System Config Manager Parameters for Multitenancy

PARAMETER NAME
DESCRIPTION
PARAMETER VALUE EXAMPLES
RESTART REQUIRED
aioc.device.group.property.keys
This parameter is used to define the device group properties.
Default value is null.
Example values:
tag.Name,tag.Region,addDeviceSshKeyToUserSelection
NO
aioc.email.domains
Set this parameter with the related email domains. (More than one domain can be added with a comma (“,”). Ex: singleconnect.com, gmail.com)
gmail.com, singleconnect.com
NO
aioc.languages
This parameter sets the preferred languages as an option in GUI. More than one language preference can be added with a comma (“,”) separator.
en_US, ru_RU, ko_KR
NO
aioc.push.notification.message.body.template.command.expire
The body of the expire message to be sent to the approver after a command approval workflow step expires.
Text
NO
aioc.push.notification.message.body.template.connection.expire
The body of the expire message to be sent to the approver after a connection approval workflow step expires.
Text
NO
aioc.push.notification.message.body.template.command.expire.request.owner
The body of the expire message to be sent to the request owner after a command approval workflow step expires.
Text
NO
aioc.push.notification.message.body.template.connection.expire.request.owner
The body of the expire message to be sent to the request owner after a connection approval workflow step expires.
Text
NO
aioc.push.notification.message.title.template.command.expire
The title of the expire message to be sent to the approver after a command approval workflow step expires.
Text
NO
aioc.push.notification.message.title.template.connection.expire
The title of the expire message to be sent to the approver after a connection approval workflow step expires.
Text
NO
aioc.push.notification.message.title.template.command.expire.request.owner
The title of the expire message to be sent to the request owner after a command approval workflow step expires.
Text
NO
aioc.push.notification.message.title.template.connection.expire.request.owner
The title of the expire message to be sent to the request owner after a connection approval workflow step expires.
Text
NO
aioc.user.group.property.keys
This parameter defines the user group properties.
allowSftpInSshDevices
YES
approval.sms.http.delimiter
The delimiter for the HTTP Approval SMS
﻿
NO
approval.sms.http.encoding
The HTTP Encoding method for the Approval SMS
﻿
NO
approval.sms.http.headers
The HTTP Headers for the Approval SMS.
﻿
NO
approval.sms.http.method
The HTTP method for the Approval SMS.
﻿
NO
approval.sms.http.url
The HTTP URL for the Approval SMS.
﻿
NO
command.expired.sms.http.body
The body text for the Command Request Expired message to be sent to approver (HTTP)
Text
NO
command.expired.sms.http.body.request.owner
The body text for the Command Request Expired message to be sent to request owner (HTTP)
Text
NO
command.expired.sms.smpp.body
The body text for the Command Request Expired message to be sent to approver (SMPP)
Text
NO
command.expired.sms.smpp.body
The body text for the Command Request Expired message to be sent to request owner (SMPP)
Text
NO
connection.expired.sms.http.body
The body text for the Connection Request Expired message to be sent to approver (HTTP)
Text
NO
connection.expired.sms.http.body.request.owner
The body text for the Connection Request Expired message to be sent to request owner (HTTP)
Text
NO
connection.expired.sms.smpp.body
The body text for the Connection Request Expired message to be sent to approver (SMPP)
Text
NO
connection.expired.sms.smpp.body
The body text for the Connection Request Expired message to be sent to request owner (SMPP)
Text
NO
mail.templates.dir
This parameter defines the default mail template directory.
Kron PAM sends emails to group admins to notify them of new user requests, password manager actions, command authorization requests etc. Kron PAM also sends password reset emails, and MFA activation token emails. In order to complete these actions, mail settings have to be configured on Kron PAM from the Mail Config screen in the System Config Manager menu
${netright.home}/templates/mail
YES
netright.auth.ldap
This parameter enables or disables LDAP/AD authentication. 
false
YES
netright.auth.ldap.baseDN
This parameter defines the Base DN of LDAP. Base DN is the section of the directory where the application will commence searching for Users and Groups.
DC=example,DC=com
NO
netright.auth.ldap.principal
Security principal of context set from the expression defined as uid.
uid=?,DC=example,DC=com
NO
netright.auth.ldap.url
This parameter determines the Active Directory/LDAP hostname/ip address, port number, and LDAP/LDAPS protocol. If more than one URL is used, parameters should be separated by “,”. (e.g. ldap://10.10.10.10:389, ldaps://10.10.10.20:636)
ldap://1.1.1.1:389
NO
sapm.show.password.expiration.time.values
This parameter defines the SAPM Account password reservation times. When a user makes a password reservation for a SAPM account, these time options are presented for the reservation time.
5m,30m,2h,24h
NO
user.mail.from
This parameter defines the sender email address for MFA.
change_it@change_it.com
YES
﻿
These parameters are used to adjust MFA Offline/Online Settings.
 
