System Config Manager Parameters

1min

PARAMETER NAME
DESCRIPTION
PARAMETER VALUE EXAMPLES
RESTART REQUIRED
aioc.device.group.property.keys
This parameter is used to define the device group properties.
Default value is null.
Example values:
tag.Name,tag.Region,addDeviceSshKeyToUserSelection
NO
aioc.email.domains
Set this parameter with the related email domains. (More than one domain can be added with a comma (“,”). Ex: singleconnect.com, gmail.com)
gmail.com, singleconnect.com
NO
aioc.languages
This parameter sets the preferred languages as an option in GUI. More than one language preference can be added with a comma (“,”) separator.
en_US, ru_RU, ko_KR
NO
aioc.user.group.property.keys
This parameter defines the user group properties.
allowSftpInSshDevices
YES
mail.templates.dir
This parameter defines the default mail template directory.
Kron PAM sends emails to group admins to notify them of new user requests, password manager actions, command authorization requests etc. Kron PAM also sends password reset emails, and MFA activation token emails. In order to complete these actions, mail settings have to be configured on Kron PAM from the Mail Config screen in the System Config Manager menu.
${netright.home}/templates/mail
YES
netright.auth.ldap
This parameter enables or disables LDAP/AD authentication. 
false
YES
netright.auth.ldap.baseDN
This parameter defines the Base DN of LDAP. Base DN is the section of the directory where the application will commence searching for Users and Groups.
DC=example,DC=com
NO
netright.auth.ldap.principal
Security principal of context set from the expression defined as uid.
uid=?,DC=example,DC=com
NO
netright.auth.ldap.url
This parameter determines the Active Directory/LDAP hostname/ip address, port number, and LDAP/LDAPS protocol. If more than one URL is used, parameters should be separated by “,”. (e.g. ldap://10.10.10.10:389, ldaps://10.10.10.20:636)
﻿ldap://1.1.1.1:389﻿
NO
netright.auth.ldap.timeout
When an LDAP request is made by a client to a server and the server does not respond for some reason, the client waits until this timeout parameter. (e.g. default 1000 as ms)
1000(ms)
NO
netright.auth.ldap.socket.timeout
This parameter defines the response time by an LDAP server for requests after connecting LDAP.
e.g default 500 as ms)
5000(ms)
NO
sapm.show.password.expiration.time.values
This parameter defines the SAPM Account password reservation times. When a user makes a password reservation for a SAPM account, these time options are presented for the reservation time.
5m,30m,2h,24h
NO
user.mail.from
This parameter defines the sender email address for MFA.
﻿change_it@change_it.com﻿
YES
iga.2fa.token.timestep
These parameters are used to adjust MFA Offline/Online Settings.
﻿
YES
iga.2fa.sms.http.body
These parameters are used to adjust MFA Offline/Online Settings.
﻿
NO
iga.2fa.sms.http.headers
These parameters are used to adjust MFA Offline/Online Settings.
﻿
NO
iga.2fa.sms.http.secret.body
These parameters are used to adjust MFA Offline/Online Settings.
﻿
YES
iga.2fa.sms.http.url
These parameters are used to adjust MFA Offline/Online Settings.
﻿
NO
syslog.server.hostName
Kron PAM can send logs to SIEM systems. This parameter is used to set the SIEM Host IP address.
﻿
YES
syslog.server.port
This parameter is used to set the SIEM host port. The default value is "514".
514
YES
syslog.message.rfcFormat
RFC_5424 and RFC_3164 formats are supported in the SIEM configuration. This parameter determines the RFC format and must be set as one of these values.
RFC_5424,RFC_3164
YES
syslog.message.content.format
This parameter is used to determine content format.
KEY_VALUE, CEF
YES
syslog.connection.protocol
This parameter is used to determine the protocol used to send messages. Possible values are UDP or TCP.
UDP
YES
syslog.connector.sitename 
This parameter is used to define the Connector site name for sending logs to SIEM systems. 
E.g: Istanbul 


YES
aioc.device.available.interface.names
These parameters are used to define an interface name for devices that have the same IP address, so they can be properly identified during a connection.
E.g: interface_1, interface_2
YES
﻿

