Introduction
SecureAuth Corporation and its affiliates (collectively, Company, we or us) will provide our customers (customer, you or your) with support and maintenance services (Support) as described in this Standard Global Support and Maintenance Policy (Policy).
Eligibility
You must pay all applicable fees and have one of the following to qualify for Support under this Policy:
- Current maintenance and support plan for an on-premise or perpetual licensed Product; or
- Current subscription for a subscription licensed Product.
- Current Mission Critical Support subscription for an on premise (Air Gapped) Product.
“Product” as used in this Policy refers to the Company software, subscription service, hardware or other equipment covered under a SecureAuth Support plan and identified in the order document pursuant to which the Support was purchased.
Support will be provided for the applicable Support period set forth in the order document and pursuant to the terms and conditions in this Policy and commences on the Effective Service Date.
Obtaining Support
You must be a registered user and have the following information available when contacting us for Support (failure to have this information may delay Support):
- Your company contact information and the caller’s contact information
- Problem description
- Problem details
- Business impact
- Problem severity
- Exact error messages
- Log information
- Date and time problem was encountered
- Changes made to the configuration/environment prior to the problem
- Changes made to the configuration/environment after the problem
- Actions taken to isolate and resolve before contacting us
- Hardware configuration type (for SecureAuth hardware appliances)
- Appliance version release level
- System configuration parameters
- Information about other products and systems interacting with the Product
Opening a Ticket
All Severity Level 1 matters must be reported via phone at: 866-859-1526.
All Severity Level 2-4 issues should be reported by opening a support ticket using our Support portal (Portal) at https://support.secureauth.com.
Prior to Opening a Support Ticket
Prior to requesting Support, you must use commercially reasonable efforts to comply with our published operating and troubleshooting procedures.
You should also review these helpful tips:
- Search the online help and self-service Knowledge Base solutions by reviewing relevant documents on the Portal at http://www.secureauth.com/support.
- See if the problem is reproducible.
- Check to see if the problem is isolated to one appliance.
- Note any recent changes to your systems and environment.
- Note the version of your software and environment details, such as operating system, database, etc.
Case Registry Contacts
You must appoint one (1) or more individuals within your organization who are reasonably knowledgeable in the operation of the Product to serve as primary contact between you and the Company regarding the registry and report of Support tickets (the Case Registry Contacts). All of your Support inquiries should be initialized through your Case Registry Contact(s) when possible. As a security precaution, our Support hotline analyst may request further information to verify the identity of the caller. If at any point, our Support hotline analyst believes that the requesting party is not authorized, as a security precaution, we may deny the Support request until a Case Registry Contact is reached. Additionally, any request for improper assistance will be reported to your Case Registry Contact(s).
Support Ticket Management Process
We assign a unique Support request number (Support ID) to all Support tickets. These Support IDs allow us to prioritize and track all Support tickets through to resolution and allow you to get a status update on your case via our Portal.
All Support tickets are assigned a Severity Level and are processed by the next available Support Engineer. A Support Engineer will take ownership of your Support ticket and see it through to successful resolution.
The Support Engineer will contact you, gather any additional information needed, and investigate to determine the proper course of action. This may require the Support Engineer to re-create the issue, work with our development team, and/or help you with configuration of the Product.
An administrator from your company is required to have access to the application administrative interface and base operating system. Your administrator must have the ability to request additional resources from your company as needed to assist with troubleshooting the environment or application.
If our Support Engineer and development team determine that the issue is a product defect, please see the “Product Defects” section in this policy for specific request handling information.
Escalation Guidelines
Our goal is to resolve all Support tickets in a satisfactory and timely manner; however, we realize that some situations may require increased attention and focus within our team. You can raise the severity of a Support ticket through the Portal or call us and request to speak with a Support Manager. Upon your request, the Support Manager will evaluate the case and create an action plan. If you are not satisfied with the plan or with the progress of the case after the plan has been implemented, you can contact our Director of Technical Support, who will review the Support ticket with the Support Manager and determine if different or additional actions are required.
Closing a Support Ticket
Support tickets remain open until the issue has been resolved or addressed. Exceptions apply to requests for product enhancements, product defects and where the customer fails to respond to request for information for 5 business days or longer. You also can close requests via our Portal.
Re-Opening a Support Request
You can re-open your closed Support ticket from the Portal.
