netwrix · corbin-anderson-netwrix · Jul 16, 2025 · Jul 15, 2025 · Jul 16, 2025 · Jul 16, 2025
@@ -23,8 +23,11 @@ The Entitlements table has the following features:
         - Approved – Existing access is approved
         - Denied – Access is removed for that specific user/resource/permission
 
-            **NOTE:** The user is not removed from the access policy. Instead, a ‘deny flag’ is set
+            :::note
+            The user is not removed from the access policy. Instead, a ‘deny flag’ is set
             against that attribute so that it can be re-enabled in the future.
+            :::
+
 
     - User Name – Displays the name of the account
     - Resource – Name of the resource
@@ -69,8 +72,11 @@ The Review Activity Details window has the following features:
         - Approved – Existing access is approved
         - Denied – Access is removed for that specific user/resource/permission
 
-            **NOTE:** The user is not removed from the access policy. Instead, a ‘deny flag’ is set
+            :::note
+            The user is not removed from the access policy. Instead, a ‘deny flag’ is set
             against that attribute so that it can be re-enabled in the future.
+            :::
+
 
     - Name – Displays the name of the account
     - Resource – Name of the resource
@@ -86,18 +92,27 @@ The Review Activity Details window has the following features:
 
 **Step 5 –** To remove access, select the applicable row(s) and click Deny.
 
-**NOTE:** The user is not removed from the access policy. Instead, a ‘deny flag’ is set against that
+:::note
+The user is not removed from the access policy. Instead, a ‘deny flag’ is set against that
 attribute so that it can be re-enabled in the future.
+:::
+
 
 **Step 6 –** When the entitlements have been reviewed, click Close. Changes are saved to the
 selected access certification task and shown on the Entitlements Tab for Access Certification.
 
-**NOTE:** It is not necessary to review all entitlements at once. Changes are automatically saved to
+:::note
+It is not necessary to review all entitlements at once. Changes are automatically saved to
 the selected access certification task and can be returned to at any time (the Status will show as
 Incomplete).
+:::
 
-**CAUTION:** Committed changes cannot be undone. A new access certification task must be created.
+
+:::warning
+Committed changes cannot be undone. A new access certification task must be created.
 Alternatively, it is possible to manually reassign users to an access policy.
+:::
+
 
 **Step 7 –** When all entitlements have been reviewed, the Commit button is enabled. Click Commit to
 save the changes to user access.

@@ -31,7 +31,10 @@ The Users table has the following features:
 
 Follow the steps to add users and groups to the access certification task.
 
-**NOTE:** It is not possible to add or remove users after they have been added.
+:::note
+It is not possible to add or remove users after they have been added.
+:::
+
 
 **Step 1 –** Navigate to the Audit and Reporting > Access Certification page.
 
@@ -64,16 +67,22 @@ Users/Groups table and it is immediately moved to the Users & Groups to Add tabl
 **Step 6 –** (Optional) Click a row in the Users & Groups to Add table to move it back to the
 Available Users/Groups table.
 
-**CAUTION:** It is not possible to add or remove users after they have been added to the access
+:::warning
+It is not possible to add or remove users after they have been added to the access
 certification task.
+:::
+
 
 **Step 7 –** Click Add to add the user(s) and group(s) to the access certification task.
 
 The new user(s) and group(s) are added to the certification task and are shown on the Users Tab for
 Access Certification.
 
-**NOTE:** Only the assigned reviewer can interact with the entitlements once the access
+:::note
+Only the assigned reviewer can interact with the entitlements once the access
 certification task is created.
+:::
+
 
 The reviewer can now log in to see the access certification task(s) assigned to them and begin the
 review process. See the [Entitlements Tab for Access Certification](/docs/privilegesecure/4.2/admin/AuditReporting/accesscertification/entitlements.md) topic for

@@ -32,8 +32,11 @@ The right of the page shows details of the selected service and has the followin
 
     - Verbose – Extremely detailed logging
 
-        **NOTE:** There are not many Verbose log messages in Privilege Secure so the difference
+        :::note
+        There are not many Verbose log messages in Privilege Secure so the difference
         between Verbose and Debug is minimal.
+        :::
+
 
     - Debug – More information for detailed analysis of system behavior. Customer support may ask
       for logs with this log level enabled for troubleshooting purposes

@@ -28,20 +28,20 @@ report name. The report tree will then be filtered down to the matching reports.
 
