Lines: Adds, Removals, Swaps and Ports
Line lifecycle is the single busiest module for most IT admin secondaries. The lines module inside My Verizon exposes add, suspend, resume, transfer and device-swap as first-class primitives. An add takes two clicks: pick a plan from the contracted tier list, pick a device from the catalogue or flag bring-your-own-device, and assign the line to an employee. A suspend keeps the number reserved for up to 90 days while the device is out of service; a resume restores the line with the original number and profile.
Zero-click snapshot: Line lifecycle — add, suspend, resume, transfer, swap — is a two-click operation per line, or a 500-row CSV import for batches.
Number porting from a competing carrier runs as a special add. The customer supplies the losing-carrier account number, PIN and phone-number list, and Verizon Business schedules the cutover window — 24 to 72 hours per line for single ports, or a coordinated batch schedule for bulk migrations over 50 lines. The batch schedule groups by NPA-NXX to avoid short-code and SMS-routing degradation during the cutover. The connect-team directory reaches the named porting specialist for batches above 100 lines.
Role Tile Profile
- Role tags: primary, finance, IT, HR, regional
- Scope dimensions: global, subsidiary branch, geographic slice
- Delegation actor: primary admin only
- Revocation: one click in master settings, or directory-group removal under federation
- Audit: every role change writes identity + timestamp + prior state
- Approval thresholds: configurable per role tag in master settings
Role Assignment and Approval Workflows
A role tag determines which modules a secondary sees and which primitives they can invoke. A finance secondary reads invoices and uploads tax-exempt certificates in the Billing Portal; an IT secondary provisions lines, swaps devices and pulls reports; an HR secondary onboards and offboards employee-assigned lines; a regional secondary holds a geographic scope that restricts their visibility to the matching subsidiary branch. The primary admin assigns tags through the master-settings module. Directory-group membership drives tags automatically under federated customers.
Zero-click snapshot: Five role tags map to the five module clusters. Primary assigns. Audit records every assignment.
| Action | Required Role | Audit Record |
|---|---|---|
| Add a new line | IT secondary or primary | add-line: identity, plan, device, employee |
| Suspend or resume a line | IT secondary or primary | suspend-line / resume-line: identity, reason |
| Swap a device | IT secondary or primary | swap-device: identity, old ESN, new ESN |
| Upload tax-exempt certificate | Finance secondary or primary | upload-cert: identity, cert hash, state |
| Approve an invoice above threshold | Finance approver or primary | approve-invoice: identity, amount, chain |
| Delegate a new secondary admin | Primary only | delegate: identity, new admin, role, scope |
Invoice Approval Chains
The invoice approval workflow is two-step by default, three-step under enhanced financial controls. Step one is reviewer: any finance secondary reviews the invoice line items, flags disputes and records the review in the audit trail. Step two is approver: a senior finance secondary with the approval role tag signs off on payment. Invoices above a configurable threshold — typically $25k, $100k and $500k tiers — route additionally to the primary admin for final approval. The chain is deterministic; each step writes its own audit record with timestamps and approver identity.
Disputes open inside the same workflow. A reviewer who finds an incorrect charge clicks dispute, categorises the dispute (pricing, usage, credit-miss, tax), and attaches supporting documentation. The dispute pauses the payment approval for that line item and opens a case that the Verizon Business dispute team works inside the Net-30 window from invoice date. Resolution writes a credit to the master's ledger and closes the dispute case; the Billing Portal reference documents the dispute workflow in detail.
Audit Trail Retention and Streaming
Every action listed in the grid above writes to the audit trail. The trail is append-only; modifications are written as new records rather than edits to the original. Retention is seven years under the default regulated-industry policy. Sector-specific masters may contract for longer retention — federal accounts under the General Services Administration contract vehicle, healthcare accounts under HIPAA business-associate agreements. The trail structure is stable across the retention window so year-seven queries resolve the same way as day-one queries.
Streaming the audit trail to a SIEM is a master-settings toggle. The customer supplies a webhook URL, an authentication header and an optional filter expression. Admin actions push to the webhook in near-real-time as JSON events. The customer's security team correlates admin events with firewall, endpoint and identity telemetry to build a unified timeline. The security reference documents the event schema and the SIEM compatibility matrix.
Password Reset, MFA Factor Reset and Account Recovery
Password reset for a non-federated admin is a primary-driven or self-service operation. Self-service starts at the My Verizon Login sign-in page; the admin clicks forgot-password, receives a reset email, opens the 30-minute link and presents an MFA factor before the new password is accepted. Primary-driven reset starts at the master-settings module; the primary selects the secondary and clicks reset-password, which emails the secondary the same 30-minute link. Federated admins cannot reset their password here — they reset through their corporate identity provider.
MFA factor reset handles lost or damaged devices. The admin requests a factor reset through the sign-in page or the primary triggers it from master settings. The reset triggers an identity-verification call-back to the decision-maker phone number of record (for primaries) or a confirmation email round-trip (for secondaries). Account recovery in the catastrophic case — both primary and MFA device lost — opens a support case through help desk with documented identity-proofing requirements aligned to the FTC privacy-security guidance.