This section includes many options/settings which can be used by operators. It is grouped into the following sub-sections:

• General
• Flight editing - full section explained here
• GAR emails
• Documents - full section explained here
• Sales Module - full section explained here
• Crew Planning - full section explained here
• Mobile Notifications - full section explained here
• Fuel - full section explained here
• Phonebook - settings related to PAX
• Crew App - settings that apply to the Crew mobile app
• Security - settings that apply to the user login settings

This tab consists of 3 subsections:

• General settings
• Leon inbox settings
• Bases

• Operator ICAO - an ICAO code by which an operator is recognizable by Eurocontrol (so that flight times can be imported from Eurocontrol straight to Leon's 'Flight Watch' - if the integration with Eurocontrol is switched on, in Add-ons panel). This code is also used in Handling Requests.
• Operator IATA - an operator IATA code, used in 'Show Schedule' panel (in a section OPS) and Handling Requests.
• Region - select between EN & US to define the date-format. Also, when US region is selected Leon changes the date format displayed in the OPS section. Also, Flight Watch times indications: BLOFF > OUT, T/O > OFF, LDG > ON, BLON > IN. In the same way, Flight Watch columns will change in Report Wizard.
• Default weight unit - select kg or lbs, which will be a default, unless an aircraft has it defined differently in its profile (in Settings > Fleet panel), then Leon takes the aircraft fuel & weight units as default (displayed in the Journey Log).
• Default airport category - here you can set a default airport category for all airports available in Airport Directory panel.
• Default local currency - you can define them by selecting the currency from the drop-down box.
• Options and Opportunities will change position of aircraft on Calendar page - when this box is ticked, a flight-option/opportunity added in OPS > CALENDAR screen will change the position of the aircraft for future days.
• Display the experience table - the table can be input to the user's profile, where you can add the past crew-experience before joining your company. More information here.
• Crew Panel - option to choose between 'Auto publish' and 'Manual publish' of assigned duties in the 'Crew Panel' section
• Crew age validation - setting that validates age of cockpit crew. Enabling this funtionality to 'EASA age validation' means that Leon will monitor EASA regulations described in THIS LINK
• System notification recipients - in this field, you can define a list of mail addresses that will receive system notifications. System notifications include notifications about integration errors, mailbox suspensions, etc.
• Timeline additional markers - section where you can create the 'Timeline' markers definitions. More information about the functionality can be found in the New Timeline section.

You can send messages to Leon users by using the 'Messages' tool. Once the message has been sent out, Leon can notify them about it by marking the envelope-icon in yellow. You can also decide if the message is visible in the crew's private inbox or if they still need to log in to Leon to read the content. This is quite useful if you want your users to confirm familiarisation.

If a company has more than one main base where the staff is located then you can define in Leon more bases and assign them to particular aircraft as well as to a proper crew and other staff members. Then you can filter particular pages by a proper base and view flights or duties only for that base.

By selecting a time zone you can then select Base Time in a section OPS, right-hand filter (at the bottom).

Bases can be used in SCHED panel when adding schedules on virtual aircraft.

'Bases' emails settings

OPS, Sales and Customer Service emails for Bases

It is also possible to set up the 'OPS emails', 'Sales emails' and 'Customer Service emails' for Bases in the 'General Settings' section.

Once emails for bases are inserted, they can be selected as the 'Reply to' emails in the 'Email Templates' > 'Recipients' tab.

EXAMPLE

'User base' assigned in the User profile

User is assigned to MEL user base in the profile (full edit profile, 'Basic' tab).

Based on the 'User base', the assigned 'OPS email' is melops@man.com and the 'Sales email' is melsales@man.com.

In the 'Email Templates' section > 'Recipients' tab of any template, the relevant 'Reply to' option can be selected. Below, Base sales email option selected on the 'Charter Agreement' template:

Once this template is used, the relevant base email will apply to the 'Reply to' field. Below, 'Sales email' assigned to MEL base:

The abovementioned functionality can apply to any email template in Leon.

'Days off' settings

In this section, it is possible to select:

• Weekend - weekend days selection
• Days Off List - option to insert days off such as Bank Holidays, Christmas, etc. These selected days will be highligted light-green in the OPS CALENDAR and the CREW CALENDAR sections

GAR Template settings

GAR emails configuration can be found in a section Settings > General Settings as a separate tab.