Severity Levels and Response Times
SecureAuth will respond to Support requests and resolve errors in accordance with the applicable Severity Level, and Response Time set forth in the Severity Level tables below. The “Response Time” is the time between when we are notified of the problem and when a support engineer responds via email, phone or through support portal.
All Support tickets are assigned a severity level from 1 to 4 based on the technical and business impact of the reported problem. As troubleshooting progresses, we will work with you to reassess the technical and business impact of the problem and, if appropriate, adjust the case severity level.
Severity Levels
Basic Support is available for purchase with premise perpetual licenses and is included with all subscription licenses and cloud (SaaS) subscriptions. Premier Support and Mission Critical Support are available for an additional cost.
Severity Level |
Definition |
Examples |
Severity 1 - Urgent |
Severe Error Failure in the production operation of the SecureAuth Identity Platform that causes complete interruption which impacts all users and no viable workaround exists.
Note: You must call to report a Severity Level 1 matter. |
|
Severity 2 - High |
Major functionality is severely impaired Failure in the production operation of the SecureAuth Identity Platform that causes partial interruption which impacts majority of users and/or a major feature or function is not working correctly and is blocking full use of the system, but other features are operational.
Note: For the best routing, logging a ticket through the Portal is preferred for Severity 2, 3 and 4. You can always follow up by phone to get an update on your Support ticket. |
|
Severity 3 - Normal |
Partial, non-critical loss of functionality Minor service issue impacting usability or administration of the system; major features/functions are working correctly. Non-critical bug. Customer is able to access almost all business applications through the SecureAuth Identity Platform. |
|
Severity 4 - Low |
General usage problem or feature request Service feature enhancement. Customer is able to access all business applications through SecureAuth Identity Platform and is requesting a feature enhancement. |
|
The tables below define the severity levels and the targeted initial response time for the Support offerings:
CHOICE SUPPORT (Basic)
Severity |
Response Time |
Subsequent Updates |
SecureAuth Effort Required on Case Resolution |
Sev 1- Urgent |
4 Hours |
8 Hours
|
Requires around -the-clock work until there is a work around that restores the service |
Sev 2 – High |
8 Hours |
|
Requires continued work until there is a work around that restores the service |
Sev 3 – Normal |
1 Business Day |
2 Business Days
|
Does not require immediate action and is typically corrected by putting a fix into |
|
|
2 Business Days |
Does not require immediate response and is typically a |
PREFERRED SUPPORT
Severity |
Response Time |
Subsequent Updates |
SecureAuth Effort Required on Case Resolution |
Sev 1- Urgent |
2 Hour |
4 Hours |
Requires around-the-clock work until there is a work around that restores the service |
Sev 2 – High |
4 Hours |
8 Hours |
Requires continued work until there is a work around that restores the service |
Sev 3 – Normal |
8 Hours |
1 Business Day |
Does not require immediate action and is typically corrected by putting a fix into |
Sev 4 - Low |
24 Hours |
2 Business Days |
Does not require immediate response and is typically a documentation or |
ELITE SUPPORT (MCS)
Severity |
Response Time |
Temporary Resolution or Workaround Target[1]
|
Subsequent Updates |
Final Resolution |
Sev 1- Urgent |
1 hour |
No greater than 2 hours
|
Every 4 hours unless both parties have agreed to a different frequency
|
If temporary workaround works and permanent code change is required, a dedicated sustaining engineer will be assigned to work on a software fix. A software fix in a form of a patch will be delivered within 2 weeks. |
Sev 2 – High |
2 Hour |
When available
|
Every 8 hours unless both parties have agreed to a different frequency
|
If temporary workaround works and permanent code change is required, a dedicated sustaining engineer will be assigned to work on a software fix. A software fix in a form of a patch will be delivered within 4 weeks. |
Sev 3 – Normal |
4 Hours |
When available
|
Every 48 hours unless both parties have agreed to a different frequency
|
If temporary workaround works and permanent code change is required, a dedicated sustaining engineer will be assigned to work on a software fix. A software fix in a form of a patch will be delivered with the next product/version release. |
Sev 4 - Low |
24 Hours |
When available
|
As work is performed and closed
|
Within an average of 30 days, provide a statement regarding feature enhancement request. |
[1] Temporary resolution and workaround will be measured from the time our support engineers have access to customer’s relevant network, security, application, directory services engineers, and the SecureAuth Identity Platform appliance. Our response times will be extended by the time in excess of fifteen minutes while the Customer provides the following: (a) access to customer's on-premises appliances to our Mission Critical Support engineers within fifteen minutes (15 mins) of our initial receipt of the Support request; and (b) availability and access to the relevant customer's network, security, application and directory services engineers within fifteen minutes (15 mins) of our initial receipt of the Support request.
