Admin User Configuration

The first and most important action to take after completing the installation is to change the credentials of the admin user. To do so login to the Console with the default EC credentials.





Once you are logged in, click over the username located in the top right portion of the window and select Change password.

Configure Certificates

At first access the EC auto generates two certificates:

  • Default JWT certificate. Used by the AuthenticationService on login to sign the token in the Access Token.
  • Default Device Management certificate. Used by all of the Device Management Services to sign messages sent to a ESF-enabled device.

These certificates can be replaced if needed; as a good practice, for a pre-production and production environments consider to install the correct certificates before start connecting devices, this will save time later. For more details regarding certificate management refer to section Certificates


Check that these two certificates have the Forwardable attribute set to TRUE (checked). This allows the certs to be transparently "inherited" by child accounts.

Messaging Service Configuration

After a fresh installation you may have created a Messaging Service instance with the deploy of the ec-broker Helm Chart. Check the Messaging Service to verify that the service is available.

Device Provisioning Enablement

EC provides a special account for Device Provisioning named ec-provisioning. If you want to enable Device Provisioning for the users, the ec-provisioning account must be assigned to a Messaging Service instance. Check Messaging Service for more info on how an account is assigned to a Messaging Service instance.


The provisioning account is shared by all the devices in an EC instance. If you are going to create multiple Messaging Service instances (e.g. one instance per customer account), consider assigning a dedicated instance to the provisioning.

Remote Access Service Configuration

After a fresh installation you may need to configure the Remote Access Service created with the deploy of the ec-vpn Helm Chart. Check the Remote Access Service section for more informations regarding configuration of this service.

CORS Filter Configuration

If you want to enable access to the RESTful API from the SwaggerUI of the API component itself or from any other origin that you trust, you must configure the CORS Filter. CORS Filters can be enabled at the instance level for every account or for specific accounts. Check the CORS Filter documentation for more details.

Routes Configuration

If you want to enable access to external systems through routes you may need to configure the Route Blacklisting feature. This feature acts at the instance level. Check the Blacklisting Feature documentation for more details.