of the system). Any template imposed in the gateway takes precedence over this value. Specific products for the manager are displayed in white, specific products for the reseller or for the manager in light blue and general products in brown Selectable templates are coloured in base to the level they belong to. In specific, custom templates for the domain are displayed in light blue and in yellow ochre the ones for the system. |
|
Template Color Scheme |
Colour scheme to use for the selected template. If you enable the “Use default” option, you will use the colour set in the “General Options” (this option is only available for the administrator of the system). |
| Users Login Interface |
Defines the type of user interface to use for the login. The possible choices are: Welcome portal lite: reduced version of the Welcome Portal without App bar, standard Apps and Advertising. Welcome Portal: full version of the Welcome Portal with App bar, standard Apps and advertising support. Option “Without Welcome Portal” is no longer available on HSNM with system versions greater than or equal to 1.7 because replaced by Welcome Portal Lite The type “Welcome Portal” is available only if you have purchased the licence for the “Welcome Portal”. |
| Field | Description |
|
Verify Email Address |
In enabled, at the registration, it automatically verifies if the email address entered by the user, exists by contacting the domain’s MX server. Warning! In some cases, it is not possible to determine the MX server or contacting the remote mail server and therefore the check cannot be performed. In these cases the user fails to register. |
|
Send Email Notification |
If enabled, at the registration confirmation, a mail notification will be sent to the user with the login credentials. It is not considered in the registration through social networks. |
|
Email Notification Subject |
Subject of the email that is sent to users with the login credentials. |
|
Email Notification Registration |
Enter the body of the e-mail that will be received by the user after having registered. If not defined, it will use the mail as defined in “General Options” (this option is only available for the administrator of the system). The variable %MailValidationLink% that lets you include in the email body a link that the user can click to confirm the email address. So, in the email text, it can be entered for example, the sentence: To obtain an unlimited time for browsing, please click here. To insert a link, clickable by the user, in the email body you have to edit the HTML using the appropriate button “</>” placed in the toolbar of the HTML editor and insert the TAG <a href=”%MailValidationLink%” target=”_blank”>click here</a>. In the text of the email it can be entered a URL for automatic filling of the Username and Password and in case a parameter for the auto login in order the users auto login by pressing a simple URL. The URL must not be opened by the Walled Garden. For example: to connect click here http://www.mikrotik.com?u=%UserName%&p=%Password%&a=1 Note: to perform the auto login, the default App in the template must be the Login one. User must be connected to the gateway. |
|
Product at the Email Validation |
Product assigned at users when the email address is validated. It can be used to motivate users to validate their email address using for example sentences like: if you confirm your email address, you will gain two hours of free internet connection. In order to make the users validate thier email address, it is necessary to use the variable %MailValidationLink% as described in the previous “Email Notification Validation” field. |
|
Send Email with Receipt |
If enabled, the system automatically sends emails with payment receipts. |
|
Accepted Email Domains |
Restricts the registration to specified email domains separated by commas. For example, if you want to restrict the registration only to gmail users, enter gmail.com. |
defines the destination URLs depending on the context.
Warning! “Redirection” can not be used with CNA.