Updates and Upgrades
“Upgrades” are releases that include new features or enhancements. In general, we make available two new releases per year. The release timing and scope are subject to change at the sole discretion of SecureAuth. “Updates” are releases that provide problem fixes or other changes, but do not generally include new functionalities. We retain the discretion to determine whether a release is an “Upgrade” or an “Update” and to determine whether and when to develop, release, and apply if applicable any Upgrade or Update to Customer’s instances of a Subscription Service. In general, we strive to apply an Upgrade to Customers’ instances of the Subscription Service within 3 – 6 months of the General Availability of the release.
We will use reasonable efforts to give Customer 30 days’ prior notice of any Upgrade and 10 days’ prior notice of any Update. Notwithstanding the foregoing, We may provide Customer with a shorter or no notice period of an Upgrade or
Update if, in our reasonable judgment it is necessary to: (i) maintain the availability, security, or performance of the Subscription Service; (ii) comply with Law; or (iii) avoid infringement or misappropriation of any third-party Intellectual Property Right.
Customers shall notify us of any concerns or questions within a reasonable timeframe upon receipt of notice of Upgrade or Update. We strive to work with Customers to find a mutually agreeable solution. Notwithstanding, we retain the right to determine the final timing and manner of applying an Upgrade or Update to Customers’ Subscription Services.
Updates
In accordance with this Policy, you have access to all Updates provided you have a perpetual license and a current Support plan, or a current subscription license or subscription access for the Product. If you are responsible for hosting then you may install and use all Updates and we strongly encourage you to do so, provided, however, that you may be required to install Updates, including the current or future version of our Platform in order to resolve your Support issue. Failure to install the Updates may result in ineligibility to receive Support under this Policy.
If you have a current subscription for a cloud or SaaS Product then we will be responsible for installing all Updates in accordance with this policy.
Any corrections to the Product will be made to the current generally available release of the Product. After the introduction of a new and generally available release of the Product, we will support the prior Product versions as follows:
- For Access Management Products, as identified on the Support Lifecycle Policy and End of Life Dates available at https://support.secureauth.com/hc/en-us/articles/360019889171 or as otherwise communicated to customers.
If you have a perpetual licensed Product and your Support either lapses, expires or is terminated, then your license and right to use the perpetual licensed Product after the lapse, expiration or termination date is limited to the then current release of that perpetual licensed Product on the date of the lapse, expiration or termination of the Support. After the lapse, expiration or termination of Support, we are no longer obligated to provide Support, including any activation or reactivate of the license. In the event your Support lapses, expires or is terminated, you may later reinstate Support subject to our then current
Policy, our reinstatement requirements, and any applicable reinstatement fees.
Product Enhancements
If you are interested in submitting a Product enhancement request, you can do so by creating a Support request. Product enhancement requests can be submitted by logging into the Portal and creating a Support request. Once documented, the request will be submitted into the enhancement review system, the identification number will be provided to the submitter, and the Support case will be closed.
Our Product Management team will review the open enhancement requests on a periodic basis and consider them for inclusion in a future Product release. Product enhancements will not be considered or implemented in current or prior Product releases. There is no guarantee that a specific enhancement request will be implemented in a future version of the Product. At our discretion, we may determine that certain enhancements to functionality in the Product can be offered for an additional charge.
Product Defects
If we determine that your issue is a defect, it will be logged in our defect tracking system, and we will provide you with a unique identifier (Defect ID) within the Support case. If we determine that a hot fix is required, then the Support case will remain open until the hot fix has been applied and tested. For non-critical defects, the Defect ID will be provided, and the case will be closed. You can check the release notes or knowledge base when a new release comes out to see if the issue has been fixed.
