Cloud Studio IoT v1.7.1: Native 2FA, LoRa Downlinks, and Smarter Alarm Controls

Anyone who has ever run an industrial IoT deployment knows the pattern. A device drops offline at 3am. An operator suspends an alarm by deleting the rule because the UI gives them no other option. Two months later nobody remembers why that rule disappeared. The downlink you tried to schedule never reached the field because your LoRaWAN provider's API was an afterthought. The login screen kept forwarding everyone to a third-party 2FA service that nobody administers anymore.

Cloud Studio IoT v1.7.1 is a release about the unglamorous middle of an IoT platform — the boundary layer where authentication, alarms, downlinks, and visual controls meet the people who actually run the system every day. Here is what changed, and why it matters for the teams operating it.

Authentication that lives where your users live

The biggest move in v1.7.1 is a native two-factor authentication flow. Until now, customers running 2FA had to lean on third-party providers that lived outside the platform, with onboarding, recovery, and audit trails managed somewhere else. The new built-in 2FA puts the second factor inside Cloud Studio IoT itself: enable it per user from the profile screen, recover from the same console your admins already use, and stop maintaining a separate identity surface.

The change is paired with sharper feedback on the login screen. Password validation messages now reflect the minimum length you actually configured (rather than the hardcoded default), and they clear between failed attempts, so users stop seeing stale errors after a corrected password. Small thing, but it shows up in every support ticket about login confusion.

On the permission side, `ClientAdministrator` roles now go through stricter validation when requesting a facility outside their scope (GEAR-5434). The previous behaviour let edge cases slip through; the new one rejects them at the API boundary.

Two-way LoRa, finally

If you operate LoRaWAN devices through ThingPark or Loriot, v1.7.1 closes the loop. The platform now has dedicated jobs and interface methods to send downlink commands through both networks. That means firmware reconfigurations, sensor calibrations, and remote actuator commands no longer require dropping out of the platform to issue them through the network server's own UI.

The supporting infrastructure got attention too. Downlink URL handling and storage were tightened up (a class of fixes that quietly affected how the platform stored callback endpoints for downlink confirmations), and the MQTT layer now generates a unique `clientId` per platform instance, removing the intermittent disconnect-storms you sometimes saw when two instances connected at once.

Together, these changes make Cloud Studio IoT a usable command surface for LoRa fleets rather than a read-only dashboard sitting in front of the network server.

Alarms that match how operations actually work

A lot of v1.7.1 touches the alarm engine, and the through-line is the same: give operators the controls they were already asking for, with an audit trail.

The marquee feature is alarm suspension — a first-class action in the UI to pause an individual alarm through new modals and a dedicated endpoint, with an audit-log entry recorded whenever the suspend state changes. Before this release, operators worked around the gap by deleting rules or muting whole notification channels. Both lost institutional knowledge. Suspension is reversible, time-bounded if you want it, and visible to anyone reviewing the alarm history afterwards.

Notification routing got a similar treatment. Address Book now supports a configurable Default level: contacts that didn't match any specific routing rule used to be silently skipped. Now they fall through to a default tier you control. The most common failure mode of "we onboarded a new on-call person and they weren't getting paged" goes away.

Working-hours filtering also got smarter. When a group is on the receiving end of an alarm, the platform now checks each member's individual working hours rather than the group's collective definition. The previous behaviour skipped or paged people incorrectly when group and member schedules diverged.

And on the noise side: battery alarms are now null-safe (GEAR-5426/5428). Devices that report `null` voltage or percentage no longer trigger spurious low-battery alarms, and devices that don't report battery at all are skipped entirely instead of generating false positives in the alarm timeline.

There are companion fixes for the overlap edge case (alarms reopening correctly when Set and Reset conditions overlap; closing only when both leave the overlap zone) and for WhatsApp delivery, which now spaces messages to avoid Plivo rate-limit blocks and includes client and facility context in default templates.

Maps and widgets that match your asset taxonomy

The visual layer got a focused pass on the widgets that operations teams stare at all day.

The device widget is the most affected. You can now define per-endpoint colour ranges and discrete state colours for IASSensor, Appliance, and discrete-variable endpoints, plus per-icon customization across the same surface. The metrics widget gained the same controls, so colour and icon semantics stay consistent whether you are looking at a single device or an aggregated view.

Custom maps can now show consumption and metrics layers in a single customized map (GEAR-5387), and markers can take their colour from value ranges with a `DefaultLayer` parameter for clean defaults. Clustering thresholds were adjusted, and tooltip icons on asset-tracking maps are now personalizable.

Smaller wins worth calling out: the simplified table widget now shows visual badges for endpoint range thresholds, the XY chart can show numeric values directly on its bars, and the vertical single-gauge widget had its look refined so values stay readable across resolutions.

One change is worth a closer read for anyone provisioning VoltageSensors. The electrical circuit requirement is now opt-in: VoltageSensor no longer requires a circuit by default. Set `requiresElectricalCircuit: true` on the script to force one. Existing devices migrate without changes, but new scripts should be explicit about the requirement if your reporting depends on it.

Beyond the UI

A handful of platform-side additions you might not see in a screenshot but will feel:

• Marketing event webhooks (opt-in). A new outbound dispatcher broadcasts platform events to your own systems — useful if you have lifecycle automation living outside Cloud Studio IoT.
• Sandbox signup access. A dedicated endpoint for marketing flows to provision demo accounts.
• Geocoding by free text. A new endpoint resolves addresses by free text, with better exception handling on the lookups themselves.

See the full notes

The full v1.7.1 release notes — every fix, every improvement, every breaking change you should know about — live at cloudstudioiot.com/docs/release-notes/v1-7-1. If you operate LoRa fleets, run multi-tenant operations, or are about to roll a new round of users onto the platform, that page is worth ten minutes.

And if you want to talk through how any of this affects your deployment, book a call with the team.