Reference Guide
Multitenancy
System Config Manager Parameters for Multitenancy
parameter name description parameter value examples restart required aioc device group property keys this parameter is used to define the device group properties default value is null example values tag name,tag region,adddevicesshkeytouserselection no aioc email domains set this parameter with the related email domains (more than one domain can be added with a comma (“,”) ex singleconnect com, gmail com) gmail com, singleconnect com no aioc languages this parameter sets the preferred languages as an option in gui more than one language preference can be added with a comma (“,”) separator en us, ru ru, ko kr no aioc push notification message body template command expire the body of the expire message to be sent to the approver after a command approval workflow step expires text no aioc push notification message body template connection expire the body of the expire message to be sent to the approver after a connection approval workflow step expires text no aioc push notification message body template command expire request owner the body of the expire message to be sent to the request owner after a command approval workflow step expires text no aioc push notification message body template connection expire request owner the body of the expire message to be sent to the request owner after a connection approval workflow step expires text no aioc push notification message title template command expire the title of the expire message to be sent to the approver after a command approval workflow step expires text no aioc push notification message title template connection expire the title of the expire message to be sent to the approver after a connection approval workflow step expires text no aioc push notification message title template command expire request owner the title of the expire message to be sent to the request owner after a command approval workflow step expires text no aioc push notification message title template connection expire request owner the title of the expire message to be sent to the request owner after a connection approval workflow step expires text no aioc user group property keys this parameter defines the user group properties allowsftpinsshdevices yes approval sms http delimiter the delimiter for the http approval sms no approval sms http encoding the http encoding method for the approval sms no approval sms http headers the http headers for the approval sms no approval sms http method the http method for the approval sms no approval sms http url the http url for the approval sms no command expired sms http body the body text for the command request expired message to be sent to approver (http) text no command expired sms http body request owner the body text for the command request expired message to be sent to request owner (http) text no command expired sms smpp body the body text for the command request expired message to be sent to approver (smpp) text no command expired sms smpp body the body text for the command request expired message to be sent to request owner (smpp) text no connection expired sms http body the body text for the connection request expired message to be sent to approver (http) text no connection expired sms http body request owner the body text for the connection request expired message to be sent to request owner (http) text no connection expired sms smpp body the body text for the connection request expired message to be sent to approver (smpp) text no connection expired sms smpp body the body text for the connection request expired message to be sent to request owner (smpp) text no mail templates dir this parameter defines the default mail template directory kron pam sends emails to group admins to notify them of new user requests, password manager actions, command authorization requests etc kron pam also sends password reset emails, and mfa activation token emails in order to complete these actions, mail settings have to be configured on kron pam from the mail config screen in the system config manager menu ${netright home}/templates/mail yes netright auth ldap this parameter enables or disables ldap/ad authentication false yes netright auth ldap basedn this parameter defines the base dn of ldap base dn is the section of the directory where the application will commence searching for users and groups dc=example,dc=com no netright auth ldap principal security principal of context set from the expression defined as uid uid=?,dc=example,dc=com no netright auth ldap url this parameter determines the active directory/ldap hostname/ip address, port number, and ldap/ldaps protocol if more than one url is used, parameters should be separated by “,” (e g ldap\ //10 10 10 10 389, ldaps\ //10 10 10 20 636) ldap\ //1 1 1 1 389 no sapm show\ password expiration time values this parameter defines the sapm account password reservation times when a user makes a password reservation for a sapm account, these time options are presented for the reservation time 5m,30m,2h,24h no user mail from this parameter defines the sender email address for mfa change it\@change it com yes these parameters are used to adjust mfa offline/online settings iga 2fa token timestep yes iga 2fa sms http body no iga 2fa sms http headers no iga 2fa sms http secret body yes iga 2fa sms http url no syslog server hostname kron pam can send logs to siem systems this parameter is used to set the siem host ip address yes syslog server port this parameter is used to set the siem host port the default value is "514" 514 yes syslog message rfcformat rfc 5424 and rfc 3164 formats are supported in the siem configuration this parameter determines the rfc format and must be set as one of these values rfc 5424,rfc 3164 yes syslog message content format this parameter is used to determine content format key value, cef yes syslog connection protocol this parameter is used to determine the protocol used to send messages possible values are udp or tcp udp yes syslog connector sitename this parameter is used to define the connector site name for sending logs to siem systems e g istanbul yes aioc device available interface names these parameters are used to define an interface name for devices that have the same ip address, so they can be properly identified during a connection e g interface 1, interface 2 yes