Release Notes
Release notes for new releases of Products will contain the list of Defect IDs that were addressed in the release. You can review the release notes on our Support portal using your Defect ID to see if the issue has been addressed. Release notes can be searched via the Product documentation on our Portal. We do not guarantee that all defects identified will be fixed in a future release of the Product.
Upgrades
Appliances
Identity Platform appliance upgrades can be complex or relatively simple depending upon the number of customizations which have been incorporated. For this reason, code upgrades require SecureAuth Engineer assistance.
Identity Platform appliance replacements are available at no cost for Identity Platform customers’ appliances running operating system versions Windows 2008 and 2008 R2.
Process
All upgrade requests must start with a Support ticket and contain the information listed below (this request will cover only configuration and code changes necessary to upgrade the Identity Platform appliance):
- Customer’s company name and address
- Customer’s support contact person’s phone, email address and preferred contact method
- Contact hours when the customer’s support contact person is available
- The running Identity Platform code version and appliance operating system version
The next step is the Upgrade Assessment. A Support Engineer will schedule a 20-minute online meeting with your support contact to gather information about your entire Identity Platform environment. This will include running a Customization Check utility on the Identity Platform appliance(s). We recommend that your support contact be knowledgeable about your entire Identity Platform infrastructure or have other staff members on the call who are. After this information is collected, we will analyze the data and schedule a time with you to perform the Identity Platform upgrade. If the Customization Check reveals customization then we will have the Project Management Office contact you to coordinate a statement of work to upgrade the customizations (this may incur additional charges). After the Upgrade Assessment meeting concludes, we request that you freeze your existing Identity Platform configuration to help ensure a trouble free upgrade.
Upon completion of the Upgrade Assessment, we may require up to two (2) business weeks to schedule an appointment (requests to perform upgrades after normal hours of operation or on weekends must be processed through our Project Management Office and will require additional costs for resources to accommodate this request).
Note: We uses Microsoft Sharepoint to securely distribute Support files to our customers. To download the updater, you will need access to https:secureauth.sharepoint.com. If your corporate IT Security policies do not allow for access to Sharepoint please alert the Support Engineer prior to the upgrade so we may arrange for an alternative download method.
Once the Upgrade Assessment is complete we recommend and encourage you to back up your Identity Platform appliance in case an unanticipated event occurs during the upgrade. In the case of a virtual machine (VM) we recommend a snapshot be taken as it offers the fastest way to fall back. If you are running a hardware appliance or your IT policies do not allow for a snapshot we recommend using the Backup Utility included with the Identity Platform product. If assistance is needed with the Backup Utility, please contact our Support team and we will gladly assist with the process.
At a previously scheduled and agreed upon time a Company representative will perform the upgrade process with your support contact via an online/remote session. Immediately after the upgrade, testing will be performed with your support contact to ensure the upgrade process was completed successfully. Once you sign-off on the upgrade process by closing the upgrade request a Company representative will contact your support contact within two (2) business days to discuss any follow up issues.
Hardware & Equipment Support
Only hardware that has been provided by and warranted by the Company is eligible for Support. Computer equipment and appliances obtained, licensed or purchased by you (either directly or through us) from third party vendors are not eligible for Support. For hardware covered under warranty, you may return non-working hardware after obtaining a Return Materials Authorization (RMA) number from us. The issuance of an RMA is not an admission that the hardware is defective. We will repair or replace defective hardware, at our discretion. You are responsible for all costs of shipping and insurance for the return of the hardware to us, and we will pay all costs of shipping and insurance for the return of the hardware to you. You agree that we may perform remote testing on hardware, where applicable, prior to the issuance of an RMA number.
Hardware not under a warranty or current support plan is not eligible for Support under this Policy. Additional charges will apply if we agree (at our sole discretion) to repair or replace such hardware.
Company responsibilities
We have employees in offices worldwide to provide Support. We use follow-the-sun practices to provide 24 x 7 x 365 Support for Severity 1 issues. We will provide Support for Severity 2, 3 and 4 issues from 7:00 AM to 7:00 PM EST, Monday through Friday, excluding our recognized holidays.
We will:
- Deliver Support in English (we may offer limited assistance in languages other than English based on resource availability).
- Deliver Support by our staff or other qualified and authorized partner personnel.
- Use reasonable efforts to determine if a Product problem exists based on the information you provide, and the information generally known to us.
- Investigate and remediate known problems for the Products as available.