In this page you can insert a default 'Cc' email address as well as a default email content.

Here you can also choose the format of the file itself. Attached file can be sent either as PDF or XLS. The format can be switched to a different one before sending GAR in GAR window.

More information regarding GAR functionality in Leon can be found under here.

More information on the Fuel settings can be found here.

The 'Phonebook' tab contains the following options:

• Is account required - checkbox that, if ticked, requires the new Phonebook entry to be assigned to an Account
• Automatically delete PAX after given days - option to set up Leon to automatically remove passenger details from the system if they are not assigned to flights within a specified timeframe. By default, this function will be turned off for all operators. More information below

The 'Automatically delete PAX after given days' configuration contains the following options:

'Automatically delete PAX…' setting

• Delete PAX enabled - option to enable automatic deletion.
• Send notification 7 days before deletion to: - specify an email address where a notification containing passenger names scheduled for deletion will be sent seven days before the deletion date. This field is mandatory if the 'Delete PAX enabled' checkbox is selected.
• Delete PAX after - a field where it will be possible to indicate the number of days (by entering a numerical value) after which PAX data will be deleted if PAX is not assigned to the flight within the specified timeframe. The minimum threshold for deleting PAX is 30 days.

It is possible to exclude the PAX that are not to be automatically deleted by selecting the Never delete automatically setting in the Phonebook > Passenger profile > 'MISC' tab.

This setting automatically masks passenger (PAX) contact information not used in trip bookings or sales quotes within the past days. This function enhances data privacy and security.

'Automatically mask PAX after given days' settings

The 'Automatically mask PAX after given days' configuration contains the following options:

• Mask PAX enabled - Activates the functionality
• Mask PAX after - Number of days after which PAX will be masked.

For this functionality to work the following conditions have to be met:

• PAX cannot be a User
• PAX cannot be marked as 'Deleted'
• PAX cannot be marked as 'Is representative'
• PAX is selected as a passenger on a past flight but was not assigned to a flight within the days indicated in the 'Mask PAX after'

Example of masked passport in the PAX profile

Once the conditions for masking PAX data are met, the PAX details (currently 'Passport' number) will be unavailable for preview, as per the screenshot on the right.

Additionally, the passport number will be masked in the PAX sections of OPS > 'PAX' tab on a flight and Requests/Quotes > 'PAX' tab in a quote:

A User with the Contact Mask privilege set to 'EDIT' will be able to:

• preview the masked details in the PAX profile by clicking on the icon, and
• unmask the details by clicking on the 'UNMASK' option in the PAX profile and saving changes

If a User's Contact Mask privileges are set to DENY, the user will see the icon in the PAX profile with the following information: You don't have permissions to unmask passports.

This function automatically masks contact information for all user profiles which enhances data privacy and security. When enabled all inactive user contacts will be masked. To restore the visibility of masked contact, users with the 'Contact mask' privilege can do so through the Phonebook panel or Users section.

'Automatically mask users

* Mask users enabled - Activates the functionality

A User with the Contact Mask privilege set to 'EDIT' will be able to:

• preview the masked details in the user profile by clicking on the icon, and
• unmask the details by clicking on the 'UNMASK' option in the PAX profile and saving changes

If a User's Contact Mask privileges are set to DENY, the user will see the icon in the user profile with the following information: You don't have permissions to unmask passports.

In this tab, it is possible to implement the default settings for Crew Mobile App.

Currently, this tab contains 2 sets of settings:

• My Schedule - show weekly rest - allows displaying or hiding the weekly rest preview in the Crew App > My Schedule section
• Fixed Locations - explained below

In this section, it is possible to add the fixed 'Clock-in & clock-out locations.

If the clock-in/clock-out takes place within up to a 1km radius of the fixed location, this fixed location is selected as the clock-in/clock-out location.

It is possible to add multiple locations.

'Fixed locations setting'

To add the new location click on the 'Add New' button, fill in the required fields, and press 'Update' to save the locations.

There are three columns available:

• Location name - Name of the location
• Latitude - Latitude in decimal
• Longitude - Longitude in decimal

Clock in location selected

EXAMPLE

There are 3 locations inserted, as per the screenshot.

'Hotel and 'Rental locations are in close proximity to each other.

Clock-in happened between the two abovementioned locations and within a radius of 1km from each of them.

