The following parameters can be defined for User Groups.

Learn about the different parameters that can be customized for User Groups in this comprehensive document. Discover how you can manage admin rights, console access to AAA and TACACS+ devices, direct access through Kron PAM, availability of SFTP and SSH a

Editing User Groups

User Group Properties

Importing User Groups

Kron PAM Reference Guide

3.5.0 Kron PAM Web GUI

License Manager

Email Server Configuration

Mail Management

Language Settings

Menu Lists Management

System Configuration Parameters

Enabling Push Notifications for Mobile Application

Backup Manager

Enabling HTTPS on the Kron PAM Web GUI

802.1x Authentication

SAML Authentication

Hardware Security Module (HSM) Integration

Windows Authentication on the KronPAM GUI

Multitenancy

Kron PAM Administration

Manual User Creation

Kron PAM Users Search

User Definition Option Menu

Editing Kron PAM Users

User Properties Set up 

Temporary User

Local User Bulk Import

New User Request

Force New User to Change Password 

User Password Strength Settings 

User Password Hash Algorithm Settings

Notifying Inactive Users Before Lock

LDAP/Active Directory Integration

User Group Creation

Assigned Credentials

SSH Keys Manager

User Management

Element Type

Device Groups

Device Inventory

Device Management

Policy Key Definition

Policy Groups Definition

Policy Realm Definition

Policy Tracking

Policy Management

Managerial Approval for Connections 

Managerial Approval Reservation

Managerial Approval for Commands

Managerial Approval in Shared Account Password Manager (SAPM)

Approval Workflow

Approval Workflow SMS Settings

Approval Management

SSH Proxy

RDP Proxy

HTTP Proxy

Advanced Authorization Methods

Threat Analytics

Session Manager

Shared Accounts Password Management (SAPM)

Managing Application-to-Application Password Management (AAPM) Accounts

Password Vault

Sending MFA QR Code to Users

Creating a Connection Between Kron PAM and the Kron PAM Mobile Application

Enabling Multi Factor Authentication (MFA)

Using MFA to Log in to the Kron PAM Web GUI

Using MFA to Log in to the Kron PAM Desktop Client

Using MFA for SSH Connections

Using MFA for RDP Connections

Using MFA for SSH Proxy

Using MFA for HTTP/HTTPS Proxy

Using MFA for SFTP Proxy

Using MFA for TACACS+ Manager

Using MFA for Radius

Using MFA for Mobile Application

Offline Mode Settings

Using SMS for MFA

Using Email for MFA

Using Hardware Tokens for MFA

Using Authentication Key (FIDO Key) for MFA

Using Keystroke to User Behavior Analytics

MFA Configurations for VPN Services

External MFA Providers

Multi-Factor Authentication

Basic Configurations for TACACS+ Devices

MSCHAPv2 RADIUS Configuration

TACACS+ Management Configuration Page 

TACACS+ Access Manager

SQL Proxy

Sensitive Data Discovery

SFTP Proxy

Data Access Manager

Importing Devices from Amazon Web Services

Importing Devices from Microsoft Azure

Importing Devices from the Google Cloud Platform

Cloud PAM

Cloud Infrastructure Entitlement Management (CIEM)

Kron PAM Logs

Active Sessions and Dual Control

System Log Viewer

Viewing Logs in Different Time Formats

Log Backup Management and Archiving

SIEM Configuration

Reports

Dashboard

Tamper Proof Logging

Kron PAM Reporting and Logging Functions

Adding New Command Templates

Executing a Command Template

Adding a New Script

Running a Script

Creating a Workflow

Running a Workflow

Workflow History Logs

Privileged Task Automation Manager

Monitoring

Alarms

Alarm Configuration

Monitoring & Alarms

Watchdog Configuration 

Watchdog Mechanism

High Availability

Failover Scenario

Visualizing Reports and User Rights

Creating Charts for Reporting

Creating Dashboards

Report Email Scheduling

Dynamic Reports

Reporting

Logical Architecture

Tenant Management Requirements 

Tenant Management Interface

Administration by Tenant Admins

System Config Manager Parameters

DevOps Integration

Kron PAM Remote Access Portal

Secure Remote Access Connector

Remote Access Configuration in Kron PAM

Kron PAM Remote Access

APPENDIX 1: System Config Manager Parameters

APPENDIX 2: Job Descriptions for Job Scheduler

Reference Guide 

Parameter	Definition
adminGroup	If set as true, all users belonging to the user group have admin rights.
allowConsoleAccess	If set as true, console access to AAA and TACACS+ devices is enabled for the user group.
allowDirectAccess	If set as true, direct access to AAA and TACACS+ devices through Kron PAM is enabled for the user group.
allowSftpInSshDevices	If set as true, both SFTP and SSH access are available in devices that have SSH access protocol for the user group. The default value is false.
approvalRequiredForConnection	If set as true, managerial approval applies for SSH/RDP/SFTP connections for all users belonging to that user group. The Group Manager needs to approve for other users to establish SSH/RDP/SFTP connections.
autonomousGroup	If set as true, this group’s users may be excluded in RADIUS logs in order to avoid creating a log flood. These users’ passwords never expire.
externalDirectorySources	This value is pulled from the sc.integration.ldap.source.name_n parameter defined in the System Config Man. It specifies which LDAP source the user group belongs to.
passwordTtlMonths	Defines the maximum time allowed for the use of passwords for users in the configured user group. When the users' passwords reach their TTL, they are forced to change it the next time they log in.
sc.command.log.disabled	Enable/Disable viewing command logs for users who are able to view session logs. The default value is false. If set as true, the users in the related user group are unable to view command logs.
sc.keylog.log.disabled	Enable/Disable viewing of key logs generated during RDP sessions. The default value is false. If set as true, the users in the related user group are unable to view key logs.
sc.ocr.log.disabled	Enable/Disable viewing OCR logs generated during RDP sessions. The default value is false. If set as true, the users in the related user group are unable to view OCR logs.
sc.session.video.record.disabled	Enable/Disable viewing session video records for users who are able to see session logs. The default value is false. If the parameter is set as true, the users in the related user group are unable to view session video records.