- Provide technical assistance and troubleshooting to resolve problems or defects when the covered Product does not function substantially as described in the published technical specifications.
- Remotely troubleshoot issues to determine the cause of a technical problem relating to the functionality or disruption of the Product.
- Provide problem management and reporting using our Support case tracking system.
- Use best efforts to respond to reported problems within the targeted time frames and provide status updates during the resolution process.
- Resolve defects on supported Product releases and provide Product updates, which may contain code fixes, improvements or enhancements to existing functionality.
- Defect fixes can be delivered as an immediate code fix or as part of a future Product update or upgrade release at our discretion.
- Ensure that third-party software embedded in a Product functions with the Product as described in the applicable technical specifications and make commercially reasonable efforts to maintain the embedded third-party software at a version supported by the vendor. As a general practice, third-party software patches and upgrades will be tested and included with Product upgrades.
- Provide Support for Product releases until the published End of Life (EOL) date.
- Interface with vendors to provide support for vendor supported products.
- Subject to your responsibility for data protection in accordance with this Policy and any provisions of the agreement between you and the Company or any separate agreement on data protection, we will maintain administrative, physical, and technical safeguards to ensure the security, confidentiality and integrity of data we may process as a result of providing you Support. We will:
- limit our collection and storage of your data to the minimal amount necessary to provide Support for an incident;
- store collected data in secure encrypted locations;
- limit access to authorized employees based on their job function;
- ensure all authorized employees complete security training;
- maintain Company employee access rights using our HR provided employee status data;
- ensure access to all data storage locations complies with our password maintenance and update policies; and
- maintain card key access to all Company managed data storage locations and Support offices.
Your Rights and Obligations
You must:
- Provide accurate and complete contact information at all times to enable us to send email or other notifications from time to time, and such other information as is required by us under this Policy to enable us to respond to your requests for Support.
- Before production use of the Product, provide us with an operational architecture document which describes how the Product is being used in your environment. Documents created as part of your internal support processes and which provide all relevant information needed for us to help troubleshoot problems are acceptable
- Maintain currency with supported versions of the Product releases.
- Select, purchase, configure, operate and maintain your equipment, hardware, facilities, network and Internet, data and telephone connections necessary for use and support of the Product.
- Maintain proper Product environment in accordance with Product technical specifications or as may be reasonably expected in accordance with industry standards.
- Maintain a current backup copy of the Product and all of your data and keep backup copies in a safe location reasonably accessible to Company personnel if we require access to maintain the Products.
- Update or upgrade third-party software if required for compatibility with an updated or upgraded Product (including payment of any associated third-party license fees).
- Provide us with reasonably necessary access to your personnel and equipment required to resolve the Support issue; including, if required by us, remote access to your systems as necessary to enable us to perform Support.
- Provide supervision, control and management of the use of the Product.
- Implement procedures for the protection of information and the implementation of backup facilities in the event of errors or malfunction of the Product or related equipment.
- Maintain a current backup copy of all of your programs and data.
- Take all steps reasonably necessary to carry out procedures for the rectification of errors or malfunctions within a reasonable time after you receive the procedures from us.
- Properly train your personnel in the use and application of the Product.
- Report all detected errors or malfunctions of the Product to us.
- Request Support as outlined in this Policy.
- Cooperate with us to enable the troubleshooting of reported incidents.
- Use the Product in accordance with the Product documentation.
Customer Data
You are aware that access to login data, employee contact information, application log files, or data files may be required by us in order to provide Support. Such files may contain personal data, including, but not limited to, names of individuals, email addresses or other personal data. You are solely responsible for complying with any data protection laws, including using principles of data avoidance and data minimization, by taking measures to mask, strip or anonymize personal data when providing us access to original or copies of data files. You will use reasonable efforts to prevent disclosure to us of any personal information. We, our affiliates, licensors and agents are not responsible for compliance with such laws and do not assume any liability with respect to any infringements of any laws in relation to the use of our Support services by you. The provisions of the license or subscription agreement between you and the Company or any separate agreement on data protection remains unaffected.
Support Exclusions
The following items are not included in Support. If you request assistance for, or as a result of, any of these items, we may offer to provide assistance at our then current time and materials rates by issuing a quotation or statement of work. Further, if the occurrence or existence of any of the following causes us to be unable to fulfill our Support obligations to you, we will not be responsible for meeting those obligations.