| Field |
Description |
|
Redirect URLs (comma-separated) |
In the URL, you can use the following variables: %UserName%: username; %Domain%: domain name; %HotSpotName%: hotspot name %MacAddress%: MAC address of the user’s device; %OriginalAddress%: original URL; %Gender%: sex; %FirstName%: first name; %LastName%: last name; %EMailAddress%: email address; %Phone%: phone number; %MobilePhone%: mobile phone; %Address%: address; %City%: city; %State%: province or state; %Country%: country; %Zip%: Zip; %RoomOrSite%: room or pitch number; %YearOfBirth%: year of birth; %Language%: language; %RetailersCompanyName%: reseller company name; %ManagersCompanyName%: manager company name. |
|
After Registration URL |
Redirection URL after the user registration. In the URL, you can use the following variables: %UserName%: username; %Password%: password; %Domain%: domain name; %HotSpotName%: hotspot name; %MacAddress%: MAC address of the user’s device; %OriginalAddress%: original URL; %Gender%: sex; %FirstName%: first name; %LastName%: last name; %EMailAddress%: e-mail address. %Phone%: phone number; %MobilePhone%: mobile number; %Address%: address; %City%: city; %State%: province or state; %Country%: nation %Zip%: ZIP; %RoomOrSite%: room or pitch code %YearOfBirth%: year of birth; %Language%: language; %RetailersCompanyName%: reseller company name; %ManagersCompanyName%: manager company name. Do not configure this option if you enable CNA. On iOS devices with CNA this option is ignored. The redirect URL is not considered if the reidirect is enabled for international calling codes and the user registers with a international calling code that is not accepted. Warning! Redirect after registration works only if the blocking of “popups” is not active, if you have enabled the “Show Credentials” check or if you have enabled “Display the Registration Confirmation” check. |
|
Field |
Description |
|
Recognize the User based on the Device |
Upon login, at the device’s recognition, user is not forced to enter the authentication data (username/mobile number and password). The possible options are:
|
|
Expiration of Device Recognition |
Expresses the expiration time, in minutes, of the device recognition with regars to the user’s last session. A value = 0 states that there is no expiration. If the value is less than zero, it avoids suggesting the last username that has logged-in. We recommend to enable this option if you share devices or pcs with users, like internet points, internet rooms, etc. |
|
Switch Automatically to Registration |
It automatically switches to registration for unrecognized devices/users. |
|
Switch Automatically to Recharge |
It automatically switches to recharge for devices/users recognized and expired and that have exhausted the time/traffic. |
|
Disable Multiple Registrations |
By enabling this option, the user will not be able to register multiple times from the same device. So, if the user logs in with a username and password, the device will no longer be able to make further registrations. In practice, at the first login the system matches the user to the device and no other user with different credentials can be used. This allows, for example, in the case of partially free domains, that is with a free initial time, to prevent any multiple registrations from the same device to use the free time amount of credit allowed for x times. Not visible if the authentication mode is set to “Simple password. No registration” |
Options for Device Recognition are not available for the following authentication modes: Click & connect. No registration, no password; With social registration by the user; PPPoE.
This section defines the products, which may be assigned to or purchased by the users who register for the service.
Warning! Products data are editable only if user has permissions to write the domain’s products.
Before you can define products for the domain, it is necessary that the products have been created using the page “ Products” accessible from the context dropdown menu of “ System“, “ The Resellers” or “ The Managers“.
If you do not specify sales prices or the “Free” check is active, the product is free and therefore the payment procedure will be not activated during the registration of the user.
If you want that at the registration users have traffic and/or free time without passing through to the payment process, you have to define one or more products with traffic or free time (please refer to “ Products.” or enable the “Free” check in the settings of the product of the domain. Otherwise, the payment will be required at registration.
If for the manager, the prepaid payment mode has been set (enabled by the check in the manager data) and the product without price in the domain has a cost defined in the product itself, at the registration of each new user, it will deduct from the prepaid credit, the cost of the product minus the discount that is defined in the manager data. At the consumption of the prepaid credit, the free product will no longer be assigned to users and it will require the purchase of any product provided in the domain.
Each product has these check boxes available: “Display with Standard Registration”; “Display with Social Registration”; “Display at the Recharge”. In pratice by enabling or disabling these parameters it is possible to affect the availability of a product based on the type of registration that users are making or on the context. To make each product available in all situations, enable all the checks.
Using these options, it is possible to display certain products at first registration and others at the recharge. In this way, for example, you can make product promotions at the first registration.
To hide the “Register” button in the login App, just do not activate the “Display with Standard Registration” and “Display with Social Registration” options in the products.
In the domain, any number of products can be specified. To add a product, you have to press the button “Add a product”, a new line will be added to the list, insert the product and any selling price.