PARAMETER NAME	DESCRIPTION	PARAMETER VALUE EXAMPLES	RESTART REQUIRED
aioc.device.group.property.keys	This parameter is used to define the device group properties.	Default value is null. Example values: tag.Name,tag.Region,addDeviceSshKeyToUserSelection	NO
aioc.email.domains	Set this parameter with the related email domains. (More than one domain can be added with a comma (“,”). Ex: singleconnect.com, gmail.com)	gmail.com, singleconnect.com	NO
aioc.languages	This parameter sets the preferred languages as an option in GUI. More than one language preference can be added with a comma (“,”) separator.	en_US, ru_RU, ko_KR	NO
aioc.user.group.property.keys	This parameter defines the user group properties.	allowSftpInSshDevices	YES
mail.templates.dir	This parameter defines the default mail template directory. Kron PAM sends emails to group admins to notify them of new user requests, password manager actions, command authorization requests etc. Kron PAM also sends password reset emails, and MFA activation token emails. In order to complete these actions, mail settings have to be configured on Kron PAM from the Mail Config screen in the System Config Manager menu.	${netright.home}/templates/mail	YES
netright.auth.ldap	This parameter enables or disables LDAP/AD authentication.	false	YES
netright.auth.ldap.baseDN	This parameter defines the Base DN of LDAP. Base DN is the section of the directory where the application will commence searching for Users and Groups.	DC=example,DC=com	NO
netright.auth.ldap.principal	Security principal of context set from the expression defined as uid.	uid=?,DC=example,DC=com	NO
netright.auth.ldap.url	This parameter determines the Active Directory/LDAP hostname/ip address, port number, and LDAP/LDAPS protocol. If more than one URL is used, parameters should be separated by “,”. (e.g. ldap://10.10.10.10:389, ldaps://10.10.10.20:636)	ldap://1.1.1.1:389	NO
netright.auth.ldap.timeout	When an LDAP request is made by a client to a server and the server does not respond for some reason, the client waits until this timeout parameter. (e.g. default 1000 as ms)	1000(ms)	NO
netright.auth.ldap.socket.timeout	This parameter defines the response time by an LDAP server for requests after connecting LDAP. e.g default 500 as ms)	5000(ms)	NO
sapm.show.password.expiration.time.values	This parameter defines the SAPM Account password reservation times. When a user makes a password reservation for a SAPM account, these time options are presented for the reservation time.	5m,30m,2h,24h	NO
user.mail.from	This parameter defines the sender email address for MFA.	change_it@change_it.com	YES
iga.2fa.token.timestep	These parameters are used to adjust MFA Offline/Online Settings.		YES
iga.2fa.sms.http.body	These parameters are used to adjust MFA Offline/Online Settings.		NO
iga.2fa.sms.http.headers	These parameters are used to adjust MFA Offline/Online Settings.		NO
iga.2fa.sms.http.secret.body	These parameters are used to adjust MFA Offline/Online Settings.		YES
iga.2fa.sms.http.url	These parameters are used to adjust MFA Offline/Online Settings.		NO
syslog.server.hostName	Kron PAM can send logs to SIEM systems. This parameter is used to set the SIEM Host IP address.		YES
syslog.server.port	This parameter is used to set the SIEM host port. The default value is "514".	514	YES
syslog.message.rfcFormat	RFC_5424 and RFC_3164 formats are supported in the SIEM configuration. This parameter determines the RFC format and must be set as one of these values.	RFC_5424,RFC_3164	YES
syslog.message.content.format	This parameter is used to determine content format.	KEY_VALUE, CEF	YES
syslog.connection.protocol	This parameter is used to determine the protocol used to send messages. Possible values are UDP or TCP.	UDP	YES
syslog.connector.sitename	This parameter is used to define the Connector site name for sending logs to SIEM systems.	E.g: Istanbul	YES
aioc.device.available.interface.names	These parameters are used to define an interface name for devices that have the same IP address, so they can be properly identified during a connection.	E.g: interface_1, interface_2	YES

LDAP Management

DevOps Integration