- Services related to hardware or software installation.
- Additions, configuration, or activations of new features or functionality of the covered Product.
- Consulting or on-site services.
- Training or usage assistance.
- Project management.
- Support for your network or environment.
- Guaranteed bug fixes for all problems.
- Product programs made by you or other parties under your control or direction.
- Problems resulting from any service or product not provided by us (we are not responsible for the maintenance, administration or support (including procurement and installation of updates, patches, defect fixes, and upgrades) of your operating system software, hardware and software).
- Problems resulting from customer’s modification, customization, alteration or addition or attempted modification, customization, alteration or addition to the Product undertaken by any party other than us or our agents without our written consent.
- Problems resulting from customer’s negligence, error or misuse of the Product.
- Problems with customer’s hardware, software, network infrastructure and services, or Internet access.
- Problems resulting from inadequate or improperly configured servers, networks, storage, and other underlying infrastructure supporting the execution of the Product.
- Problems arising from customer’s failure to properly use or install the Products in accordance with applicable Product documentation or customer’s license or subscription agreement with us.
- Problems caused by Product or telecommunication interfaces not meeting or not maintained in accordance with the manufacturer’s specifications.
- Problems that have been addressed in a software update that customer has elected not to apply.
- Problems caused by customer’s failure to maintain all software at the same software update and upgrade levels.
- Problems caused by customer’s data.
- Changes to, resolution of, or support for resolution of incidents or errors caused by network, desktop, host configurations, hardware or software other than the Product.
- Support limitations (e.g., standard, limited, extended, EOL) as described in this Policy in the “Product Update” section above.
- Third party services; including procurement and installation of any third-party software or hardware required to be provided by the customer for the implementation of Product or upgrades.
- Support for third-party operating system software, third-party software, hardware, or firmware not procured from us.
- Problems resulting from relocation or the addition of accessories, attachments or other devices to hardware procured and warranted by us.
- Any customer or third-party infrastructure components, including but not limited to:
- Identity Stores, including but not limited to: Microsoft Active Directory, Microsoft Active Directory Lightweight Directory Services (LDS), OpenLDAP, Novell e-Directory, IBM LDAP, Sun One LSAP, ApacheDS, any other third-party Lightweight DirectoryAccess Protocol (LDAP) directories, Microsoft SQL Server, Oracle Server, Google Apps Datastore, and any other identity or profile store;
- Third-party Databases, Datastores, or SIEM products (whether on-premise or cloud hosted) used for the storage and reporting of any audit, accounting, or reporting data;
- Underlying hypervisors or hypervisor management products used to host and support a Virtual Appliance, including but not limited to: Microsoft Hyper-V, VMware ESx, and Citrix XenServer;
- Mobile device management (MDM) solutions used to manage any endpoints or mobile devices;
- Support of endpoint Operating Systems (including, but not limited to: Microsoft Windows, Apple OS X, Mac OS, Linux and Unix Derivatives) and Mobile Operating Systems (including, but not limited to: Apple iOS, Android, Windows Mobile/Phone, and Blackberry);
- Underlying private or public network infrastructure - both physical and logical;
- Cloud or third-party hosting services not provided by us;
- Third-party hardware OTP tokens, proximity cards, smart cards and reader devices; and
- Relying party product, such as those that accept SAML or other assertions from the Product.
- Proof of concept, free trial or evaluation Product environments.
- Support of the Product for purposes other than the purposes for which the Product was designed.
- Support for which you do not have a current maintenance and support plan for a premise perpetual licensed Product; a current subscription license for a Product; or a current subscription for a cloud, hosted or SaaS Product.
- Customer’s failure to perform its obligations under this Policy.
- Other problems not within our control (including internet service failures or delays; unusual physical, electrical or electromagnetic stress; failure or fluctuation of electric power, air conditioning or humidity control; excessive heating; fire and smoke damage; failure of backup/rotation media not furnished by us).
End of Availability
We may, at our discretion, decide to retire a Product from time to time (End of Life or EOL). We will publicly post for all customers notice of EOL, including the last date of general commercial availability of the affected Product and the timeline for discontinuing Support. We will have no obligation to provide Support for a Product that is outside of the applicable EOL period.
Comments
Please sign in to leave a comment.