In this case, location Rental was picked by the Crew App automatically, based on the proximity (nearest location selected).

In the 'Security' tab additional security login settings can be selected.

The additional security options are:

'Security' tab

• Force two factor authentication for all users - 'Two factor authentication' applied globally per operator. More information about this option can be found HERE.
• Trusted IP - a section where trusted IP addresses can be inserted. IP addresses listed here will not be subject to 2FA authentication
• Single sign-on settings - a section where alternative way of signing in to Leon can be set up
• Second factor validity time [h] - This setting decides, that after logging in using two-factor authentication, following logins for this user, on that specific machine, can be performed without using a second factor for a certain amount of hours (MAX 12h)

Microsoft SSO in Login page

The configuration panel can be accessed in the 'General Settings' of the admin panel under the 'Security' tab.

It contains the following options:

• Enable SSO - In order to enable SSO the box must be checked.
• Operator domain - Enter your company's Microsoft-registered domain here. Only accounts in that domain will be allowed to sign in to Leon.
• Disable login and password access - If you check this checkbox, you will only be able to log in using Microsoft SSO credentials, and logging in with Leon's credentials will not be possible.
• Provider - Choose Microsoft as a provider.

Once it is configured, Users will be able to log in using the Microsoft account instead of Leon-generated login and password, as per the screenshot on the right-hand side.

SAML - single sign-on functionality in Leon

SAML (Security Assertion Markup Language) is an open standard for exchanging authentication data based on the XML protocol. It enables Single Sign-On (SSO), allowing users to log in to multiple applications using a single set of credentials.

Key Advantages of SAML:

• reduces the risk of password-related vulnerabilities
• users only need to remember one set of credentials
• centralized control over user access
• streamlines the login process across multiple applications.

SAML Components:

• Identity Provider (IdP):- The identity-providing side (e.g., Google, Microsoft)
• Service Provider (SP):- The service-receiving side (e.g., Leon).

The functionality is available in Leon, in General Settings > Security section.

Configuration with Google

On the Google Side (Identity Provider):

1. Log in to Google 'Admin'

2. Navigate to: Apps → Web and mobile Apps → Add App → Add Custom SAML app

3. Choose an application name (e.g., Leon SAML)

4. Download the METADATA file

On the Leon Side (Service Provider):

1. Go to: Settings → General Settings → Security

2. Select SSO Provider: SAML

3. Choose SAML Provider (e.g., Google)

4. Upload the downloaded METADATA file. UPDATE

5. Copy 'Entity ID' and 'ACS URL'

6. Return to Google site and paste the copied addresses in the Google configuration:

• Settings→ SSO Configuration→ ACS URL and Entity ID.

Leon matches users during login using the email address. In the 'Name ID' field, email is selected by default, but there are other options such as First Name or Last Name.

SAML provides many more configuration possibilities within the Identity Provider, such as the ability to control who can access it:

On the Google (Identity Provider) side, within a specific application, we can manage accounts/users in the User Access section. From here, we can control access to Leon - providing centralized management of access to various services. In the Organizational Units tab, we can select groups that are allowed to log in to a given application, or disable access for specific users.

Users can be created and managed directly through the Identity Provider. For example, when a new employee joins the company, their profile does not need to be created in Leon (the Service Provider). It is sufficient to create their account in Google and assign them to the appropriate group. Such a user, during their first SAML login to Leon, will also be automatically created in Leon. To achieve this, the Identity Provider must send additional user information to the Service Provider.

While Leon requires at least information such as first name, last name, code, and the permission group to which the newly created user should belong, in Google, the application must be configured to pass this information during login. In Google, this is called SAML attribute mapping, where we can add field mappings. Field mapping determines which fields from the profile in the Identity Provider should be sent to the Service Provider, in this case, to Leon, and under what names.

We have handled the following fields (ADD MAPPING):

First Name → firstName

Last Name → lastName

Employee ID → code

Type of employee → role - this one is not required because we can configure the 'Default role for new user' (Group of Privileges) on Leon's side, which will be set by default for new users.

In Google, in the Users → User Information tab, fill in the fields with appropriate data.

Moreover, in the event of changing the attribute defining the user's permission group on the Identity Provider side, during login to Leon, Leon will detect that this new permission group (role coming from the Identity Provider) is different from the one currently set for the user in Leon, and it will be modified on Leon's side as well.