 The Reports tree contains the following folders.
 
-Favorites Folder
+**Favorites Folder**
 
 This folder in the report tree contains reports that have been marked with a star for easy access.
 Clicking the star on a favorite report will remove it from the Favorites folder.
 
-Predefined Reports
+**Predefined Reports**
 
 This folder contains predefined reports covering common reporting uses cases. Included are:
 
 - Account Password Age
 - All Activity Sessions
 - Password Rotations
 
-Predefined Platform-Based Reports
+**Predefined Platform-Based Reports**
 
 This folder contains predefined reports that are filtered to specific platforms. Included are:
 
@@ -54,7 +54,7 @@ This folder contains predefined reports that are filtered to specific platforms.
 - All Website Sessions
 - All Windows Sessions
 
-My Reports
+**My Reports**
 
 This folder contains all reports created using the “+” icon next to the Search Reports field or
 created by modifying and saving an existing predefined or platform based report.
@@ -90,7 +90,7 @@ The Filters tab has the following configuration options:
 
 The Source drop-down list contains the following data sources for reports.
 
-Activity Sessions
+**Activity Sessions**
 
 This data source contains activity session information, and allows the report to be filtered on the
 following attributes for a given activity session:
@@ -102,7 +102,7 @@ following attributes for a given activity session:
 - Target Host
 - User
 
-Resource Sync
+**Resource Sync**
 
 This data source contains resource sync information, and allows the report to be filtered on the
 following attributes for a given synced resource:
@@ -112,7 +112,7 @@ following attributes for a given synced resource:
 - IP Address
 - Operating System
 
-Password Rotation
+**Password Rotation**
 
 This data source contains password rotation information, and allows the report to be filtered on the
 following attributes for a given password rotation event:
@@ -122,7 +122,7 @@ following attributes for a given password rotation event:
 - Change Reason
 - User
 
-Password Age
+**Password Age**
 
 This data source contains password age information, and allows the report to be filtered on the
 following attributes for a given user account:
@@ -133,8 +133,11 @@ following attributes for a given user account:
 - Name
 - Privilege
 
-**NOTE:** The Subscriptions tab will not be enabled until saving the report. See the Subscriptions
+:::note
+The Subscriptions tab will not be enabled until saving the report. See the Subscriptions
 Tab topic for additional information.
+:::
+
 
 ## Customize an Existing Report
 
@@ -156,7 +159,7 @@ The Filters tab has the following configuration options:
   "All Linux Sessions-24-05-07-164307".
 - Save – Saves any modifications to the report. If this is a predefined or platform based report, it
   will save as a new report under My Reports
-- Delete **(available for custom reports only)** – Deletes the custom report
+- Delete (available for custom reports only) – Deletes the custom report
 - Source Drop-down List – Contains data sources that allow the report to look at different data sets
   related to Privilege Secure administration. See the Data Sources topic for additional information.
 - Timeframe Drop-down List – Contains several predefined timeframes, ranging from “Last Hour” to

@@ -20,8 +20,11 @@ Follow the steps to add an authentication connector to the console.
 - Connector Description (Optional) – Enter a brief description to identify the service account
 - Connection Type – Indicates the type of authentication
 
-**NOTE:** Once the Connection Type is selected, additional fields become available. The available
+:::note
+Once the Connection Type is selected, additional fields become available. The available
 fields will change depending on the selection.
+:::
+
 
 **Step 4 –** Enter the information from the applicable authentication connector provider. See the
 [Authentication Page](/docs/privilegesecure/4.2/admin/configuration/authentication/authentication.md) section for detailed descriptions of the fields.

@@ -15,8 +15,11 @@ The following sections provide configuration information to use OpenID with an O
 In order to use the OpenID login functionality with Privilege Secure an Okta user must match a user
 in an AD domain that Privilege Secure is aware of.
 