﻿
iga.2fa.token.timestep
 
YES
iga.2fa.sms.http.body
 
NO
iga.2fa.sms.http.headers
 
NO
iga.2fa.sms.http.secret.body
 
YES
iga.2fa.sms.http.url
 
NO
syslog.server.hostName
Kron PAM can send logs to SIEM systems. This parameter is used to set the SIEM Host IP address.
 
YES
syslog.server.port
This parameter is used to set the SIEM host port. The default value is "514".
514
YES
syslog.message.rfcFormat
RFC_5424 and RFC_3164 formats are supported in the SIEM configuration. This parameter determines the RFC format and must be set as one of these values.
RFC_5424,RFC_3164
YES
syslog.message.content.format
This parameter is used to determine content format.
KEY_VALUE, CEF
YES
syslog.connection.protocol
This parameter is used to determine the protocol used to send messages. Possible values are UDP or TCP.
UDP
YES
syslog.connector.sitename
This parameter is used to define the Connector site name for sending logs to SIEM systems.
E.g: Istanbul
YES
aioc.device.available.interface.names
These parameters are used to define an interface name for devices that have the same IP address, so they can be properly identified during a connection.
E.g: interface_1, interface_2
YES
﻿

PARAMETER NAME	DESCRIPTION	PARAMETER VALUE EXAMPLES	RESTART REQUIRED
aioc.device.group.property.keys	This parameter is used to define the device group properties.	Default value is null. Example values: tag.Name,tag.Region,addDeviceSshKeyToUserSelection	NO
aioc.email.domains	Set this parameter with the related email domains. (More than one domain can be added with a comma (“,”). Ex: singleconnect.com, gmail.com)	gmail.com, singleconnect.com	NO
aioc.languages	This parameter sets the preferred languages as an option in GUI. More than one language preference can be added with a comma (“,”) separator.	en_US, ru_RU, ko_KR	NO
aioc.push.notification.message.body.template.command.expire	The body of the expire message to be sent to the approver after a command approval workflow step expires.	Text	NO
aioc.push.notification.message.body.template.connection.expire	The body of the expire message to be sent to the approver after a connection approval workflow step expires.	Text	NO
aioc.push.notification.message.body.template.command.expire.request.owner	The body of the expire message to be sent to the request owner after a command approval workflow step expires.	Text	NO
aioc.push.notification.message.body.template.connection.expire.request.owner	The body of the expire message to be sent to the request owner after a connection approval workflow step expires.	Text	NO
aioc.push.notification.message.title.template.command.expire	The title of the expire message to be sent to the approver after a command approval workflow step expires.	Text	NO
aioc.push.notification.message.title.template.connection.expire	The title of the expire message to be sent to the approver after a connection approval workflow step expires.	Text	NO
aioc.push.notification.message.title.template.command.expire.request.owner	The title of the expire message to be sent to the request owner after a command approval workflow step expires.	Text	NO
aioc.push.notification.message.title.template.connection.expire.request.owner	The title of the expire message to be sent to the request owner after a connection approval workflow step expires.	Text	NO
aioc.user.group.property.keys	This parameter defines the user group properties.	allowSftpInSshDevices	YES
approval.sms.http.delimiter	The delimiter for the HTTP Approval SMS		NO
approval.sms.http.encoding	The HTTP Encoding method for the Approval SMS		NO
approval.sms.http.headers	The HTTP Headers for the Approval SMS.		NO
approval.sms.http.method	The HTTP method for the Approval SMS.		NO
approval.sms.http.url	The HTTP URL for the Approval SMS.		NO