If you want to modify a product, please follow the instructions:
To delete a product, please follow the instructions:
To modify the order of the products, please follow the instructions:
For each product, you have the following options:
|
Field |
Description |
|
Product |
Product to enable for the domain |
|
Free |
In enabled, the product is free and the user is not forced to purchase. If disabled, the price field will be displayed. |
|
Display with Standard Registration |
If enabled, the product will be selectable during standard registration. |
|
Display with Social Registration |
If enabled, the product will be selectable only with registration through social network. |
|
Display at the Recharge |
If enabled, the product will be available only if the user is processing a recharge. |
|
Printing Group |
By assigning a group code common with other products, in printer, it displays the choice of the group and then the list of products associated with it. In case there are many products in the domain, grouping will help the operator during the selection phase. |
|
Enable Printing Card |
If enabled, the product will be available for printing the “Cards” using the thermal printer combinable with the “HSNM Printer“.
|
|
Enable Printing Voucher |
If enabled, the product will be available for printing the “Vouchers” using the thermal printer combinable with the “HSNM Printer“ |
For all the products, you have the following options:
|
Field |
Description |
|
Assign the Free Product |
It assigns the first free product at the registration without displaying the list of products.
|
|
Reassign the Free Product |
If you have defined only one free product (with time/traffic free or without price), it reassigns automatically the free product.
|
|
Code Type for Vouchers |
It defines the type of code to print for the “Vouchers Warning! If you change this parameter the previously created vouchers are no longer usable. |
Specific products for the manager are desplayed in white, specific products for the reseller or for the manager in light blue and general products in brown.
In this section, you can select the languages with which users can display the Welcome Portal or login page. For each language you select, the Welcome Portal or login page will display the corresponding flag for the language selection.
If you do not enable languages, Welcome Portal will be displayed in the default language and the user will not see the language selection. In this way, you can impose a language without giving the user the ability to change it.
|
Field |
Description |
|
Alternative Language |
Alternative language to be displayed to users when the browser language is not recognized or is not active. |
|
Enable English Language |
If enabled, allows users to view the login page in English. |
|
Enable Spanish Language |
If enabled, allows users to view the login page in Spanish. |
|
Enable French Language |
If enabled, allows users to view the login page in French. |
|
Enable Italian Language |
If enabled, allows users to view the login page in Italian. |
|
Enable German language |
If enabled, allows users to view the login page in German. |
|
Enable the First Additional Language |
If enabled, allows users to view the first additional language defined in “General Options” (this option is only available for the administrator of the system). In case of the Enterprise Edition, you can allow users to view the first additional language defined in the domain or in the gateway. |
|
Enable the Second Additional Language |
If enabled, allows users to view the second additional language defined in “General Options” (this option is only available for the administrator of the system). |
|
Enable the Third Additional Language |
If enabled, allows users to view the second additional language defined in “General Options” (this option is only available for the administrator of the system). In case of the Enterprise Edition, you can allow users to view the first additional language defined in the domain or in the gateway. |
You can enable the synchronization of a domain’s users with MailChimp.
Only new users or users who will be edited will be synchronized. To synchronize existing data, we suggest to perform the export procedure in the “Tools for Managing Data” by defining the export filter. The import on MailChimp is automatic and takes place in batch mode within ten minutes.
|
Field |
Description |
|
MailChimp Audience ID |
To enable synchronization of the domain’s users, enter the “MailChimp Audience ID”. To complete the activation of the synchronization, you need to enter the MailChimp API Key in manager data. |
|
Export Type |
Type of export to MailChimp. You can select one of the following values:
In all cases, you can export only for users who have an email address |
Into the “Audience fields and *|MERGE|* tags” of Mailchimp, you need to define the fields that you want to export: FNAME (First Name), LNAME (Last Name), ADDRESS (Address), PHONE (Phone number), YEAROFB (Year of birth).
|
Field |
Description |
|
Consider Users Disconnected After |
It considers automatically logged off users with a connection active for more that the days you have defined. In some case, gateways may not send the users’ disconnection, and therefore the system would consider them as still activective. In other words, if you active this option, the system automatically closes user connections established for a longer time than the days you indicated. If a user is considered disconnected based on the indicated value, in the “User connection Log”, “Forced Closure 1” is reported in the disconnection cause. This option is not considered on gateways that have enabled the “Force Disconnections” option. |
|
Notes for the Domain |
Enter possible notes for the domain. Available only if the user has permissions to manage the domain data. |
|
Domain Locked |
If enabled, it blocks all the access by all users in the domain. Available only if the user has permissions to manage the domain data. |
Warning! Changing the domain data does not automatically modify the characteristics of users already registered.