-**NOTE:** The user will also need to be given access to Privilege Secure by assigning them a role
+:::note
+The user will also need to be given access to Privilege Secure by assigning them a role
 from the Config->Role Management screen.
+:::
+
 
 To create a new user click the Directory menu item and select People from the drop-down. You should
 see this screen.
@@ -39,8 +42,11 @@ Username will be matched against – under the Login Format dropdown:
 - User Principal Name
 - Email Address
 
-**NOTE:** Okta doesn’t allow sAMAccountName to be used as the Username so we can’t use that one
+:::note
+Okta doesn’t allow sAMAccountName to be used as the Username so we can’t use that one
 here.
+:::
+
 
 Users in sbpam.local are all set up with both UPN and Email Address – but they’re not the same.
 

@@ -45,17 +45,22 @@ Follow the steps to verify the OpenID Connect configuration:
 
     [protocol]//[hostname]:[port]
 
-**CAUTION:** In the next step, verify that the Sign In page displays as expected, but do NOT sign in
+:::warning
+In the next step, verify that the Sign In page displays as expected, but do NOT sign in
 at this step.
+:::
+
 
 **Step 4 –** Click Test Connection to verify the connection configuration. This opens the Sign In
 page in the browser. Do NOT sign in.
 
 - If the Sign In page does not display as expected, review the values configured for the OpenID
   Connect connector and modify them where needed. Then, verify the Sign In page again.
-- **NOTE:** When configuring OpenID Connect for Okta, it may be necessary to ensure that the Grant
+:::note
+ When configuring OpenID Connect for Okta, it may be necessary to ensure that the Grant
   type in Okta is set to Implicit (hybrid) and the sub-settings Allow ID Token with implicit grant
   type and Allow Access Token with implicit grant type are both enabled.
+  :::
 
 **Step 5 –** Click the browser’s back arrow to return to the Configure Client wizard page.
 
@@ -110,9 +115,12 @@ from the provider and will vary:
   the previous step. This represents the format of the value that will be used to sign in to the MFA
   during log in.
 
-    **NOTE:** These are not the credentials that will be used during the login process; only an
+    :::note
+    These are not the credentials that will be used during the login process; only an
     example of the format of those credentials. The actual credentials used are unique to each user
     and are setup during the MFA registration process for that user.
+    :::
+
 
 **Step 11 –** Select a field to use for the User Id Field and click Select.
 

@@ -19,7 +19,7 @@ It contains four pages:
 - Configure Id Mapping
 - Test Logout
 
-## Configure OpenID Connect Authentication Connector
+## Configure SAML Authentication Connector
 
 Follow the steps to verify the SAML configuration:
 
@@ -45,8 +45,11 @@ Follow the steps to verify the SAML configuration:
 
     [protocol]//[hostname]:[port]
 
-**CAUTION:** In the next step, verify that the Sign In page displays as expected, but do NOT sign in
+:::warning
+In the next step, verify that the Sign In page displays as expected, but do NOT sign in
 at this step.
+:::
+
 
 **Step 4 –** Click Test Connection to verify the connection configuration. This opens the Sign In
 page in the browser. Do NOT sign in.
@@ -104,9 +107,12 @@ from the provider and will vary:
   the previous step. This represents the format of the value that will be used to sign in to the MFA
   during log in.
 
-    **NOTE:** These are not the credentials that will be used during the login process; only an
+    :::note
+    These are not the credentials that will be used during the login process; only an
     example of the format of those credentials. The actual credentials used are unique to each user
     and are setup during the MFA registration process for that user.
+    :::
+
 
 **Step 11 –** Select a field to use for the User Id Field and click Select.
 

@@ -39,8 +39,11 @@ Select Tables and click Add to open the Select Database Objects window.
     - SA_ADInventory_ComputersView
     - SA ADInventory_UsersView
 
-    **NOTE:** Type in the Filter Objects by Name box to filter the list of objects by the characters
+    :::note
+    Type in the Filter Objects by Name box to filter the list of objects by the characters
     entered.
+    :::
+
 
 **Step 5 –** Click OK to return to the Application Access page.
 
@@ -61,7 +64,10 @@ app token:
 
 **Step 8 –** Click Finish to close the wizard and click Save in the Access view accept the changes.
 
-**NOTE:** Access Analyzer must be restarted after a new access role is configured.
+:::note
+Access Analyzer must be restarted after a new access role is configured.
+:::
+
 
 The next step is to use the Client ID and Client Secret to obtain an access token. This token is
 used to get data from the Access Analyzer endpoint.