command.expired.sms.http.body	The body text for the Command Request Expired message to be sent to approver (HTTP)	Text	NO
command.expired.sms.http.body.request.owner	The body text for the Command Request Expired message to be sent to request owner (HTTP)	Text	NO
command.expired.sms.smpp.body	The body text for the Command Request Expired message to be sent to approver (SMPP)	Text	NO
command.expired.sms.smpp.body	The body text for the Command Request Expired message to be sent to request owner (SMPP)	Text	NO
connection.expired.sms.http.body	The body text for the Connection Request Expired message to be sent to approver (HTTP)	Text	NO
connection.expired.sms.http.body.request.owner	The body text for the Connection Request Expired message to be sent to request owner (HTTP)	Text	NO
connection.expired.sms.smpp.body	The body text for the Connection Request Expired message to be sent to approver (SMPP)	Text	NO
connection.expired.sms.smpp.body	The body text for the Connection Request Expired message to be sent to request owner (SMPP)	Text	NO
mail.templates.dir	This parameter defines the default mail template directory. Kron PAM sends emails to group admins to notify them of new user requests, password manager actions, command authorization requests etc. Kron PAM also sends password reset emails, and MFA activation token emails. In order to complete these actions, mail settings have to be configured on Kron PAM from the Mail Config screen in the System Config Manager menu	${netright.home}/templates/mail	YES
netright.auth.ldap	This parameter enables or disables LDAP/AD authentication.	false	YES
netright.auth.ldap.baseDN	This parameter defines the Base DN of LDAP. Base DN is the section of the directory where the application will commence searching for Users and Groups.	DC=example,DC=com	NO
netright.auth.ldap.principal	Security principal of context set from the expression defined as uid.	uid=?,DC=example,DC=com	NO
netright.auth.ldap.url	This parameter determines the Active Directory/LDAP hostname/ip address, port number, and LDAP/LDAPS protocol. If more than one URL is used, parameters should be separated by “,”. (e.g. ldap://10.10.10.10:389, ldaps://10.10.10.20:636)	ldap://1.1.1.1:389	NO
sapm.show.password.expiration.time.values	This parameter defines the SAPM Account password reservation times. When a user makes a password reservation for a SAPM account, these time options are presented for the reservation time.	5m,30m,2h,24h	NO
user.mail.from	This parameter defines the sender email address for MFA.	change_it@change_it.com	YES
	These parameters are used to adjust MFA Offline/Online Settings.
iga.2fa.token.timestep		YES
iga.2fa.sms.http.body		NO
iga.2fa.sms.http.headers		NO
iga.2fa.sms.http.secret.body		YES
iga.2fa.sms.http.url		NO
syslog.server.hostName	Kron PAM can send logs to SIEM systems. This parameter is used to set the SIEM Host IP address.		YES
syslog.server.port	This parameter is used to set the SIEM host port. The default value is "514".	514	YES
syslog.message.rfcFormat	RFC_5424 and RFC_3164 formats are supported in the SIEM configuration. This parameter determines the RFC format and must be set as one of these values.	RFC_5424,RFC_3164	YES
syslog.message.content.format	This parameter is used to determine content format.	KEY_VALUE, CEF	YES
syslog.connection.protocol	This parameter is used to determine the protocol used to send messages. Possible values are UDP or TCP.	UDP	YES
syslog.connector.sitename	This parameter is used to define the Connector site name for sending logs to SIEM systems.	E.g: Istanbul	YES
aioc.device.available.interface.names	These parameters are used to define an interface name for devices that have the same IP address, so they can be properly identified during a connection.	E.g: interface_1, interface_2	YES

LDAP Management

DevOps Integration