This section includes many options/settings which can be used by operators. It is grouped into the following sub-sections:
This tab consists of 3 subsections:
You can send messages to Leon users by using the 'Messages' tool. Once the message has been sent out, Leon can notify them about it by marking the envelope-icon in yellow. You can also decide if the message is visible in the crew's private inbox or if they still need to log in to Leon to read the content. This is quite useful if you want your users to confirm familiarisation.
If a company has more than one main base where the staff is located then you can define in Leon more bases and assign them to particular aircraft as well as to a proper crew and other staff members. Then you can filter particular pages by a proper base and view flights or duties only for that base.
By selecting a time zone you can then select Base Time in a section OPS, right-hand filter (at the bottom).
Bases can be used in SCHED panel when adding schedules on virtual aircraft.
OPS, Sales and Customer Service emails for Bases
It is also possible to set up the 'OPS emails', 'Sales emails' and 'Customer Service emails' for Bases in the 'General Settings' section.
Once emails for bases are inserted, they can be selected as the 'Reply to' emails in the 'Email Templates' > 'Recipients' tab.
EXAMPLE
User is assigned to MEL user base in the profile (full edit profile, 'Basic' tab).
Based on the 'User base', the assigned 'OPS email' is melops@man.com and the 'Sales email' is melsales@man.com.
In the 'Email Templates' section > 'Recipients' tab of any template, the relevant 'Reply to' option can be selected. Below, Base sales email option selected on the 'Charter Agreement' template:
Once this template is used, the relevant base email will apply to the 'Reply to' field. Below, 'Sales email' assigned to MEL base:
The abovementioned functionality can apply to any email template in Leon.
In this section, it is possible to select:
GAR emails configuration can be found in a section Settings > General Settings as a separate tab.
In this page you can insert a default 'Cc' email address as well as a default email content.
Here you can also choose the format of the file itself. Attached file can be sent either as PDF or XLS. The format can be switched to a different one before sending GAR in GAR window.
More information regarding GAR functionality in Leon can be found under here.
More information on the Fuel settings can be found here.
The 'Phonebook' tab contains the following options:
The 'Automatically delete PAX after given days' configuration contains the following options:
It is possible to exclude the PAX that are not to be automatically deleted by selecting the Never delete automatically setting in the Phonebook > Passenger profile > 'MISC' tab.
This setting automatically masks passenger (PAX) contact information not used in trip bookings or sales quotes within the past days. This function enhances data privacy and security.
The 'Automatically mask PAX after given days' configuration contains the following options:
For this functionality to work the following conditions have to be met:
Once the conditions for masking PAX data are met, the PAX details (currently 'Passport' number) will be unavailable for preview, as per the screenshot on the right.
Additionally, the passport number will be masked in the PAX sections of OPS > 'PAX' tab on a flight and Requests/Quotes > 'PAX' tab in a quote:
A User with the Contact Mask privilege set to 'EDIT' will be able to:
If a User's Contact Mask privileges are set to DENY, the user will see the icon in the PAX profile with the following information: You don't have permissions to unmask passports.
This function automatically masks contact information for all user profiles which enhances data privacy and security. When enabled all inactive user contacts will be masked. To restore the visibility of masked contact, users with the 'Contact mask' privilege can do so through the Phonebook panel or Users section.
* Mask users enabled - Activates the functionality
A User with the Contact Mask privilege set to 'EDIT' will be able to:
If a User's Contact Mask privileges are set to DENY, the user will see the icon in the user profile with the following information: You don't have permissions to unmask passports.
In this tab, it is possible to implement the default settings for Crew Mobile App.
Currently, this tab contains 2 sets of settings:
In this section, it is possible to add the fixed 'Clock-in & clock-out locations.
If the clock-in/clock-out takes place within up to a 1km radius of the fixed location, this fixed location is selected as the clock-in/clock-out location.
It is possible to add multiple locations.
To add the new location click on the 'Add New' button, fill in the required fields, and press 'Update' to save the locations.
There are three columns available:
EXAMPLE
There are 3 locations inserted, as per the screenshot.
'Hotel and 'Rental locations are in close proximity to each other.
Clock-in happened between the two abovementioned locations and within a radius of 1km from each of them.
In this case, location Rental was picked by the Crew App automatically, based on the proximity (nearest location selected).
In the 'Security' tab additional security login settings can be selected.
The additional security options are:
The configuration panel can be accessed in the 'General Settings' of the admin panel under the 'Security' tab.
It contains the following options:
Once it is configured, Users will be able to log in using the Microsoft account instead of Leon-generated login and password, as per the screenshot on the right-hand side.
SAML (Security Assertion Markup Language) is an open standard for exchanging authentication data based on the XML protocol. It enables Single Sign-On (SSO), allowing users to log in to multiple applications using a single set of credentials.
Key Advantages of SAML:
SAML Components:
The functionality is available in Leon, in General Settings > Security section.
Configuration with Google
On the Google Side (Identity Provider):
1. Log in to Google 'Admin'
2. Navigate to: Apps → Web and mobile Apps → Add App → Add Custom SAML app
3. Choose an application name (e.g., Leon SAML)
4. Download the METADATA file
On the Leon Side (Service Provider):
1. Go to: Settings → General Settings → Security
2. Select SSO Provider: SAML
3. Choose SAML Provider (e.g., Google)
4. Upload the downloaded METADATA file. UPDATE
5. Copy 'Entity ID' and 'ACS URL'
6. Return to Google site and paste the copied addresses in the Google configuration:
Leon matches users during login using the email address. In the 'Name ID' field, email is selected by default, but there are other options such as First Name or Last Name.
SAML provides many more configuration possibilities within the Identity Provider, such as the ability to control who can access it:
On the Google (Identity Provider) side, within a specific application, we can manage accounts/users in the User Access section. From here, we can control access to Leon - providing centralized management of access to various services. In the Organizational Units tab, we can select groups that are allowed to log in to a given application, or disable access for specific users.
Users can be created and managed directly through the Identity Provider. For example, when a new employee joins the company, their profile does not need to be created in Leon (the Service Provider). It is sufficient to create their account in Google and assign them to the appropriate group. Such a user, during their first SAML login to Leon, will also be automatically created in Leon. To achieve this, the Identity Provider must send additional user information to the Service Provider.
While Leon requires at least information such as first name, last name, code, and the permission group to which the newly created user should belong, in Google, the application must be configured to pass this information during login. In Google, this is called SAML attribute mapping, where we can add field mappings. Field mapping determines which fields from the profile in the Identity Provider should be sent to the Service Provider, in this case, to Leon, and under what names.
We have handled the following fields (ADD MAPPING):
First Name → firstName
Last Name → lastName
Employee ID → code
Type of employee → role - this one is not required because we can configure the 'Default role for new user' (Group of Privileges) on Leon's side, which will be set by default for new users.
In Google, in the Users → User Information tab, fill in the fields with appropriate data.
Moreover, in the event of changing the attribute defining the user's permission group on the Identity Provider side, during login to Leon, Leon will detect that this new permission group (role coming from the Identity Provider) is different from the one currently set for the user in Leon, and it will be modified on Leon's side as well.